[Forgot Password]
Login  Register Subscribe

23631

 
 

126941

 
 

98503

 
 

909

 
 

79321

 
 

109

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:29215
This policy setting removes the Work offline command from Explorer, preventing users from manually changing whether Offline Files is in online mode or offline mode.If you enable this policy setting, the Work offline command is not displayed in Windows Explorer.If you disable or do not configure this ...

oval:org.secpod.oval:def:29216
Checks for new signatures before running scheduled scans.If you enable this policy setting, the scheduled scan checks for new signatures before it scans the computer.If you disable or do not configure this policy setting, the scheduled scan begins without downloading new signatures.

oval:org.secpod.oval:def:29213
Determines whether offline files are fully synchronized when users log on.This setting also disables the Synchronize all offline files before logging on option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.If you enable this setting, offli ...

oval:org.secpod.oval:def:29214
This policy setting removes the Work offline command from Explorer, preventing users from manually changing whether Offline Files is in online mode or offline mode.If you enable this policy setting, the Work offline command is not displayed in Windows Explorer.If you disable or do not configure this ...

oval:org.secpod.oval:def:29219
This policy setting controls whether the LPRemove task will run to clean up language packs installed on a machine but are not used by any users on that machine. If you enable this policy setting, language packs that are installed as part of the system image will remain installed even if the ...

oval:org.secpod.oval:def:29217
This policy setting allows you to configure Window Scaling Heuristics. Window Scaling Heuristics is an algorithm to identify connectivity and throughput problems caused by many Firewalls and other middle boxes that dont interpret Window Scaling option correctly.If you do not configure this policy se ...

oval:org.secpod.oval:def:29211
This policy setting allows you to minimize the risk involved when a packaged app launches the default app for a protocol. Because desktop apps run at a higher integrity level than packaged apps, there is a risk that a protocol launched by a packaged app could compromise the system by launching a des ...

oval:org.secpod.oval:def:29212
This policy setting determines whether Windows Error Reporting (WER) sends additional, second-level report data even if a CAB file containing data about the same event types has already been uploaded to the server.If you enable this policy setting, WER does not throttle data; that is, WER uploads ad ...

oval:org.secpod.oval:def:29210
This policy prevents the user from customizing their locale by changing their user overrides.Any existing overrides in place when this policy is enabled will be frozen. To remove existing user overrides, first reset the user(s) values to the defaults and then apply this policy.When this policy is en ...

oval:org.secpod.oval:def:29204
Delete notification is a feature that notifies the underlying storage device of clusters that are freed due to a file delete operation.A value of 0, the default, will enable delete notifications for all volumes. A value of 1 will disable delete notifications for all volumes.

oval:org.secpod.oval:def:29205
Disables the remote desktop sharing feature of NetMeeting. Users will not be able to set it up or use it for controlling their computers remotely.

oval:org.secpod.oval:def:29202
This policy setting determines whether the Program Compatibility Assistant (PCA) will diagnose failures with application installers that are not detected to run as administrator. If you enable this policy setting, the PCA is configured to detect application installers which do not have privileges to ...

oval:org.secpod.oval:def:29203
Determines the data retention limit for Diagnostic Policy Service (DPS) scenario data.If you enable this policy setting, you must enter the maximum size of scenario data that should be retained in megabytes. Detailed troubleshooting data related to scenarios will be retained until this limit is rea ...

oval:org.secpod.oval:def:29208
This policy setting allows you to manage whether backups of a machine can run to a network share or not.If you enable this policy setting, machine administrator\/backup operator cannot use Windows Server Backup to run backups to a network share.If you disable or do not configure this policy setting, ...

oval:org.secpod.oval:def:29209
This policy setting allows you to manage whether run-once backups of a machine can be run or not.If you enable this policy setting, machine administrator\/backup operator cannot use Windows Server Backup to run non-scheduled run-once backups.If you disable or do not configure this policy setting, th ...

oval:org.secpod.oval:def:29206
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service will not accept Kerberos credentials over the network.If you enable this policy setting, the WinRM service will not accept Kerberos credentials over the network.If you disable or do not configure this poli ...

oval:org.secpod.oval:def:29207
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service will not accept Negotiate authentication from a remote client.If you enable this policy setting, the WinRM service will not accept Negotiate authentication from a remote client.If you disable or do not con ...

oval:org.secpod.oval:def:29200
This policy setting applies to applications using the Cred SSP component (for example: Terminal Server).If you enable this policy setting you can specify the servers to which the users saved credentials can NOT be delegated (saved credentials are those that you elect to save\/remember using the Wind ...

oval:org.secpod.oval:def:29201
This policy setting determines whether the Program Compatibility Assistant (PCA) will diagnose DLL load or COM object creation failures in programs. If you enable this policy setting, the PCA detects programs trying to create legacy COM objects that are removed in this version of Windows. When this ...

oval:org.secpod.oval:def:22611
This policy setting specifies whether to use the Store service for finding an application to open a file with an unhandled file type or protocol association.When a user opens a file type or protocol that is not associated with any applications on the computer, the user is given the choice to select ...

oval:org.secpod.oval:def:29259
Hides the menus that appear when you right-click the taskbar and items on the taskbar, such as the Start button, the clock, and the taskbar buttons.This setting does not prevent users from using other methods to issue the commands that appear on these menus.

oval:org.secpod.oval:def:29257
If you enable this policy the start menu will not show a link to the Downloads folder.

oval:org.secpod.oval:def:29258
This setting affects the taskbar buttons used to switch between running programs.Taskbar grouping consolidates similar applications when there is no room on the taskbar. It kicks in when the users taskbar is full.If you enable this setting, it prevents the taskbar from grouping items that share the ...

oval:org.secpod.oval:def:29251
Removes items in the All Users profile from the Programs menu on the Start menu.By default, the Programs menu contains items from the All Users profile and items from the users profile. If you enable this setting, only items in the users profile appear in the Programs menu.Tip: To see the Program me ...

oval:org.secpod.oval:def:29252
If you disable or do not configure this setting, the system tracks the programs that the user runs. The system uses this information to customize Windows features, such as showing frequently used programs in the Start Menu.If you enable this setting, the system does not track the programs that the u ...

oval:org.secpod.oval:def:29250
This policy setting prevents users from performing the following commands from the Start menu or Windows Security screen: Shut Down, Restart, Sleep, and Hibernate. This policy setting does not prevent users from running Windows-based programs that perform these functions.If you enable this policy se ...

oval:org.secpod.oval:def:29255
Prevents Control Panel, Printers, and Network Connections from running.This setting removes the Control Panel, Printers, and Network and Connection folders from Settings on the Start menu, and from Computer and Windows Explorer. It also prevents the programs represented by these folders (such as Con ...

oval:org.secpod.oval:def:29256
Removes the Taskbar and Start Menu item from Settings on the Start menu. This setting also prevents the user from opening the Taskbar Properties dialog box.If the user right-clicks the taskbar and then clicks Properties, a message appears explaining that a setting prevents the action.

oval:org.secpod.oval:def:29253
Prevents the system from using NTFS tracking features to resolve a shortcut.By default, when the system cannot find the target file for a shortcut (.lnk), it searches all paths associated with the shortcut. If the target file is located on an NTFS partition, the system then uses the targets file ID ...

oval:org.secpod.oval:def:29254
If you enable this policy the start menu search box will not search for communications.If you disable or do not configure this policy, the start menu will search for communications, unless the user chooses not to in the start menu control panel.

oval:org.secpod.oval:def:22602
Multiple network connections can provide additional attack vectors to a system and should be limited. When connected to a domain, communication must go through the domain connection.

oval:org.secpod.oval:def:29248
This policy setting deletes all data stored on Windows SideShow-compatible devices (running Microsoft firmware) when a user logs off from the computer. This is a security precaution but it significantly limits the usefulness of the devices.If you enable this policy setting, all data stored on device ...

oval:org.secpod.oval:def:29249
Displays Start menu shortcuts to partially installed programs in gray text.This setting makes it easier for users to distinguish between programs that are fully installed and those that are only partially installed.Partially installed programs include those that a system administrator assigns using ...

oval:org.secpod.oval:def:29246
Limits the Windows programs that users have permission to run on the computer.If you enable this policy setting, users can only run programs that you add to the list of allowed applications.If you disable this policy setting or do not configure it, users can run all applications.This policy setting ...

oval:org.secpod.oval:def:29247
This policy setting allows you to turn off desktop gadgets that have been installed by the user.If you enable this setting, Windows will not run any user-installed gadgets.If you disable or do not configure this setting, Windows will run user-installed gadgets.The default is for Windows to run user ...

oval:org.secpod.oval:def:29240
Prevents users from using familiar methods to add local and network printers. If this policy setting is enabled, it removes the Add Printer option from the Start menu. (To find the Add Printer option, click Start, click Printers, and then click Add Printer.) This setting also removes Add Pr ...

oval:org.secpod.oval:def:29241
This policy restricts clients computers to use package point and print only.If this setting is enabled, users will only be able to point and print to printers that use package-aware drivers. When using package point and print, client computers will check the driver signature of all drivers that are ...

oval:org.secpod.oval:def:29244
This policy setting turns off scripting for the location feature. If you enable this policy setting, scripts for the location feature will not run. If you disable or do not configure this policy setting, all location scripts will run.

oval:org.secpod.oval:def:29245
This policy setting allows you to manage whether users can manually remove the zone information from saved file attachments. Typically, users can either click the Unblock button in the file?s Property sheet or select a check box in the Security Warning dialog. If the zone information is removed, use ...

oval:org.secpod.oval:def:29242
Specifies whether the computers to which this setting is applied may send dynamic updates to the zones named with a single label name, also known as top-level domain zones, for example, com.By default, a DNS client configured to perform dynamic DNS update sends dynamic updates to the DNS zone that i ...

oval:org.secpod.oval:def:29243
This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. If you enable or do not configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install al ...

oval:org.secpod.oval:def:29237
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29238
Enables applications and services to prevent the system from sleeping.If you enable this policy setting, an application or service may prevent the system from sleeping (Hybrid Sleep, Stand By, or Hibernate).If you disable this policy setting or do not configure it, users can see and change this sett ...

oval:org.secpod.oval:def:29235
Specify if Windows should enable the desktop background slideshow. If you enable this policy setting, desktop background slideshow is enabled.If you disable this policy setting, the desktop background slideshow is disabled.if you do not configure this setting, users can see and change this sett ...

oval:org.secpod.oval:def:29236
This policy setting allows you to turn on economical application of administratively assigned Offline Files.If you enable or do not configure this policy setting, only new files and folders in administratively assigned folders are synchronized at logon. Files and folders that are already available o ...

oval:org.secpod.oval:def:29239
Allows you to have File Explorer display a confirmation dialog whenever a file is deleted or moved to the Recycle Bin.If you enable this setting, a confirmation dialog is displayed when a file is deleted or moved to the Recycle Bin by the user.If you disable or do not configure this setting, the de ...

oval:org.secpod.oval:def:29230
Windows Mail will not check your newsgroup servers for Communities support.

oval:org.secpod.oval:def:29233
This setting turns the Accounting feature On or Off.If you enable this setting, Windows System Resource Manager (WSRM) will start accounting various usage statistics of the processes.If you disable this setting, WSRM will stop logging usage statistics of processes.If you do not configure this settin ...

oval:org.secpod.oval:def:29234
This policy setting specifies whether BranchCache is enabled on the client computer. BranchCache reduces the utilization of the wide area network (WAN) links connecting branch offices to the data center or headquarters and increases access speeds for content that has already been downloaded into the ...

oval:org.secpod.oval:def:29231
This policy setting turns off Windows Mobility Center.If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file does not launch it.If you disable this policy setting, the user is ab ...

oval:org.secpod.oval:def:29232
This policy setting turns off the active tests performed by the Windows Network Connectivity Status Indicator (NCSI) to determine whether your computer is connected to the Internet or to a more limited network.As part of determining the connectivity level, NCSI performs one of two active tests: down ...

oval:org.secpod.oval:def:29226
This policy setting enables or disables PNRP cloud creation.PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol version 6 (IPv6) address. Other hosts can then resolve the name, retrieve the corresponding address, and est ...

oval:org.secpod.oval:def:29227
This setting lets you disable file restore functionality.If this setting is enabled, the file restore program is disabled.If this setting is disabled or not configured, the file restore program is enabled and users can restore files.

oval:org.secpod.oval:def:29224
Disables a user notification when the battery capacity remaining equals the low battery notification level.If you enable this policy, Windows will not show a notification when the battery capacity remaining equals the low battery notification level. To configure the low battery notification level, ...

oval:org.secpod.oval:def:29225
Local Link Multicast Name Resolution (LLMNR) is a secondary name resolution protocol. Queries are sent over the Local Link, a single subnet, from a client machine using Multicast to which another client on the same link, which also has LLMNR enabled, can respond. LLMNR provides name resolution in sc ...

oval:org.secpod.oval:def:29228
This setting allows you to enable or disable Resultant Set of Policy (RSoP) logging on a client computer.RSoP logs information on Group Policy settings that have been applied to the client. This information includes details such as which Group Policy objects (GPO) were applied, where they came from, ...

oval:org.secpod.oval:def:29229
This policy setting turns off the sensor feature for this computer. If you enable this policy setting, the sensor feature will be turned off, and all programs on this computer will not be able to use the sensor feature. If you disable or do not configure this policy setting, all progra ...

oval:org.secpod.oval:def:29222
Enabling this policy prevents users from adding UNC locations to the index from the Search and Indexing Options in Control Panel. Any UNC locations that have already been added to the index by the user will not be removed.When this policy is disabled or not configured, users will be able to add UNC ...

oval:org.secpod.oval:def:29223
This policy setting turns off scripting for the location feature. If you enable this policy setting, scripts for the location feature will not run. If you disable or do not configure this policy setting, all location scripts will run.

oval:org.secpod.oval:def:29220
This policy setting removes access to the performance center control panel page.If you enable this policy setting, some settings within the performance control panel page are not displayed. The administrative tools will not be affected.If you disable or do not configure this policy setting, the perf ...

oval:org.secpod.oval:def:29221
This policy setting removes access to the performance center control panel solutions to performance problems.If you enable this policy setting, the solutions and issue section within the performance control panel page are not displayed. The administrative tools are not affectedIf you disable or do n ...

oval:org.secpod.oval:def:28759
Allows you to disable System Restore.System Restore enables users, in the event of a problem, to restore their computers to a previous state without losing personal data files. By default, System Restore is turned on for the boot volume.If you enable this setting, System Restore is turned off, and t ...

oval:org.secpod.oval:def:28764
Driver compatibility settings.

oval:org.secpod.oval:def:28765
This policy setting determines whether the system records an event in the Application log when users reach their disk quota warning level on a volume.If you enable this policy setting, the system records an event. If you disable this policy setting, no event is recorded. When you enable or disable t ...

oval:org.secpod.oval:def:28762
Removes icons, shortcuts, and other default and user-defined items from the desktop, including Briefcase, Recycle Bin, Computer, and Network Locations.Removing icons and shortcuts does not prevent the user from using another method to start the programs or opening the items they represent.Also, see ...

oval:org.secpod.oval:def:28763
This policy setting allows you to permit or prohibit use of the Files preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension. Enabling t ...

oval:org.secpod.oval:def:28768
Specifies whether users can perform a Microsoft Knowledge Base search from the Help and Support Center.The Knowledge Base is an online source of technical support information and self-help tools for Microsoft products and is searched as part of all Help and Support Center searches with the default s ...

oval:org.secpod.oval:def:28769
Disables visual pen action feedback, except for press and hold feedback.If you enable this policy, all visual pen action feedback is disabled except for press and hold feedback. Additionally, the mouse cursors are shown instead of the pen cursors.If you disable or do not configure this policy, visu ...

oval:org.secpod.oval:def:28766
This policy setting controls the behavior of the Windows Error Reporting archive.If you enable this policy setting, you can configure Windows Error Reporting archiving behavior. If Archive behavior is set to Store all, all data collected for each error report is stored in the appropriate location. I ...

oval:org.secpod.oval:def:28767
This policy controls the state of the application compatibility engine in the system.The engine is part of the loader and looks through a compatibility database every time an application is started on the system. If a match for the application is found it provides either run-time solutions or compa ...

oval:org.secpod.oval:def:28760
This setting lets you disable the data file backup functionality.If this setting is enabled, users cannot back up data files.If this setting is disabled or not configured, users can back up data files.

oval:org.secpod.oval:def:28761
This policy setting prevents users from starting Task Manager.Task Manager (taskmgr.exe) lets users start and stop programs; monitor the performance of their computers; view and monitor all programs running on their computers, including system services; find the executable names of programs; and cha ...

oval:org.secpod.oval:def:28748
Specifies that a multi-homed DNS client should optimize name resolution across networks. The setting improves performance by issuing parallel DNS, link local multicast name resolution (LLMNR) and NetBIOS over TCP\/IP (NetBT) queries across all networks. In the event that multiple positive responses ...

oval:org.secpod.oval:def:28749
This policy setting denies execute access to the Tape Drive removable storage class.If you enable this policy setting, execute access will be denied to this removable storage class.If you disable or do not configure this policy setting, execute access will be allowed to this removable storage class.

oval:org.secpod.oval:def:28753
This policy controls the legacy remote shutdown interface (named pipe). The named pipe remote shutdown interface is needed in order to shutdown this system from a remote Windows XP or Windows Server 2003 system.If this setting is enabled, the system does not create the named pipe remote shutdown int ...

oval:org.secpod.oval:def:28754
This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the site local cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP boots ...

oval:org.secpod.oval:def:28751
Turns off the boot and resume optimizations for the hybrid hard disks in the system.If you enable this policy setting, the system does not use the non-volatile (NV) cache to optimize boot and resume.If you disable this policy setting, the system uses the NV cache to achieve faster boot and resume. T ...

oval:org.secpod.oval:def:28752
This policy setting removes access to the performance center control panel OEM and Microsoft branding links.If you enable this policy setting, the OEM and Microsoft web links within the performance control panel page are not displayed. The administrative tools are not affectedIf you disable or do no ...

oval:org.secpod.oval:def:28757
Turns off Routinely Taking Action.This policy setting allows you to configure whether Windows Defender will automatically take action on all detected threats. The action to be taken on a particular threat will be determined by the combination of the policy-defined action, user-defined action and the ...

oval:org.secpod.oval:def:28758
Turns off the solid state mode for the hybrid hard disks. If you enable this policy setting, frequently written files such as the file system metadata and registry may not be stored in the NV cache.If you disable this policy setting, the system will store frequently written data into the non-volatil ...

oval:org.secpod.oval:def:28755
This policy setting enables or disables PNRP cloud creation.PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol version 6 (IPv6) address. Other hosts can then resolve the name, retrieve the corresponding address, and est ...

oval:org.secpod.oval:def:28756
This policy controls the state of the Program Compatibility Assistant in the system. The PCA monitors user initiated programs for known compatibility issues at run time. Whenever a potential issue with an application is detected, the PCA will prompt the user with pointers to recommended solutio ...

oval:org.secpod.oval:def:28750
The Domain Controller Locator (DC Locator) service is used by clients to find domain controllers for their Active Directory domain. The default behavior for DC Locator is to find a DC in the same site. If none are found in the same site, a DC in another site, which might be several site-hops away, c ...

oval:org.secpod.oval:def:28739
Prevents users from removing Web content from their Active Desktop.In Active Desktop, you can add items to the desktop but close them so they are not displayed.If you enable this setting, items added to the desktop cannot be closed; they always appear on the desktop. This setting removes the check b ...

oval:org.secpod.oval:def:28737
This policy setting determines whether a user will be prompted on the client computer to provide credentials for a remote connection to an RD Session Host server.If you enable this policy setting, a user will be prompted on the client computer-instead of on the RD Session Host server-to provide cred ...

oval:org.secpod.oval:def:28738
This policy setting allows you to configure the display of the password reveal button in password entry user experiences.If you enable this policy setting, the password reveal button will not be displayed after a user types a password in the password entry text box.If you disable or do not configure ...

oval:org.secpod.oval:def:28742
This policy setting allows you to remove the Disconnect option from the Shut Down Windows dialog box in Remote Desktop Services sessions.You can use this policy setting to prevent users from using this familiar method to disconnect their client from an RD Session Host server.If you enable this polic ...

oval:org.secpod.oval:def:28743
This policy setting lets you reverse the subject name from how it is stored in the certificate when displaying it during logon. By default the user principal name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example, if the ...

oval:org.secpod.oval:def:28740
Prevents windows from being minimized or restored when the active window is shaken back and forth with the mouse. If you enable this policy, application windows will not be minimized or restored when the active window is shaken back and forth with the mouse.If you disable or do not configure th ...

oval:org.secpod.oval:def:28741
This policy setting allows you to permit or prohibit use of the Folders preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension. Enabling ...

oval:org.secpod.oval:def:28746
This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers during the maintenance days and hours. Maintenance schedules further limit the network bandwidth that is used for background transfers. If you enable this setti ...

oval:org.secpod.oval:def:28747
Removes links to the Support Info dialog box from programs on the Change or Remove Programs page.Programs listed on the Change or Remove Programs page can include a Click here for support information hyperlink. When clicked, the hyperlink opens a dialog box that displays troubleshooting information, ...

oval:org.secpod.oval:def:28744
This policy setting determines whether Windows PowerShell scripts will run before non-PowerShell scripts during user logon and logoff. By default, PowerShell scripts run after non-PowerShell scripts. If you enable this policy setting, within each applicable Group Policy object (GPO), PowerShell scr ...

oval:org.secpod.oval:def:28745
This policy setting limits a node to resolving, but not publishing, names in a specific Peer Name Resolution Protocol (PNRP) cloud.This policy setting forces computers to act as clients in peer-to-peer (P2P) scenarios. For example, a client computer can detect other computers to initiate chat sessio ...

oval:org.secpod.oval:def:28728
This policy setting turns off the option to periodically wake the computer to update information on Windows SideShow-compatible devices.If you enable this policy setting, the option to automatically wake the computer will not be available in the Windows SideShow Control Panel.If you disable or do no ...

oval:org.secpod.oval:def:28729
This policy setting allows you to turn off desktop gadgets. Gadgets are small applets that display information or utilities on the desktop.If you enable this setting, desktop gadgets will be turned off.If you disable or do not configure this setting, desktop gadgets will be turned on.The default is ...

oval:org.secpod.oval:def:28726
This policy setting allows you to turn on logging of misconversion for the misconversion report.If you enable this policy setting, misconversion logging is turned on.If you disable or do not configure this policy setting, misconversion logging is turned off. This policy setting applies to Japanese M ...

oval:org.secpod.oval:def:28727
Manages how Windows controls the setting that specifies how long a computer must be inactive before Windows turns off the computer?s display. When this policy is enabled, Windows automatically adjusts the setting based on what users do with their keyboard or mouse to keep the display on. When this ...

oval:org.secpod.oval:def:28731
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service automatically listens on the network for requests on the HTTP transport over the default HTTP port.If you enable this policy setting, the WinRM service automatically listens on the network for requests on ...

oval:org.secpod.oval:def:28732
Turns off Tablet PC Pen Training.If you enable this policy setting, users cannot open Tablet PC Pen Training.If you disable or do not configure this policy setting, users can open Tablet PC Pen Training.

oval:org.secpod.oval:def:28730
This policy setting configures the Program Compatibility Assistant (PCA) to diagnose failures with application and driver compatibility. If you enable this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers block ...

oval:org.secpod.oval:def:28735
Disables Hybrid Sleep.If you enable this policy setting, a hiberfile is not generated when the system transitions to sleep (Stand By).If you do not configure this policy setting, users can see and change this setting.

oval:org.secpod.oval:def:28736
This policy setting controls computer restart performance at the risk of exposing BitLocker secrets. This policy setting is applied when you turn on BitLocker. BitLocker secrets include key material used to encrypt data. This policy setting applies only when BitLocker protection is enabled.If you en ...

oval:org.secpod.oval:def:28733
This policy setting determines when Windows uses automatic language detection results, and when it relies on indexing history. If you enable this policy setting, Windows will always use automatic language detection to index (as it did in Windows 7). Using automatic language detection can increase me ...

oval:org.secpod.oval:def:28734
Specifies whether to show the Did you know? section of Help and Support Center.This content is dynamically updated when users who are connected to the Internet open Help and Support Center, and provides up-to-date information about Windows and the computer.If you enable this setting, the Help and Su ...

oval:org.secpod.oval:def:28797
This policy setting determines whether the user can publish shared folders in Active Directory Domain Services (AD DS).If you enable or do not configure this policy setting, users can use the Publish in Active Directory option in the Shared Folders snap-in to publish shared folders in AD DS.If you d ...

oval:org.secpod.oval:def:28798
Prevents Windows from running the programs you specify in this policy setting.If you enable this policy setting, users cannot run programs that you add to the list of disallowed applications.If you disable this policy setting or do not configure it, users can run any programs.This policy setting onl ...

oval:org.secpod.oval:def:28795
This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during user logon and logoff. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts. If you enable this policy setting, within each applicable Group Policy Objec ...

oval:org.secpod.oval:def:28796
This policy setting determines whether the user can publish DFS roots in Active Directory Domain Services (AD DS).If you enable or do not configure this policy setting, users can use the Publish in Active Directory option to publish DFS roots as shared folders in AD DS .If you disable this policy se ...

oval:org.secpod.oval:def:28799
Changes the behavior of IShellFolder::BindToObject for IID_IPropertySetStorage to not bind directly to the IPropertySetStorage implementation, and to include the intermediate layers provided by the Property System. This behavior is consistent with Windows Vistas behavior in this scenario.This disab ...

oval:org.secpod.oval:def:28790
Restricts package point and print to approved servers.This policy setting restricts package point and print connections to approved servers. This setting only applies to Package Point and Print connections, and is completely independent from the Point and Print Restrictions policy that governs the b ...

oval:org.secpod.oval:def:28793
This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Videos subfolders when redirecting the parent Start Menu and legacy My Documents folder respectively.If you enable this policy set ...

oval:org.secpod.oval:def:28794
Changes the behavior of IShellFolder::BindToObject for IID_IPropertySetStorage to not bind directly to the IPropertySetStorage implementation, and to include the intermediate layers provided by the Property System. This behavior is consistent with Windows Vistas behavior in this scenario.This disab ...

oval:org.secpod.oval:def:28791
This policy setting allows you to manage the Active Directory Domain Services (AD DS) backup of Trusted Platform Module (TPM) owner information. TPM owner information includes a cryptographic hash of the TPM owner password. Certain TPM commands can only be run by the TPM owner. This hash authorizes ...

oval:org.secpod.oval:def:28792
This policy setting defines the list of trusting forests that the Kerberos client searches when attempting to resolve two-part service principal names (SPNs).If you enable this policy setting, the Kerberos client will search the forests in this list if it is unable to resolve a two-part SPN. If a ma ...

oval:org.secpod.oval:def:28786
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28787
This settings allows you to configure client computers to always lock when resuming from a hibernate or suspend.If you enable this setting, the client computer is locked when it is resumed from a suspend or hibernate state.If you disable or do not configure this setting, users can decide if their co ...

oval:org.secpod.oval:def:28784
This policy setting allows you to control whether users see detailed enhanced notification messages about featured software from the Microsoft Update service. Enhanced notification messages convey the value and promote the installation and use of optional software. This policy setting is intended fo ...

oval:org.secpod.oval:def:28785
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28788
This policy setting lets you configure the script execution policy, controlling which scripts are allowed to run.If you enable this policy setting, the scripts selected in the drop-down list are allowed to run.The Allow only signed scripts policy setting allows scripts to execute only if they are si ...

oval:org.secpod.oval:def:28789
If this policy setting is enabled, it prevents users from deleting local and network printers. If a user tries to delete a printer, such as by using the Delete option in Printers in Control Panel, a message appears explaining that a setting prevents the action. This setting does no ...

oval:org.secpod.oval:def:28782
This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on, it monitors essential security settings and notifies the user when the computer might be at risk. The Security Center Control Pane ...

oval:org.secpod.oval:def:28783
This policy setting allows you to control whether Smart Card Plug and Play is enabled.If you enable or do not configure this policy setting, Smart Card Plug and Play will be enabled and the system will attempt to install a Smart Card device driver when a card is inserted in a Smart Card Reader for t ...

oval:org.secpod.oval:def:28780
Specifies whether Automatic Updates will deliver both important as well as recommended updates from the Windows Update update service.When this policy is enabled, Automatic Updates will install recommended updates as well as important updates from Windows Update update service.When disabled or not c ...

oval:org.secpod.oval:def:28781
This policy setting allows you to manage the root certificate propagation that occurs when a smart card is inserted.If you enable or do not configure this policy setting then root certificate propagation will occur when you insert your smart card. Note: For this policy setting to work the following ...

oval:org.secpod.oval:def:28775
Turn off the Windows Startup sound and prevent its customization in the Sound item of Control Panel.The Microsoft Windows Startup sound is heard during system startup and cold startup and can be turned on or off in the Sound item of Control Panel.Enabling or disabling this setting will automatically ...

oval:org.secpod.oval:def:28776
This policy setting allows you to improve performance in low bandwidth scenarios.This setting is incrementally scaled from No optimization to Full optimization. Each incremental setting includes the previous optimization setting.For example:Turn off background will include the following optimizatio ...

oval:org.secpod.oval:def:28773
This policy setting allows you to manage whether HotStart buttons can be used to launch applications.If you enable this policy setting, applications cannot be launched using the HotStart buttons.If you disable or do not configure this policy setting, applications can be launched using the HotStart b ...

oval:org.secpod.oval:def:28774
Denies or allows access to the Windows Mail application.If you enable this setting, access to the Windows Mail application is denied.If you disable or do not configure this setting, access to the Windows Mail application is allowed.

oval:org.secpod.oval:def:28779
This policy setting turns on logging.If you enable or do not configure this policy setting, then events can be written to this log.If the policy setting is disabled, then no new events can be logged. Events can always be read from the log, regardless of this policy setting.

oval:org.secpod.oval:def:28777
This policy setting enables or disables an HTTP listener created for backward compatibility purposes in the Windows Remote Management (WinRM) service. When certain port 80 listeners are migrated to WinRM 2.0, the listener port number changes to 5985. A listener ...

oval:org.secpod.oval:def:28778
Specify if Windows should enable the desktop background slideshow. If you enable this policy setting, desktop background slideshow is enabled.If you disable this policy setting, the desktop background slideshow is disabled.if you do not configure this setting, users can see and change this sett ...

oval:org.secpod.oval:def:28771
Turn off Panning Turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.If you enable this setting, the user ...

oval:org.secpod.oval:def:28772
This policy setting allows you to turn off desktop gadgets that have been installed by the user.If you enable this setting, Windows will not run any user-installed gadgets.If you disable or do not configure this setting, Windows will run user-installed gadgets.The default is for Windows to run user ...

oval:org.secpod.oval:def:28770
The policy controls the state of the Switchback compatibility engine in the system. Switchback is a mechanism that provides generic compatibility mitigations to older applications by providing older behavior to old applications and new behavior to new applications. Switchback is on by default.If you ...

oval:org.secpod.oval:def:28801
This policy setting turns off the option to periodically wake the computer to update information on Windows SideShow-compatible devices.If you enable this policy setting, the option to automatically wake the computer will not be available in the Windows SideShow Control Panel.If you disable or do no ...

oval:org.secpod.oval:def:28802
Specifies whether Sound Recorder can run.Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.If you enable this policy setting, Sound Recorder will not run.If you disable or ...

oval:org.secpod.oval:def:28800
This policy setting allows you to restrict the installation of unsigned gadgets. Desktop gadgets can be deployed as compressed files, either digitally signed or unsigned.If you enable this setting, gadgets that have not been digitally signed will not be extracted.If you disable or do not configure ...

oval:org.secpod.oval:def:28838
This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the link local cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP boots ...

oval:org.secpod.oval:def:28839
This policy setting turns off Windows SideShow.If you enable this policy setting, the Windows SideShow Control Panel will be disabled and data from Windows SideShow-compatible gadgets (applications) will not be sent to connected devices. If you disable or do not configure this policy setting, Window ...

oval:org.secpod.oval:def:28836
Removes access to the performance center control panel OEM and Microsoft branding links.If you enable this setting, the OEM and Microsoft web links within the performance control panel page will not be displayed. The administrative tools will not be affected. If you disable or do not configure this ...

oval:org.secpod.oval:def:28837
Allows you to disable System Restore configuration through System Protection.System Restore enables users, in the event of a problem, to restore their computers to a previous state without losing personal data files. The behavior of this setting depends on the Turn off System Restore setting.If you ...

oval:org.secpod.oval:def:28841
This policy setting allows you to specify the redirection method to use when a client device reconnects to an existing Remote Desktop Services session in a load-balanced RD Session Host server farm. This setting applies to an RD Session Host server that is configured to use RD Connection Broker; not ...

oval:org.secpod.oval:def:28842
This policy setting denies write access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.If you enable this policy setting, write access will be denied to this removable storage class.If you disable or do not configure this policy setting, writ ...

oval:org.secpod.oval:def:28840
This policy setting allows you to turn on logging for Windows PowerShell modules. If you enable this policy setting, pipeline execution events for members of the specified modules are recorded in the Windows PowerShell log in Event Viewer. Enabling this policy setting for a module is equivale ...

oval:org.secpod.oval:def:28845
Removes the Music icon from the Start Menu.

oval:org.secpod.oval:def:28846
If you enable this setting, the Run command is added to the Start menu. If you disable or do not configure this setting, the Run command is not visible on the Start menu by default, but it can be added from the Taskbar and Start menu properties. If the Remove Run link from Start Menu policy is set, ...

oval:org.secpod.oval:def:28843
This policy setting requires users to enter a default personal identification number (PIN) to unlock and access data on the device after a specified period of inactivity (time-out period). This setting applies to Windows SideShow-compatible devices running Microsoft firmware.If you enable this polic ...

oval:org.secpod.oval:def:28844
If you enable this setting, the frequently used programs list is removed from the Start menu.If you disable this setting or do not configure it, the frequently used programs list remains on the simple Start menu.

oval:org.secpod.oval:def:28827
This setting affects the notification area (previously called the system tray) on the taskbar.Description: The notification area is located at the far right end of the task bar and includes the icons for current notifications and the system clock.If this setting is enabled, the user?s entire notific ...

oval:org.secpod.oval:def:28828
If you enable this policy the start menu will not show a link to the users storage folder.If you disable or do not configure this policy, the start menu will display a link, unless the user chooses to remove it in the start menu control panel.

oval:org.secpod.oval:def:28825
Prevents the clock in the system notification area from being displayed.If you enable this setting, the clock will not be displayed in the system notification area.If you disable or do not configure this setting, the default behavior of the clock appearing in the notification area will occur.

oval:org.secpod.oval:def:28826
This setting affects the taskbar.The taskbar includes the Start button, buttons for currently running tasks, custom toolbars, the notification area, and the system clock. Toolbars include Quick Launch, Address, Links, Desktop, and other custom toolbars created by the user or by an application.If thi ...

oval:org.secpod.oval:def:28829
Prevents users from connecting to the Windows Update Web site.This setting blocks user access to the Windows Update Web site at http:\/\/windowsupdate.microsoft.com. Also, the setting removes the Windows Update hyperlink from the Start menu and from the Tools menu in Internet Explorer.Windows Update ...

oval:org.secpod.oval:def:28830
If you enable this setting, the Undock PC button is removed from the simple Start Menu, and your PC cannot be undocked.If you disable this setting or do not configure it, the Undock PC button remains on the simple Start menu, and your PC can be undocked.

oval:org.secpod.oval:def:28831
This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it.If you enable this policy setting, users cannot participate in th ...

oval:org.secpod.oval:def:28834
This policy setting allows you to turn off history-based predictive input.If you enable this policy setting, history-based predictive input is turned off. If you disable or do not configure this policy setting, history-based predictive input is on by default.This policy setting applies to Japanese M ...

oval:org.secpod.oval:def:28835
This policy setting allows you to set the hardening level of the Windows Remote Management (WinRM) service with regard to channel binding tokens. If you enable this policy setting, the WinRM service uses the level specified in HardeningLevel to determine whether or not to accept a received re ...

oval:org.secpod.oval:def:28832
This policy setting specifies whether the Order Prints Online task is available from Picture Tasks in Windows folders.The Order Prints Online Wizard is used to download a list of providers and allow users to order prints online.If you enable this policy setting, the task Order Prints Online is remov ...

oval:org.secpod.oval:def:28833
Removes the Add\/Remove Windows Components button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page.The Add\/Remove Windows Components button lets users configure installed services and use the Windows Component Wizard to add, remove, and configure com ...

oval:org.secpod.oval:def:28816
Allows you to remove the Run command from the Start menu, Internet Explorer, and Task Manager.If you enable this setting, the following changes occur:(1) The Run command is removed from the Start menu.(2) The New Task (Run) command is removed from Task Manager.(3) The user will be blocked from enter ...

oval:org.secpod.oval:def:28817
If you enable this policy, the See all results link will not be shown when the user performs a search in the start menu search box.If you disable or do not configure this policy, the See all results link will be shown when the user performs a search in the start menu search box.

oval:org.secpod.oval:def:28814
Prevents the operating system and installed programs from creating and displaying shortcuts to recently opened documents.If you enable this setting, the system and Windows programs do not create shortcuts to documents opened while the setting is in effect. Also, they retain but do not display existi ...

oval:org.secpod.oval:def:28815
Prevents the system from conducting a comprehensive search of the target drive to resolve a shortcut.By default, when the system cannot find the target file for a shortcut (.lnk), it searches all paths associated with the shortcut. If the target file is located on an NTFS partition, the system then ...

oval:org.secpod.oval:def:28818
If you enable this policy setting the Start menu search box will not search for files.If you disable or do not configure this policy setting, the Start menu will search for files, unless the user chooses not to do so directly in Control Panel. If you enable this policy, a See more results \/ Search ...

oval:org.secpod.oval:def:28819
If you enable this policy setting the Start menu search box will not search for programs or Control Panel items.If you disable or do not configure this policy setting, the Start menu search box will search for programs and Control Panel items, unless the user chooses not to do so directly in Control ...

oval:org.secpod.oval:def:28820
Removes the Default Programs link from the Start menu.Clicking the Default Programs link from the Start menu opens the Default Programs control panel and provides administrators the ability to specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which p ...

oval:org.secpod.oval:def:28823
Hides all folders on the user-specific (top) section of the Start menu. Other items appear, but folders are hidden.This setting is designed for use with redirected folders. Redirected folders appear on the main (bottom) section of the Start menu. However, the original, user-specific version of the f ...

oval:org.secpod.oval:def:28824
If you enable this policy the start menu will not show a link to the Videos library.

oval:org.secpod.oval:def:28821
Removes the Network icon from the Start Menu.

oval:org.secpod.oval:def:28822
If you enable this policy the Start menu will not show a link to Homegroup. It also removes the homegroup item from the Start Menu options. As a result, users cannot add the homegroup link to the Start Menu. If you disable or do not configure this policy, users can use the Start Menu options to ...

oval:org.secpod.oval:def:28805
If you enable this policy setting, the recent programs list in the start menu will be blank for each new user.If you disable or do not configure this policy, the start menu recent programs list will be pre-populated with programs for each new user.

oval:org.secpod.oval:def:28806
This policy only applies to the classic version of the start menu and does not affect the new style start menu.Adds the Log Off <username> item to the Start menu and prevents users from removing it.If you enable this setting, the Log Off <username> item appears in the Start menu. This se ...

oval:org.secpod.oval:def:28803
This policy setting controls whether the Classification tab is displayed in the Properties dialog box in File Explorer.The Classification tab enables users to manually classify files by selecting properties from a list. Administrators can define the properties for the organization by using Group Pol ...

oval:org.secpod.oval:def:28804
Clear history of recently opened documents on exit.If you enable this setting, the system deletes shortcuts to recently used document files when the user logs off. As a result, the Recent Items menu on the Start menu is always empty when the user logs on. In addition, recently and frequently used it ...

oval:org.secpod.oval:def:28809
Prevents users from using the drag-and-drop method to reorder or remove items on the Start menu. Also, it removes context menus from the Start menu.If you disable this setting or do not configure it, users can remove or reorder Start menu items by dragging and dropping the item. They can display con ...

oval:org.secpod.oval:def:28807
Disables personalized menus.Windows personalizes long menus by moving recently used items to the top of the menu and hiding items that have not been used recently. Users can display the hidden items by clicking an arrow to extend the menu.If you enable this setting, the system does not personalize m ...

oval:org.secpod.oval:def:28808
This setting affects the notification area, also called the system tray.The notification area is located in the task bar, generally at the bottom of the screen, and it includes the clock and current notifications. This setting determines whether the items are always expanded or always collapsed. By ...

oval:org.secpod.oval:def:28812
If you enable this setting, the All Programs item is removed from the simple Start menu.If you disable this setting or do not configure it, the All Programs item remains on the simple Start menu.

oval:org.secpod.oval:def:28813
If you enable this setting, the Pinned Programs list is removed from the Start menu. Users cannot pin programs to the Start menu. In Windows XP and Windows Vista, the Internet and email checkboxes are removed from the Customize Start Menu dialog. If you disable this setting or do not configure it, t ...

oval:org.secpod.oval:def:28810
Prevents users from adding the Favorites menu to the Start menu or classic Start menu.If you enable this setting, the Display Favorites item does not appear in the Advanced Start menu options box.If you disable or do not configure this setting, the Display Favorite item is available.Note:The Favorit ...

oval:org.secpod.oval:def:28811
If you enable this policy the start menu will not show a link to the Games folder.If you disable or do not configure this policy, the start menu will show a link to the Games folder, unless the user chooses to remove it in the start menu control panel.

oval:org.secpod.oval:def:22658
Enable: 'Specify the search server for device driver updates'

oval:org.secpod.oval:def:29291
This setting controls whether the Net Logon service will allow the use of older cryptography algorithms that are used in Windows NT 4.0. The cryptography algorithms used in Windows NT 4.0 and earlier are not as secure as newer algorithms used in Windows 2000, Windows XP, Windows Server 2003, Window ...

oval:org.secpod.oval:def:29292
This policy setting Sspecifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.You can use this setting to direct Remote Desktop Services to end a session (that is, the user is logged off and the session is deleted from the server) after time limits fo ...

oval:org.secpod.oval:def:22656
The location service on mobile devices may allow sensitive data to be used by applications on the system. This should be turned off unless explicitly allowed for approved systems/applications.

oval:org.secpod.oval:def:29290
This policy setting allows you to specify whether users can redirect the remote computers audio and video output in a Remote Desktop Services session.Users can specify where to play the remote computers audio output by configuring the remote audio settings on the Local Resources tab in Remote Deskto ...

oval:org.secpod.oval:def:29295
This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost.If you disable or do not configure this policy setting and a log file reaches its m ...

oval:org.secpod.oval:def:29296
Turns off data sharing from the handwriting recognition personalization tool.The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with ...

oval:org.secpod.oval:def:29293
Specifies whether the PC can use standby sleep states (S1-S3) when starting from a Windows To Go workspace.If you enable this setting, Windows, when started from a Windows To Go workspace, cant use standby states to make the PC sleep.If you disable or dont configure this setting, Windows, when start ...

oval:org.secpod.oval:def:29294
This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the Retain old events policy setting is enabled.If you enable this policy setting and the Retain old events policy setting is enabled, the Event Log file is automatically closed and re ...

oval:org.secpod.oval:def:29299
Determines whether administrators can enable and disable the components used by LAN connections.If you enable this setting (and enable the Enable Network Connections settings for Administrators setting), the check boxes for enabling and disabling components are disabled. As a result, administrators ...

oval:org.secpod.oval:def:29297
By default, Add features to Windows 8 is available for all administrators. If you enable this policy setting, the wizard will not run.If you disable this policy setting or set it to Not Configured, the wizard will run.

oval:org.secpod.oval:def:29298
Determines whether the Advanced Settings item on the Advanced menu in Network Connections is enabled for administrators.The Advanced Settings item lets users view and change bindings and view and change the order in which the computer accesses connections, network providers, and print providers.If y ...

oval:org.secpod.oval:def:22649
Disable: 'Disallow Digest authentication'

oval:org.secpod.oval:def:22648
Enable/Disable PerfTrack

oval:org.secpod.oval:def:29280
This settings lets you configure the script execution policy, controlling what scripts are allowed to run.If you enable this setting, the scripts selected in the drop down list will be allowed to run.The Allow only signed scripts setting allows script to execute only if they are signed by a trusted ...

oval:org.secpod.oval:def:29281
This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain. If you enable this policy setting: - ...

oval:org.secpod.oval:def:29284
Lets users run a 16-bit program in a dedicated (not shared) Virtual DOS Machine (VDM) process.All DOS and 16-bit programs run on Windows 2000 Professional and Windows XP Professional in the Windows Virtual DOS Machine program. VDM simulates a 16-bit environment, complete with the DLLs required by 16 ...

oval:org.secpod.oval:def:29285
Prevents users from running Network Connections.This setting prevents the Network Connections folder from opening. This setting also removes Network Connections from Settings on the Start menu.Network Connections still appears in Control Panel and in Windows Explorer, but if users try to start it, a ...

oval:org.secpod.oval:def:29282
This policy setting turns off the sensor feature for this computer. If you enable this policy setting, the sensor feature is turned off, and all programs on this computer cannot use the sensor feature. If you disable or do not configure this policy setting, all programs on this compute ...

oval:org.secpod.oval:def:29283
If you enable this policy, a Search the Internet link is shown when the user performs a search in the start menu search box. This button launches the default browser with the search terms.If you disable this policy, there will not be a Search the Internet link when the user performs a search in the ...

oval:org.secpod.oval:def:29288
Switches the gesture set used for editing from the common handheld computer gestures to the Simplified Chinese (PRC) standard gestures.Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.If ...

oval:org.secpod.oval:def:29289
This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.If you enable or do not configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers ...

oval:org.secpod.oval:def:29286
If you enable this policy the start menu will not show a link to the Recorded TV library.

oval:org.secpod.oval:def:29287
If you enable this setting, users cannot uninstall apps from Start.If you disable this setting or do not configure it, users can access the uninstall command from Start

oval:org.secpod.oval:def:29270
This policy setting configures whether or not users can provision certificates on Enhanced Storage certificate silo devices.If you enable this policy setting, users can provision certificates on Enhanced Storage certificate silo devices.If you disable or do not configure this policy setting, users c ...

oval:org.secpod.oval:def:29279
This policy setting allows you to manage the certificate propagation that occurs when a smart card is inserted.If you enable or do not configure this policy setting then certificate propagation will occur when you insert your smart card.If you disable this policy setting, certificate propagation wil ...

oval:org.secpod.oval:def:29273
This policy setting configures whether or not only USB root hub connected Enhanced Storage devices are allowed. Allowing only root hub connected Enhanced Storage devices minimizes the risk of an unauthorized USB device reading data on an Enhanced Storage device.If you enable this policy setting, onl ...

oval:org.secpod.oval:def:29274
Announces the presence of shared printers to print browse master servers for the domain.On domains with Active Directory, shared printer resources are available in Active Directory and are not announced.If you enable this setting, the print spooler announces shared printers to the print browse maste ...

oval:org.secpod.oval:def:29271
This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is allowed to install. Use this policy setting only when the Prevent installation of devices not described by other policy settings policy setting is enabled. Other policy setti ...

oval:org.secpod.oval:def:29272
This policy setting allows you to manage whether backups of only system volumes is allowed or both OS and data volumes can be backed up.If you enable this policy setting, machine administrator\/backup operator can backup only volumes hosting OS components and no data only volumes can be backed up.If ...

oval:org.secpod.oval:def:29277
Adjusts password security settings in Tablet PC Input Panel. These settings include using the on-screen keyboard by default, preventing users from switching to another Input Panel skin (the writing pad or character pad), and not showing what keys are tapped when entering a password.Tablet PC Input P ...

oval:org.secpod.oval:def:29278
Tracks the last play time of games in the Games folder.If you enable this setting the last played time of games will not be recorded in Games folder. This setting only affects the Games folder. If you disable or do not configure this setting, the last played time will be displayed to the user.

oval:org.secpod.oval:def:29275
This policy setting allows you to determine how drivers signed by a Microsoft Windows Publisher certificate are ranked with drivers signed by other valid Authenticode signatures during the driver selection and installation process. Regardless of this policy setting, a signed driver is still preferre ...

oval:org.secpod.oval:def:29276
This policy setting specifies whether Remote Desktop Services retains a users per-session temporary folders at logoff.You can use this setting to maintain a users session-specific temporary folders on a remote computer, even if the user logs off from a session. By default, Remote Desktop Services de ...

oval:org.secpod.oval:def:22622
'Configure use of smart cards on removable data drives' for RDVAllowUserCert

oval:org.secpod.oval:def:29268
This policy setting applies to applications using the Cred SSP component (for example: Terminal Server).This policy applies when server authentication was achieved via a trusted X509 certificate or Kerberos.If you enable this policy setting you can specify the servers to which the users saved creden ...

oval:org.secpod.oval:def:29269
Specifies whether the computers to which this setting is applied may attach suffixes to an unqualified multi-label name before sending subsequent DNS queries, if the original name query fails.A name containing dots, but not dot-terminated, is called an unqualified multi-label name, for example serve ...

oval:org.secpod.oval:def:29262
Prevents start of InkBall game.If you enable this policy, the InkBall game will not run.If you disable this policy, the InkBall game will run.If you do not configure this policy, the InkBall game will run.

oval:org.secpod.oval:def:29263
This policy sets the maximum number of printers (of each type) that the Add Printer wizard will display on a computer on an unmanaged network (when the computer is not able to reach a domain controller, e.g. a domain-joined laptop on a home network.)If this setting is disabled, the network scan page ...

oval:org.secpod.oval:def:29260
This policy setting controls whether the QuickLaunch bar is displayed in the Taskbar.If you enable this policy setting, the QuickLaunch bar will be visible and cannot be turned off.If you disable this policy setting, the QuickLaunch bar will be hidden and cannot be turned on.If you do not configure ...

oval:org.secpod.oval:def:29261
Prevents Input Panel tab from appearing on the edge of the Tablet PC screen.Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.If you enable this policy, Input Panel tab will not appear on ...

oval:org.secpod.oval:def:29266
Specifies whether Automatic Updates should automatically install certain updates that neither interrupt Windows services nor restart Windows.If the status is set to Enabled, Automatic Updates will immediately install these updates once they are downloaded and ready to install.If the status is set to ...

oval:org.secpod.oval:def:29267
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts CredSSP authentication from a remote client. If you enable this policy setting, the WinRM service will accept CredSSP authentication from a remote client. If you disable or do not con ...

oval:org.secpod.oval:def:29264
This policy setting allows you to determine whether members of the Administrators group can install and update the drivers for any device, regardless of other policy settings.If you enable this policy setting, members of the Administrators group can use the Add Hardware wizard or the Update Driver w ...

oval:org.secpod.oval:def:29265
Allow applications and services to prevent automatic sleep. If you enable this policy setting, any application, service or device driver may prevent Windows from automatically transitioning to sleep after a period of user inactivity.If you disable this policy setting, applications, services or ...

oval:org.secpod.oval:def:22698
Visible passwords may be seen by nearby persons, compromising them. The password reveal button can be used to display an entered password and must not be allowed.

oval:org.secpod.oval:def:22696
'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' for RDVDiscoveryVolumeType

oval:org.secpod.oval:def:22693
Enable: 'Choose how BitLocker-protected operating system drives can be recovered' for OSRecovery

oval:org.secpod.oval:def:22691
Teredo State

oval:org.secpod.oval:def:22686
'Configure use of passwords for removable data drives' for RDVPassphrase

oval:org.secpod.oval:def:22674
Enable: 'Boot-Start Driver Initialization Policy'

oval:org.secpod.oval:def:22671
Enable: 'Allow unencrypted traffic (Service)'

oval:org.secpod.oval:def:29336
This policy setting determines if the Background Intelligent Transfer Service (BITS) Peercaching feature is enabled on a specific computer. By default, the files in a BITS job are downloaded only from the origin server specified by the jobs owner. If BITS Peercaching is enabled, BITS will cache do ...

oval:org.secpod.oval:def:29337
This policy setting determines whether domain users can log on or elevate User Account Control (UAC) permissions using biometrics.By default, domain users cannot use biometrics to log on. If you enable this policy setting, domain users can log on to a Windows-based computer using biometrics. Depend ...

oval:org.secpod.oval:def:29334
This policy setting shows or hides the Run as different user command on the Start application bar.If you enable this setting, users can access the Run as different user command from Start for applications which support this functionality.If you disable this setting or do not configure it, users cann ...

oval:org.secpod.oval:def:29335
Prevents printing to Journal Note Writer.If you enable this policy, the Journal Note Writer printer driver will not allow printing to it. It will remain displayed in the list of available printers, but attempts to print to it will fail.If you disable this policy, you will be able to use this feature ...

oval:org.secpod.oval:def:29338
This policy setting lets you determine whether the integrated unblock feature will be available in the logon User Interface (UI).In order to use the integrated unblock feature your smart card must support this feature. Please check with your hardware manufacturer to see if your smart card supports ...

oval:org.secpod.oval:def:29339
This policy controls whether the print spooler will accept client connections.When the policy is unconfigured, the spooler will not accept client connections until a user shares out a local printer or opens the print queue on a printer connection, at which point spooler will begin accepting client c ...

oval:org.secpod.oval:def:29332
If you enable this policy, a See more results \/ Search Everywhere link will not be shown when the user performs a search in the start menu search box.If you disable or do not configure this policy, a See more results link will be shown when the user performs a search in the start menu search box. ...

oval:org.secpod.oval:def:29333
Removes the Documents icon from the Start menu and its submenus.This setting only removes the icon. It does not prevent the user from using other methods to gain access to the contents of the Documents folder.Note: To make changes to this setting effective, you must log off and then log on.Also, see ...

oval:org.secpod.oval:def:29330
This setting affects the taskbar, which is used to switch between running applications.The taskbar includes the Start button, list of currently running tasks, and the notification area. By default, the taskbar is located at the bottom of the screen, but it can be dragged to any side of the screen. W ...

oval:org.secpod.oval:def:29331
Removes the Search link from the Start menu, and disables some Windows Explorer search elements. Note that this does not remove the search box from the new style Start menu.This setting removes the Search item from the Start menu and from the context menu that appears when you right-click the Start ...

oval:org.secpod.oval:def:29325
Enables applications and services to prevent the system from sleeping.If you enable this policy setting, an application or service may prevent the system from sleeping (Hybrid Sleep, Stand By, or Hibernate).If you disable this policy setting or do not configure it, users can see and change this sett ...

oval:org.secpod.oval:def:29326
This policy setting allows you to turn on logging for Windows PowerShell modules. If you enable this policy setting, pipeline execution events for members of the specified modules are recorded in the Windows PowerShell log in Event Viewer. Enabling this policy setting for a module is equivale ...

oval:org.secpod.oval:def:29323
If you enable this setting, users will not be allowed to switch between recent apps. The App Switching option in the PC settings app will be disabled as well.If you disable or do not configure this policy setting, users will be allowed to switch between recent apps.

oval:org.secpod.oval:def:29324
This policy setting turns off Windows presentation settings.If you enable this policy setting, Windows presentation settings cannot be invoked.If you disable this policy setting, Windows presentation settings can be invoked. The presentation settings icon will be displayed in the notification area. ...

oval:org.secpod.oval:def:29329
This policy setting turns off Windows SideShow.If you enable this policy setting, the Windows SideShow Control Panel will be disabled and data from Windows SideShow-compatible gadgets (applications) will not be sent to connected devices. If you disable or do not configure this policy setting, Window ...

oval:org.secpod.oval:def:29327
This policy setting defines the list of trusting forests that the Key Distribution Center (KDC) searches when attempting to resolve two-part service principal names (SPNs).If you enable this policy setting, the KDC will search the forests in this list if it is unable to resolve a two-part SPN in the ...

oval:org.secpod.oval:def:29328
This policy setting denies read access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.If you enable this policy setting, read access will be denied to this removable storage class.If you disable or do not configure this policy setting, read a ...

oval:org.secpod.oval:def:29321
This policy setting controls whether or not the system displays information about previous logons and logon failures to the user.For local user accounts and domain user accounts in Microsoft Windows Server 2008 functional level domains, if you enable this setting, a message appears after the user lo ...

oval:org.secpod.oval:def:29322
This policy setting allows you to minimize the risk involved when a packaged app launches the default app for a file. Because desktop apps run at a higher integrity level than packaged apps, there is a risk that a packaged app could compromise the system by launching a file in a desktop app. If you ...

oval:org.secpod.oval:def:29320
This policy setting allows you to manage whether backups of a machine can run to an optical media or not.If you enable this policy setting, machine administrator\/backup operator cannot use Windows Server Backup to run backups to an optical media.If you disable or do not configure this policy settin ...

oval:org.secpod.oval:def:29309
This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Videos subfolders when redirecting the parent Start Menu and legacy My Documents folder respectively.If you enable this policy set ...

oval:org.secpod.oval:def:29314
This policy setting applies to applications using the Cred SSP component (for example: Terminal Server).If you enable this policy setting you can specify the servers to which the users default credentials can NOT be delegated (default credentials are those that you use when first logging on to Windo ...

oval:org.secpod.oval:def:29315
This policy setting determines whether the Program Compatibility Assistant (PCA) will diagnose DLL load failures in programs. If you enable this policy setting, the PCA detects programs trying load legacy Microsoft Windows DLLs that are removed in this version of Windows. When this failure is detect ...

oval:org.secpod.oval:def:29313
Determines whether the system saves a copy of a user?s roaming profile on the local computers hard drive when the user logs off.This setting, and related settings in this folder, together describe a strategy for managing user profiles residing on remote servers. In particular, they tell the system h ...

oval:org.secpod.oval:def:29318
This policy prevents users from changing their user geographical location (GeoID).If this policy is Enabled, then the user cannot change their geographical location (GeoID)If the policy is Disabled or Not Configured, then the user may select any GeoID.If this policy is Enabled at the Machine level, ...

oval:org.secpod.oval:def:29319
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client will not use Negotiate authentication.If you enable this policy setting, the WinRM client will not use Negotiate authentication.If you disable or do not configure this policy setting, the WinRM client will ...

oval:org.secpod.oval:def:29316
By default, when a Peer Group is created that allows for password-authentication (or the password for such a Group is changed), Peer Grouping validates that the password meets the password complexity requirements for the local system. Thus, it will not allow any passwords to be used for a Peer Grou ...

oval:org.secpod.oval:def:29317
If this setting is enabled, Windows Error Reporting will not send any problem information to Microsoft. Additionally, solution information will not be available in the Action Center control panel.

oval:org.secpod.oval:def:29310
This policy setting controls whether folders are redirected on a users primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or ...

oval:org.secpod.oval:def:29311
This policy setting determines which users or groups might access DCOM application remotely or locally. This setting is used to control the attack surface of the computer for DCOM applications. You can use this policy setting to specify access permissions to all the computers to particular users for ...

oval:org.secpod.oval:def:29303
Determines whether nonadministrators can rename all-user remote access connections.To create an all-user connection, on the Connection Availability page in the New Connection Wizard, click the For all users option.If you enable this setting, the Rename option is enabled for all-user remote access co ...

oval:org.secpod.oval:def:29304
Turns off Windows Network Isolations automatic proxy discovery in the domain corporate environment.If you enable this policy setting, it turns off Windows Network Isolations automatic proxy discovery in the domain corporate environment. Only proxies configured with Group Policy are authoritative. Th ...

oval:org.secpod.oval:def:29301
Determines whether users can enable\/disable LAN connections.If you enable this setting, the Enable and Disable options for LAN connections are available to users (including nonadministrators). Users can enable\/disable a LAN connection by double-clicking the icon representing the connection, by rig ...

oval:org.secpod.oval:def:29302
Determines whether users can connect and disconnect remote access connections.If you enable this setting (and enable the Enable Network Connections settings for Administrators setting), double-clicking the icon has no effect, and the Connect and Disconnect menu items are disabled for all users (incl ...

oval:org.secpod.oval:def:29307
This policy setting controls whether the PC will boot to Windows To Go if a USB device containing a Windows To Go workspace is connected, and controls whether users can make changes using the Windows To Go Startup Options Control Panel item.If you enable this setting, booting to Windows To Go when a ...

oval:org.secpod.oval:def:29308
TXF deprecated features included savepoints, secondary RM, miniversion and roll forward. Please enable it if you want to use the APIs.

oval:org.secpod.oval:def:29305
This policy directs Group Policy processing to skip processing any client side extension that requires synchronous processing (that is, whether computers wait for the network to be fully initialized during computer startup and user logon) when a slow network connection is detected. If you enable t ...

oval:org.secpod.oval:def:29306
Specifies whether the PC can use the hibernation sleep state (S4) when started from a Windows To Go workspace.If you enable this setting, Windows, when started from a Windows To Go workspace, can hibernate the PC.If you disable or dont configure this setting, Windows, when started from a Windows To ...

oval:org.secpod.oval:def:29300
Determines whether Administrators and Network Configuration Operators can change the properties of components used by a LAN connection.This setting determines whether the Properties button for components of a LAN connection is enabled.If you enable this setting (and enable the Enable Network Connect ...

oval:org.secpod.oval:def:29378
This policy prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that shipped with the operating system.Note that this does not affect the selection of replacement locales. To prevent the selection of replacement locales, adju ...

oval:org.secpod.oval:def:29379
The Shutdown Event Tracker can be displayed when you shut down a workstation or server. This is an extra set of questions that is displayed when you invoke a shutdown to collect information related to why you are shutting down the computer.If you enable this setting and choose Always from the drop- ...

oval:org.secpod.oval:def:29372
Determines whether nonadministrators can rename a LAN connection.If you enable this setting, the Rename option is enabled for LAN connections. Nonadministrators can rename LAN connections by clicking an icon representing the connection or by using the File menu.If you disable this setting, the Renam ...

oval:org.secpod.oval:def:29373
Turns off Windows Network Isolations automatic discovery of private network hosts in the domain corporate environment.If you enable this policy setting, it turns off Windows Network Isolations automatic discovery of private network hosts in the domain corporate environment. Only network hosts withi ...

oval:org.secpod.oval:def:29370
This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the Retain old events policy setting is enabled.If you enable this policy setting and the Retain old events policy setting is enabled, the Event Log file is automatically closed and re ...

oval:org.secpod.oval:def:29371
Determines whether the Remote Acccess Preferences item on the Advanced menu in Network Connections folder is enabled.The Remote Access Preferences item lets users create and change connections before logon and configure automatic dialing and callback features.If you enable this setting (and enable t ...

oval:org.secpod.oval:def:29376
This policy setting denies write access to custom removable storage classes.If you enable this policy setting, write access will be denied to these removable storage classes.If you disable or do not configure this policy setting, write access will be allowed to these removable storage classes.

oval:org.secpod.oval:def:29377
This policy setting applies to applications using the Cred SSP component (for example: Terminal Server).If you enable this policy setting you can specify the servers to which the users fresh credentials can NOT be delegated (fresh credentials are those that you are prompted for when executing the ap ...

oval:org.secpod.oval:def:29374
This policy setting allows you to specify a list of known folders that should be disabled. Disabling a known folder will prevent the underlying file or directory from being created via the known folder API. If the folder exists before the policy is applied, the folder must be manually deleted sinc ...

oval:org.secpod.oval:def:29375
This policy setting allows you to control whether all redirected shell folders, such as Contacts, Documents, Desktop, Favorites, Music, Pictures, Videos, Start Menu, and AppData\Roaming, are available offline by default.If you enable this policy setting, users must manually select the files they wis ...

oval:org.secpod.oval:def:29369
When printing through a print server, determines whether the print spooler on the client will process print jobs itself, or pass them on to the server to do the work.This policy setting only effects printing to a Windows print server.If you enable this policy setting on a client machine, the client ...

oval:org.secpod.oval:def:29367
This policy setting lets you allow signature key-based certificates to be enumerated and available for logon.If you enable this policy setting then any certificates available on the smart card with a signature only key will be listed on the logon screen.If you disable or do not configure this policy ...

oval:org.secpod.oval:def:29368
This policy setting permits those certificates to be displayed for logon that are either expired or not yet valid.Under previous versions of Microsoft Windows, certificates were required to contain a valid time and not be expired. The certificate must still be accepted by the domain controller in o ...

oval:org.secpod.oval:def:29361
This setting determines the behavior of the Windows Error Reporting queue. If Queuing behavior is set to Default, Windows will decide each time a problem occurs whether the report should be queued or the user should be prompted to send it immediately. If Queuing behavior is set to Always queue, a ...

oval:org.secpod.oval:def:29362
Prevents the Tablet PC Input Panel from providing text prediction suggestions. This policy applies for both the on-screen keyboard and the handwriting tab.Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or k ...

oval:org.secpod.oval:def:29360
This policy controls the Windows Management Instrumentation (WMI) providers Win32_ReliabilityStabilityMetrics and Win32_ReliabilityRecords. If this setting is disabled, the Reliability Monitor will not display system reliability information nor will WMI capable applications have access to reliabi ...

oval:org.secpod.oval:def:29365
This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to log on to a domain.If you enable this policy setting, ECC certificates on a smart card can be used to log on to a domain.If you disable or do not configure this policy sett ...

oval:org.secpod.oval:def:29366
This policy setting allows user logon scripts to run when the logon cross-forest, DNS suffixes are not configured and NetBIOS or WINS is disabled. This policy setting affects all user accounts interactively logging on to the computer.If you enable this policy setting, user logon scripts will run if ...

oval:org.secpod.oval:def:29363
This policy setting allows you to specify whether users can record audio to the remote computer in a Remote Desktop Services session.Users can specify whether to record audio to the remote computer by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC) ...

oval:org.secpod.oval:def:29364
This policy setting applies to applications using the Cred SSP component (for example: Terminal Server).This policy applies when server authentication was achieved via NTLM.If you enable this policy setting you can specify the servers to which the users default credentials can be delegated (default ...

oval:org.secpod.oval:def:29358
This policy setting allows you to create a list of IEEE 1667 silos, compliant with the Institute of Electrical and Electronics Engineers, Inc. (IEEE) 1667 specification, that are usable on your computer.If you enable this policy setting, only IEEE 1667 silos that match a silo type identifier specifi ...

oval:org.secpod.oval:def:29359
This policy setting allows you to configure the recovery behavior for corrupted MSI files to one of three states:Prompt for Resolution: Detection, troubleshooting, and recovery of corrupted MSI applications will be enabled. Windows will prompt the user with a dialog box when application reinstallati ...

oval:org.secpod.oval:def:29356
This is a machine-specific setting which applies to any user who logs onto the specified machine while this policy is in effect.This policy is in effect when a network folder is determined, as specified by the ?Configure slow-link mode? policy, to be in ?slow-link? mode.For network folders in slow-l ...

oval:org.secpod.oval:def:29357
This policy setting allows you to enter a keep-alive interval to ensure that the session state on the RD Session Host server is consistent with the client state.After an RD Session Host server client loses the connection to an RD Session Host server, the session on the RD Session Host server might r ...

oval:org.secpod.oval:def:29350
This policy setting prevents users from making network files and folders available offline.If you enable this policy setting, users cannot designate files to be saved on their computer for offline use. However, Windows will still cache local copies of files that reside on network shares designated f ...

oval:org.secpod.oval:def:29351
Hides or displays reminder balloons, and prevents users from changing the setting.Reminder balloons appear above the Offline Files icon in the notification area to notify users when they have lost the connection to a networked file and are working on a local copy of the file. Users can then decide h ...

oval:org.secpod.oval:def:29354
This policy setting denies write access to the CD and DVD removable storage class.If you enable this policy setting, write access will be denied to this removable storage class.If you disable or do not configure this policy setting, write access will be allowed to this removable storage class.

oval:org.secpod.oval:def:29355
This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the discovery and configuration of devices over Ethernet (UPnP), over In-band 802.11 Wi-Fi, through the Windows Portable Device API (WPD), and via USB Flash drives.Additional ...

oval:org.secpod.oval:def:29352
Determines whether offline files are fully synchronized when users log off.This setting also disables the Synchronize all offline files before logging off option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.If you enable this setting, off ...

oval:org.secpod.oval:def:29353
This policy setting denies read access to the CD and DVD removable storage class.If you enable this policy setting, read access will be denied to this removable storage class.If you disable or do not configure this policy setting, read access will be allowed to this removable storage class.

oval:org.secpod.oval:def:29347
Determines the execution level for Diagnostic Policy Service (DPS) scenarios.If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the DPS will detect problems and attempt to determine their root cause ...

oval:org.secpod.oval:def:29348
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client will not use Kerberos authentication directly.If you enable this policy setting, the Windows Remote Management (WinRM) client will not use Kerberos authentication directly. Kerberos may still be used if the ...

oval:org.secpod.oval:def:29345
Specifies the hours that Windows will use to determine how long to wait before checking for available updates. The exact wait time is determined by using the hours specified here minus zero to twenty percent of the hours specified. For example, if this policy is used to specify a 20 hour detection f ...

oval:org.secpod.oval:def:29346
Determines whether the RPC protocol messagese used by VSS for SMB2 File Shares feature is enabled.VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares.By default, the RPC ...

oval:org.secpod.oval:def:29349
Prevents users from enabling, disabling, or changing the configuration of Offline Files.This setting removes the Offline Files tab from the Folder Options dialog box. It also removes the Settings item from the Offline Files context menu and disables the Settings button on the Offline Files Status di ...

oval:org.secpod.oval:def:29340
This policy setting determines whether users can log on or elevate User Account Control (UAC) permissions using biometrics. By default, local users will be able to log on to the local computer, but the Allow domain users to log on using biometrics policy setting will need to be enabled for domain u ...

oval:org.secpod.oval:def:29343
Determines whether users can delete remote access connections.If you enable this setting (and enable the Enable Network Connections settings for Administrators setting), users (including administrators) cannot delete any remote access connections. This setting also disables the Delete option on the ...

oval:org.secpod.oval:def:29344
Determines whether users can use the New Connection Wizard, which creates new network connections.If you enable this setting (and enable the Enable Network Connections settings for Administrators setting), the Make New Connection icon does not appear in the Start Menu on in the Network Connections f ...

oval:org.secpod.oval:def:29341
This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the Retain old events policy setting is enabled.If you enable this policy setting and the Retain old events policy setting is enabled, the Event Log file is automatically closed and re ...

oval:org.secpod.oval:def:29342
This policy setting determines whether Windows Error Reporting (WER) checks if the computer is running on battery power. By default, when a computer is running on battery power, WER only checks for solutions, but does not upload additional report data until the computer is connected to a more perman ...

oval:org.secpod.oval:def:28885
Determines whether users can rename LAN or all user remote access connections.If you enable this setting, the Rename option is enabled for all users. Users can rename connections by clicking the icon representing a connection or by using the File menu.If you disable this setting (and enable the Enab ...

oval:org.secpod.oval:def:28886
Determines whether users can view the status for an active connection.Connection status is available from the connection status taskbar icon or from the Status dialog box. The Status dialog box displays information about the connection and its activity. It also provides buttons to disconnect and to ...

oval:org.secpod.oval:def:28883
Determines whether users can view and change the properties of components used by a private or all-user remote access connection.This setting determines whether the Properties button for components used by a private or all-user remote access connection is enabled.If you enable this setting (and enab ...

oval:org.secpod.oval:def:28884
Determines whether users can view and change the properties of their private remote access connections.Private connections are those that are available only to one user. To create a private connection, on the Connection Availability page in the New Connection Wizard, click the Only for myself option ...

oval:org.secpod.oval:def:28889
This policy setting allows you to minimize the risk involved when an app launches the default program for a file. Because desktop programs run at a higher integrity level than apps, there is a risk that an app could compromise the system by launching a file in a desktop program. If you enable th ...

oval:org.secpod.oval:def:28887
Ignores Windows Logon Background.This policy setting may be used to make Windows give preference to a custom logon background. If you enable this policy setting, the logon screen will always attempt to load a custom background instead of the Windows-branded logon background. If you disable or do not ...

oval:org.secpod.oval:def:28888
Specifies that responses from link local name resolution protocols received over a network interface that is higher in the binding order are preferred over DNS responses from network interfaces lower in the binding order. Examples of link local name resolution protocols include link local multicast ...

oval:org.secpod.oval:def:28881
Determines whether users can change the properties of a LAN connection.This setting determines whether the Properties menu item is enabled, and thus, whether the Local Area Connection Properties dialog box is available to users.If you enable this setting (and enable the Enable Network Connections se ...

oval:org.secpod.oval:def:28882
Determines whether a user can view and change the properties of remote access connections that are available to all users of the computer.To create an all-user remote access connection, on the Connection Availability page in the New Connection Wizard, click the For all users option.This setting dete ...

oval:org.secpod.oval:def:28880
This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured connection is unable to retrieve an IP address from a DHCP server. This is often signified by the assignment of an automatic private IP address(i.e. an IP address in the range 169.254.*.*). Th ...

oval:org.secpod.oval:def:28869
This policy setting lets you determine whether an optional field will be displayed during logon and elevation that allows a user to enter his or her user name or user name and domain, thereby associating a certificate with that user.If you enable this policy setting then an optional field that allow ...

oval:org.secpod.oval:def:28874
This policy setting determines whether Windows Error Reporting (WER) sends additional, second-level report data even if a CAB file containing data about the same event types has already been uploaded to the server.If you enable this policy setting, WER does not throttle data; that is, WER uploads ad ...

oval:org.secpod.oval:def:28875
This policy setting allows you to set the default value of the SourcePath parameter on the Update-Help cmdlet.If you enable this policy setting, the Update-Help cmdlet will use the specified value as the default value for the SourcePath parameter. This default value can be overridden by specifying a ...

oval:org.secpod.oval:def:28872
This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the Retain old events policy setting is enabled.If you enable this policy setting and the Retain old events policy setting is enabled, the Event Log file is automatically closed and re ...

oval:org.secpod.oval:def:28873
This policy setting allows you to turn off Windows Libraries features that need indexed file metadata to function properly. If you enable this policy, some Windows Libraries features will be turned off to better handle included folders that have been redirected to non-indexed network locations.Sett ...

oval:org.secpod.oval:def:28878
Determines whether users can configure advanced TCP\/IP settings.If you enable this setting (and enable the Enable Network Connections settings for Administrators setting), the Advanced button on the Internet Protocol (TCP\/IP) Properties dialog box is disabled for all users (including administrator ...

oval:org.secpod.oval:def:28879
Determines whether users can delete all user remote access connections.To create an all-user remote access connection, on the Connection Availability page in the New Connection Wizard, click the For all users option.If you enable this setting, all users can delete shared remote access connections. I ...

oval:org.secpod.oval:def:28876
This entry appears as MSS: (AutoReboot) Allow Windows to automatically restart after a system crash (recommended except for highly secure environments) in the SCE.This entry, when enabled, permits a server to automatically reboot after a fatal crash. It is enabled by default, which is undesirable on ...

oval:org.secpod.oval:def:28877
Determines whether administrators can add and remove network components for a LAN or remote access connection. This setting has no effect on nonadministrators.If you enable this setting (and enable the Enable Network Connections settings for Administrators setting), the Install and Uninstall buttons ...

oval:org.secpod.oval:def:28870
This policy setting allows you to configure graphics encoding to use the RemoteFX Codec on the Remote Desktop Session Host server so that the sessions are compatible with non-Windows thin client devices designed for Windows Server 2008 R2 SP1. These clients only support the Windows Server 2008 R2 SP ...

oval:org.secpod.oval:def:28871
This policy setting allows you to configure the Family Safety feature.If you enable this policy setting, the Family Safety control panel is visible on a domain joined computer.If you disable or do not configure this policy setting, the Family Safety control panel is not visible on a domain joined co ...

oval:org.secpod.oval:def:28858
Allows user-based policy processing, roaming user profiles, and user object logon scripts for interactive logons across forests.This setting affects all user accounts that interactively log on to a computer in a different forest when a trust across forests or a two-way forest trust exists.When this ...

oval:org.secpod.oval:def:28859
This policy setting applies to applications using the Cred SSP component (for example: Terminal Server).This policy applies when server authentication was achieved via a trusted X509 certificate or Kerberos.If you enable this policy setting you can specify the servers to which the users default cred ...

oval:org.secpod.oval:def:28863
Allows you to specify that local computer administrators can supplement the Define Activation Security Check exemptions list.If you enable this policy setting, and DCOM does not find an explicit entry for a DCOM server application id (appid) in the Define Activation Security Check exemptions policy ...

oval:org.secpod.oval:def:28864
This policy setting allows you to control whether non-administrative users will receive update notifications based on the Configure Automatic Updates policy setting. If you enable this policy setting, Windows Automatic Update and Microsoft Update will include non-administrators when determining ...

oval:org.secpod.oval:def:28861
This policy setting applies to applications using the Cred SSP component (for example: Terminal Server).This policy applies when server authentication was achieved via NTLM.If you enable this policy setting you can specify the servers to which the users saved credentials can be delegated (saved cred ...

oval:org.secpod.oval:def:28862
This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for device drivers that Windows is allowed to install. Use this policy setting only when the Prevent installation of devices not described by other policy settings policy setting is enabled. Ot ...

oval:org.secpod.oval:def:28867
Determines whether the domain controller can prune (delete from Active Directory) the printers published by this computer.By default, the pruning service on the domain controller prunes printer objects from Active Directory if the computer that published them does not respond to contact requests. Wh ...

oval:org.secpod.oval:def:28868
Requirements: At least Windows 7 Description: This policy setting controls whether users can access the options in Recovery (in Control Panel) to restore the computer to the original state or from a user-created system image. If you enable or do not configure this policy setting, the items Use ...

oval:org.secpod.oval:def:28865
Determines whether the Offline Files feature is enabled.This setting also disables the Enable Offline Files option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.Offline Files saves a copy of network files on the users computer for use when ...

oval:org.secpod.oval:def:28866
Determines whether the computers shared printers can be published in Active Directory.If you enable this setting or do not configure it, users can use the List in directory option in the Printers Properties Sharing tab to publish shared printers in Active Directory.If you disable this setting, this ...

oval:org.secpod.oval:def:28860
This policy setting applies to applications using the Cred SSP component (for example: Terminal Server).This policy applies when server authentication was achieved via NTLM.If you enable this policy setting you can specify the servers to which the users fresh credentials can be delegated (fresh cred ...

oval:org.secpod.oval:def:28849
Turns off both the more tolerant scratch-out gestures that were added in Windows Vista and the Z-shaped scratch-out gesture that was available in Microsoft Windows XP Tablet PC Edition. The tolerant gestures let users scratch out ink in Input Panel by using strikethrough and other scratch-out ...

oval:org.secpod.oval:def:28847
Removes the Log Off <username> item from the Start menu and prevents users from restoring it.If you enable this setting, the Log Off <username> item does not appear in the Start menu. This setting also removes the Display Logoff item from Start Menu Options. As a result, users cannot res ...

oval:org.secpod.oval:def:28848
Adjusts password security settings in Tablet PC Input Panel. These settings include using the on-screen keyboard by default, preventing users from switching to another Input Panel skin (the writing pad or character pad), and not showing what keys are tapped when entering a password.Tablet PC Input P ...

oval:org.secpod.oval:def:28852
This setting adds the Administrator security group to the roaming user profile share.Once an administrator has configured a users roaming profile, the profile will be created at the users next login. The profile is created at the location that is specified by the administrator.For the Windows 2000 P ...

oval:org.secpod.oval:def:28853
This policy setting grants normal users direct access to removable storage devices in remote sessions.If you enable this policy setting, remote users will be able to open direct handles to removable storage devices in remote sessions.If you disable or do not configure this policy setting, remote use ...

oval:org.secpod.oval:def:28850
Prevents start of Windows Journal.If you enable this policy, the Windows Journal accessory will not run.If you disable this policy, the Windows Journal accessory will run.If you do not configure this policy, the Windows Journal accessory will run.

oval:org.secpod.oval:def:28851
This policy sets the maximum number of printers (of each type) that the Add Printer wizard will display on a computer on a managed network (when the computer is able to reach a domain controller, e.g. a domain-joined laptop on a corporate network.)In order to view available Web Services printers on ...

oval:org.secpod.oval:def:28856
Allow Automatic Sleep with Open Network Files. If you enable this policy setting, the computer will automatically sleep when network files are open. If you disable this policy setting, the computer will not automatically sleep when network files are open.

oval:org.secpod.oval:def:28857
This policy setting lets you allow certificates without an Extended Key Usage (EKU) set to be used for logon.In versions of Windows prior to Windows Vista, smart card certificates that are used for logon require an enhanced key usage (EKU) extension with a smart card logon object identifier. This po ...

oval:org.secpod.oval:def:28854
This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client, such as the issuers in the clients Third-Party Root ...

oval:org.secpod.oval:def:28855
Allow applications and services to prevent automatic sleep. If you enable this policy setting, any application, service or device driver may prevent Windows from automatically transitioning to sleep after a period of user inactivity.If you disable this policy setting, applications, services or ...

oval:org.secpod.oval:def:28896
Turns off Real-Time Protection prompts for known malware detection.Windows Defender alerts you when spyware or potentially unwanted software attempts to install itself or to run on your computer.If you enable this policy setting, Windows Defender will not prompt users to take actions on malware dete ...

oval:org.secpod.oval:def:28897
Turn off Tablet PC touch inputTurns off touch input, which allows the user to interact with their computer using their finger.If you enable this setting, the user will not be able to produce input with touch. They will not be able to use touch input or touch gestures such as tap and double tap, the ...

oval:org.secpod.oval:def:28894
This policy setting prevents Local Group Policy objects (Local GPOs) from being applied.By default, the policy settings in Local GPOs are applied before any domain-based GPO policy settings. These policy settings can apply to both users and the local computer. You can disable the processing and appl ...

oval:org.secpod.oval:def:28895
This policy setting enables or disables PNRP cloud creation.PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol version 6 (IPv6) address. Other hosts can then resolve the name, retrieve the corresponding address, and est ...

oval:org.secpod.oval:def:28898
This setting lets you disable the creation of system images. If this setting is enabled, users cannot create system images. If this setting is disabled or not configured, users can create system images.

oval:org.secpod.oval:def:28899
Turns off Windows Defender Real-Time Protection, and no more scans are scheduled.If you enable this policy setting, Windows Defender does not run, and computers will not be scanned for spyware or other potentially unwanted software.If you disable or do not configure this policy setting, by default W ...

oval:org.secpod.oval:def:28892
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28893
Disables Hybrid Sleep.If you enable this policy setting, a hiberfile is not generated when the system transitions to sleep (Stand By).If you do not configure this policy setting, users can see and change this setting.

oval:org.secpod.oval:def:28890
This policy setting controls the Start background visuals.If you enable this policy setting, the Start background will use a solid color.If you disable or do not configure this policy setting, the Start background will use the default visuals.Note: If this policy setting is enabled, users can contin ...

oval:org.secpod.oval:def:28891
Turns off the integration of application auto complete lists with Tablet PC Input Panel in applications where this behavior is available.Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts. ...

oval:org.secpod.oval:def:28915
Specifies a list of device setup class GUIDs describing device drivers that non-administrator members of the built-in Users group may install on the system.If you enable this setting, members of the Users group may install new drivers for the specified device setup classes. The drivers must be signe ...

oval:org.secpod.oval:def:28916
This policy setting allows you to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location. If you enable this policy setting, Automatic Updates accepts updates received through an intranet Micr ...

oval:org.secpod.oval:def:28913
Allow Automatic Sleep with Open Network Files. If you enable this policy setting, the computer will automatically sleep when network files are open. If you disable this policy setting, the computer will not automatically sleep when network files are open.

oval:org.secpod.oval:def:28914
This policy setting applies to applications using the Cred SSP component (for example: Terminal Server).This policy applies when server authentication was achieved via a trusted X509 certificate or Kerberos.If you enable this policy setting you can specify the servers to which the users fresh creden ...

oval:org.secpod.oval:def:28919
This policy setting determines whether a CD-ROM is accessible to both local and remote users simultaneously. If you enable this policy setting, only the interactively logged-on user is allowed to access removable CD-ROM media. When this policy setting is enabled and no one is logged on interactively ...

oval:org.secpod.oval:def:28917
This policy setting determines whether the client computer redirects its time zone settings to the Remote Desktop Services session.If you enable this policy setting, clients that are capable of time zone redirection send their time zone information to the server. The server base time is then used to ...

oval:org.secpod.oval:def:28918
This policy setting determines whether the desktop is always displayed after a client connects to a remote computer or an initial program can run. It can be used to require that the desktop be displayed after a client connects to a remote computer, even if an initial program is already specified in ...

oval:org.secpod.oval:def:28922
This policy setting disables the Connect to a Network Projector wizard so that users cannot connect to a network projector. If you enable this policy setting, users cannot use the Connect to a Network Projector Wizard to connect to a projector. If you disable or do not configure this policy setting, ...

oval:org.secpod.oval:def:28923
Specifies whether to allow Remote Desktop Connection clients to automatically reconnect to sessions on an RD Session Host server if their network link is temporarily lost. By default, a maximum of twenty reconnection attempts are made at five second intervals.If the status is set to Enabled, automa ...

oval:org.secpod.oval:def:28920
Determines whether settings that existed in Windows 2000 Server family will apply to Administrators.The set of Network Connections group settings that existed in Windows 2000 Professional also exists in Windows XP Professional. In Windows 2000 Professional, all of these settings had the ability to p ...

oval:org.secpod.oval:def:28921
Determines whether users can rename their private remote access connections.Private connections are those that are available only to one user. To create a private connection, on the Connection Availability page in the New Connection Wizard, click the Only for myself option.If you enable this setting ...

oval:org.secpod.oval:def:28904
This policy setting specifies whether users can share files within their profile. By default users are allowed to share files within their profile to other users on their network after an administrator opts in the computer. An administrator can opt in the computer by using the sharing wizard to sha ...

oval:org.secpod.oval:def:28905
This policy setting allows you to turn off desktop gadgets. Gadgets are small applets that display information or utilities on the desktop.If you enable this setting, desktop gadgets will be turned off.If you disable or do not configure this setting, desktop gadgets will be turned on.The default is ...

oval:org.secpod.oval:def:28902
Allows users to use the Add Printer Wizard to search the network for shared printers.If you enable this setting or do not configure it, when users choose to add a network printer by selecting the A network printer, or a printer attached to another computer radio button on Add Printer Wizards page 2, ...

oval:org.secpod.oval:def:28903
Determines if print driver components are isolated from applications instead of normally loading them into applications. Isolating print drivers greatly reduces the risk of a print driver failure causing an application crash.Not all applications support driver isolation. By default, Microsoft Excel ...

oval:org.secpod.oval:def:28908
Removes the Recent Items menu from the Start menu. Removes the Documents menu from the classic Start menu.The Recent Items menu contains links to the non-program files that users have most recently opened. It appears so that users can easily reopen their documents.If you enable this setting, the sy ...

oval:org.secpod.oval:def:28909
If you enable this policy the start menu search box will not search for internet history or favorites.If you disable or do not configure this policy, the start menu will search for for internet history or favorites, unless the user chooses not to in the start menu control panel.

oval:org.secpod.oval:def:28906
If you enable this setting, the system deletes tile notifications when the user logs off. As a result, the Tiles in the start view will always show their default content when the user logs on. In addition, any cached versions of these notifications will be cleared when the user logs off.If you disab ...

oval:org.secpod.oval:def:28907
Hides pop-up text on the Start menu and in the notification area.When you hold the cursor over an item on the Start menu or in the notification area, the system displays pop-up text providing additional information about the object.If you enable this setting, some of this pop-up text is not displaye ...

oval:org.secpod.oval:def:28911
Remove the user name label from the Start Menu in Windows XP and Windows Server 2003.To remove the user name folder on Windows Vista, set the Remove user folder link from Start Menu policy.

oval:org.secpod.oval:def:28912
Includes rarely used Chinese, Kanji, and Hanja characters when handwriting is converted to typed text. This policy applies only to the use of the Microsoft recognizers for Chinese (Simplified), Chinese (Traditional), Japanese, and Korean. This setting appears in Input Panel Options only when these i ...

oval:org.secpod.oval:def:28910
This setting affects the presentation of the Start menu.The classic Start menu in Windows 2000 Professional allows users to begin common tasks, while the new Start menu consolidates common items onto one menu. When the classic Start menu is used, the following icons are placed on the desktop: Docume ...

oval:org.secpod.oval:def:28900
This policy setting enables or disables an HTTPS listener created for backward compatibility purposes in the Windows Remote Management (WinRM) service. When certain port 443 listeners are migrated to WinRM 2.0, the listener port number changes to 5986. A listene ...

oval:org.secpod.oval:def:28901
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28959
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28957
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28958
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28962
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28963
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28960
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28961
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28966
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28967
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28964
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28965
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28948
Removes the Settings tab from Display in Control Panel.This setting prevents users from using Control Panel to add, configure, or change the display settings on the computer.

oval:org.secpod.oval:def:28949
This setting disables the theme gallery in the Personalization Control Panel.If you enable this setting, users cannot change or save a theme. Elements of a theme such as the desktop background, window color, sounds, and screen saver can still be changed (unless policies are set to turn them off).If ...

oval:org.secpod.oval:def:28946
Disables the Chat feature of NetMeeting.

oval:org.secpod.oval:def:28947
Disables the Display Control Panel.If you enable this setting, the Display Control Panel does not run. When users try to start Display, a message appears explaining that a setting prevents the action.Also, see the Prohibit access to the Control Panel (User Configuration\Administrative Templates\Cont ...

oval:org.secpod.oval:def:28951
Prevents users from changing the look of their start menu background, such as its color or accent.By default, users can change the look of their start menu background, such as its color or accent.If you enable this setting, the user will not be able to change the look of their start menu background, ...

oval:org.secpod.oval:def:28952
Prevents users from changing the desktop icons.By default, users can use the Desktop Icon Settings dialog in the Personalization or Display Control Panel to show, hide, or change the desktop icons.If you enable this setting, none of the desktop icons can be changed by the user.For systems prior to W ...

oval:org.secpod.oval:def:28950
Prevents users or applications from changing the visual style of the windows and buttons displayed on their screens.When enabled on Windows XP, this setting disables the Windows and buttons drop-down list on the Appearance tab in Display Properties.When enabled on Windows XP and later systems, this ...

oval:org.secpod.oval:def:28955
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28956
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28953
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28954
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28937
This setting removes the Set Program Access and Defaults page from the Programs Control Panel. As a result, users cannot view or change the associated page.The Set Program Access and Computer Defaults page allows administrators to specify default programs for certain activities, such as Web browsin ...

oval:org.secpod.oval:def:28938
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28935
This policy setting allows you to control displaying or tracking items in Jump Lists from remote locations.The Start Menu and Taskbar display Jump Lists off of programs. These menus include files, folders, websites and other relevant items for that program. This helps users more easily reopen their ...

oval:org.secpod.oval:def:28936
Prevents users from viewing and changing the properties of an existing task.This setting removes the Properties item from the File menu in Scheduled Tasks and from the context menu that appears when you right-click a task. As a result, users cannot change any properties of a task. They can only see ...

oval:org.secpod.oval:def:28939
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28940
This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28941
Specifies whether to disable the administrator rights to customize security permissions in the Remote Desktop Session Host Configuration tool.You can use this setting to prevent administrators from making changes to the user groups on the Permissions tab in the Remote Desktop Session Host Configurat ...

oval:org.secpod.oval:def:28944
Determines if dynamic update is enabled.Computers configured for dynamic update automatically register and update their DNS resource records with a DNS server.If you enable this setting, the computers to which this setting is applied may use dynamic DNS registration on each of their network connecti ...

oval:org.secpod.oval:def:28945
Prevents users from sharing the whole desktop. They will still be able to share individual applications.

oval:org.secpod.oval:def:28942
This policy setting configures whether or not non-Enhanced Storage removable devices are allowed on your computer.If you enable this policy setting, non-Enhanced Storage removable devices are not allowed on your computer.If you disable or do not configure this policy setting, non-Enhanced Storage re ...

oval:org.secpod.oval:def:28943
This policy setting allows you to specify whether the client default printer is automatically set as the default printer in a session on an RD Session Host server.By default, Remote Desktop Services automatically designates the client default printer as the default printer in a session on an RD Sess ...

oval:org.secpod.oval:def:28926
This policy setting allows you to turn off File History.If you enable this policy setting, File History cannot be activated to create regular, automatic backups.If you disable or do not configure this policy setting, File History can be activated to create regular, automatic backups.

oval:org.secpod.oval:def:28927
This policy setting controls whether the contents of redirected folders is copied from the old location to the new location or simply renamed in the Offline Files cache when a folder is redirected to a new location.If you enable this policy setting, when the path to a redirected folder is changed fr ...

oval:org.secpod.oval:def:28924
Disables suggesting recent queries for the Search Box and prevents entries into the Search Box from being stored in the registry for future references.File Explorer shows suggestion pop-ups as users type into the Search Box. These suggestions are based on their past entries into the Search Box.Note ...

oval:org.secpod.oval:def:28925
This policy setting determines whether remote paths can be used for file shortcut (.lnk file) icons.If you enable this policy setting, file shortcut icons are allowed to be obtained from remote paths.If you disable or do not configure this policy setting, file shortcut icons that use remote paths ar ...

oval:org.secpod.oval:def:28928
This policy setting controls whether folders are redirected on a users primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or ...

oval:org.secpod.oval:def:28929
This setting is designed to ensure that shell extensions can operate on a per-user basis. If you enable this setting, Windows is directed to only run those shell extensions that have either been approved by an administrator or that will not impact other users of the machine.A shell extension only ru ...

oval:org.secpod.oval:def:28930
This policy setting denies read access to custom removable storage classes.If you enable this policy setting, read access will be denied to these removable storage classes.If you disable or do not configure this policy setting, read access will be allowed to these removable storage classes.

oval:org.secpod.oval:def:28933
Defines whether a domain controller (DC) should attempt to verify with the PDC the password provided by a client if the DC failed to validate the password.Contacting the PDC is useful in case the client?s password was recently changed and did not propagate to the DC yet. Users may want to disable th ...

oval:org.secpod.oval:def:28934
This policy setting allows you to remove the Action Center from the system control area.If you enable this policy setting, the Action Center icon is not displayed in the system notification area.If you disable or do not configure this policy setting, the Action Center icon is displayed in the system ...

oval:org.secpod.oval:def:28931
Determines the execution level for Windows System Responsiveness Diagnostics.If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows System Responsi ...

oval:org.secpod.oval:def:28932
Determines the execution level for Windows Boot Performance Diagnostics.If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Boot Performance pro ...

oval:org.secpod.oval:def:29390
Makes pen flicks learning mode unavailable.If you enable this policy, pen flicks are still available but learning mode is not. Pen flicks are off by default and can be turned on system-wide, but cannot be restricted to learning mode applications. This means that the pen flicks training triggers in I ...

oval:org.secpod.oval:def:29391
Makes pen flicks and all related features unavailable.If you enable this policy, pen flicks and all related features are unavailable. This includes: pen flicks themselves, pen flicks training, pen flicks training triggers in Internet Explorer, the pen flicks notification and the pen flicks tray icon ...

oval:org.secpod.oval:def:29394
This policy setting allows you to turn off feature advertisement balloon notifications.If you enable this policy setting, certain notification balloons that are marked as feature advertisements are not shown.If you disable do not configure this policy setting, feature advertisement balloons are show ...

oval:org.secpod.oval:def:29395
This policy setting allows you to control pinning programs to the Taskbar.If you enable this policy setting, users cannot change the programs currently pinned to the Taskbar. If any programs are already pinned to the Taskbar, these programs continue to show in the Taskbar. However, users cannot unpi ...

oval:org.secpod.oval:def:29392
This policy setting allows you to remove the networking icon from the system control area.If you enable this policy setting, the networking icon is not displayed in the system notification area.If you disable or do not configure this policy setting, the networking icon is displayed in the system not ...

oval:org.secpod.oval:def:29393
This policy setting allows you to remove the volume control icon from the system control area.If you enable this policy setting, the volume control icon is not displayed in the system notification area.If you disable or do not configure this policy setting, the volume control icon is displayed in th ...

oval:org.secpod.oval:def:29398
This policy setting allows you to prevent users from rearranging toolbars.If you enable this policy setting, users are not able to drag or drop toolbars to the taskbar.If you disable or do not configure this policy setting, users are able to rearrange the toolbars on the taskbar.

oval:org.secpod.oval:def:29399
This policy setting allows you to prevent taskbars from being displayed on more than one monitor.If you enable this policy setting, users are not able to show taskbars on more than one display. The multiple display section is not enabled in the taskbar properties dialog.If you disable or do not conf ...

oval:org.secpod.oval:def:29396
This policy setting allows you to turn off automatic promotion of notification icons to the taskbar.If you enable this policy setting, newly added notification icons are not temporarily promoted to the Taskbar. Users can still configure icons to be shown or hidden in the Notification Control Panel.I ...

oval:org.secpod.oval:def:29397
This policy setting allows you to prevent users from adding or removing toolbars.If you enable this policy setting, the user is not allowed to add or remove any toolbars to the taskbar. Applications are not able to add toolbars either.If you disable or do not configure this policy setting, the users ...

oval:org.secpod.oval:def:29380
This policy setting determines whether Windows Error Reporting (WER) checks for a network cost policy that restricts the amount of data that is sent over the network.If you enable this policy setting, WER does not check for network cost policy restrictions, and transmits data even if network cost is ...

oval:org.secpod.oval:def:29389
Prevents the user from launching an application from a Tablet PC hardware button.If you enable this policy, applications cannot be launched from a hardware button, and Launch an application is removed from the drop down menu for configuring button actions (in the Tablet PC Control Panel buttons tab) ...

oval:org.secpod.oval:def:29383
Determines the execution level for Windows Resource Exhaustion Detection and Resolution.If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Reso ...

oval:org.secpod.oval:def:29384
If you enable this policy setting, the Diagnostic Policy Service (DPS) will detect, troubleshoot and attempt to resolve automatically any heap corruption problems.If you disable this policy setting, Windows will not be able to detect, troubleshoot and attempt to resolve automatically any heap corrup ...

oval:org.secpod.oval:def:29381
This policy setting determines whether offline files are synchronized in the background when it could result in extra charges on cell phone or broadband plans.If you enable this setting, synchronization can occur in the background when the users network is roaming, near, or over the plans data limit ...

oval:org.secpod.oval:def:29382
This policy setting allows you to configure a list of Enhanced Storage devices by manufacturer and product ID that are usable on your computer.This policy setting only applies to Enhanced Storage devices that support a Certificate Authentication Silo.If you enable this policy setting, only Enhanced ...

oval:org.secpod.oval:def:29387
This policy setting allows you to manage the Group Policy list of Trusted Platform Module (TPM) commands blocked by Windows.If you enable this policy setting, Windows will block the specified commands from being sent to the TPM on the computer. TPM commands are referenced by a command number. For ex ...

oval:org.secpod.oval:def:29388
Disables visual pen action feedback, except for press and hold feedback.If you enable this policy, all visual pen action feedback is disabled except for press and hold feedback. Additionally, the mouse cursors are shown instead of the pen cursors.If you disable or do not configure this policy, visu ...

oval:org.secpod.oval:def:29385
Determines whether scripted diagnostics will execute diagnostic packages that are signed by untrusted publishers.If you enable this policy setting, the scripted diagnostics execution engine will validate the signer of any diagnostic package and only run those signed by trusted publishers.If you disa ...

oval:org.secpod.oval:def:29386
This policy setting enables computers running Windows Vista or Windows Server 2008 to use the slow-link mode of Offline Files (it is enabled by default for computers running Windows 7 or Windows Server 2008 R2). This policy also controls when client computers running Windows 7 or Windows Server 2008 ...

oval:org.secpod.oval:def:29457
If enabled then only those sessions that are configured for mutual CHAP may be established. If disabled then sessions that are configured for mutual CHAP or sessions not configured for mutual CHAP may be established.

oval:org.secpod.oval:def:29458
This policy setting allows you to control the redirection of smart card devices in a Remote Desktop Services session.If you enable this policy setting, Remote Desktop Services users cannot use a smart card to log on to a Remote Desktop Services session.If you disable or do not configure this policy ...

oval:org.secpod.oval:def:29455
If enabled then new target portals may not be added and thus new targets discovered on those portals; existing target portals may not be removed. If disabled then new target portals may be added and thus new targets discovered on those portals; existing target portals may be removed.

oval:org.secpod.oval:def:29456
This policy setting configures whether or not a password can be used to unlock an Enhanced Storage device.If you enable this policy setting, a password cannot be used to unlock an Enhanced Storage device.If you disable or do not configure this policy setting, a password can be used to unlock an Enha ...

oval:org.secpod.oval:def:29459
Prevents the snipping tool from running.If you enable this policy setting, the Snipping Tool will not run.If you disable this policy setting, the Snipping Tool will run.If you do not configure this policy setting, the Snipping Tool will run.

oval:org.secpod.oval:def:29450
Specifies whether to prevent the sharing of clipboard contents (clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.You can use this setting to prevent users from redirecting clipboard data to and from the remote computer and the local comp ...

oval:org.secpod.oval:def:29453
Flip3D is a 3D window switcher.If you enable this setting, Flip3D will be inaccessible.If you disable or do not configure this policy setting, Flip3D will be accessible, if desktop composition is turned on.Changing this setting will require a logoff for it to be applied.

oval:org.secpod.oval:def:29454
If enabled then discovered targets may not be manually configured. If disabled then discovered targets may be manually configured. Note: if enabled there may be cases where this will break VDS.

oval:org.secpod.oval:def:29451
Specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session.You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they are logged on to a Remote Desktop Servi ...

oval:org.secpod.oval:def:29452
Specifies whether Digital Locker can run.Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the users Windows Marketplace Digital Locker.If you enable this setting, Digita ...

oval:org.secpod.oval:def:29446
This policy setting prevents users from installing any programs from removable media.If you enable this policy setting, if a user tries to install a program from removable media, such as CD-ROMs, floppy disks, and DVDs, a message appears stating that the feature cannot be found.This policy setting a ...

oval:org.secpod.oval:def:29447
This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.If you enable this policy setting, Windows Installer is prevented from recording the original state of the system and sequence of changes it makes duri ...

oval:org.secpod.oval:def:29444
This policy setting turns off Windows presentation settings.If you enable this policy setting, Windows presentation settings cannot be invoked.If you disable this policy setting, Windows presentation settings can be invoked. The presentation settings icon will be displayed in the notification area. ...

oval:org.secpod.oval:def:29445
This policy setting allows you to configure Automatic Maintenance wake up policy. The maintenance wakeup policy specifies if Automatic Maintenance should make a wake request to the OS for the daily scheduled maintenance. Note, that if the OS power wake policy is explicitly disabled, then th ...

oval:org.secpod.oval:def:29448
If enabled then only those sessions that are established via a persistent login will be established and no new persistent logins may be created. If disabled then additional persistent and non persistent logins may be established.

oval:org.secpod.oval:def:29449
This policy setting allows you to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions.You can use this policy setting to prevent users from redirecting print jobs from the remote computer to a printer attached to their local (client) computer. By default, Re ...

oval:org.secpod.oval:def:29442
This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29443
This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29440
This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29441
This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29435
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29436
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29433
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29434
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29439
This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29437
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29438
This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29431
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29432
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29430
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29419
This policy setting configures the amount of time (in seconds) that the operating system waits to reboot in order to enforce a change in access rights to removable storage devices.If you enable this policy setting, you can set the number of seconds you want the system to wait until a reboot.If you d ...

oval:org.secpod.oval:def:29424
This policy setting denies write access to the Tape Drive removable storage class.If you enable this policy setting, write access is denied to this removable storage class.If you disable or do not configure this policy setting, write access is allowed to this removable storage class.

oval:org.secpod.oval:def:29425
This policy setting denies read access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.If you enable this policy setting, read access is denied to this removable storage class.If you disable or do not configure this policy setting, read access ...

oval:org.secpod.oval:def:29422
This policy setting denies write access to the Floppy Drives removable storage class, including USB Floppy Drives.If you enable this policy setting, write access is denied to this removable storage class.If you disable or do not configure this policy setting, write access is allowed to this removabl ...

oval:org.secpod.oval:def:29423
This policy setting denies write access to removable disks.If you enable this policy setting, write access is denied to this removable storage class.If you disable or do not configure this policy setting, write access is allowed to this removable storage class.Note: To require that users write data ...

oval:org.secpod.oval:def:29428
This policy setting displays the instructions in logon scripts as they run.Logon scripts are batch files of instructions that run when the user logs on. By default, the system does not display the instructions in logon scripts.If you enable this policy setting, the system displays each instruction i ...

oval:org.secpod.oval:def:29429
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29426
This policy setting hides the instructions in logon scripts written for Windows NT 4.0 and earlier. Logon scripts are batch files of instructions that run when the user logs on. By default, Windows 2000 displays the instructions in logon scripts written for Windows NT 4.0 and earlier in a command wi ...

oval:org.secpod.oval:def:29427
This policy setting directs the system to wait for logon scripts to finish running before it starts the Windows Explorer interface program and creates the desktop.If you enable this policy setting, Windows Explorer does not start until the logon scripts have finished running. This policy setting ens ...

oval:org.secpod.oval:def:29420
This policy setting denies read access to custom removable storage classes.If you enable this policy setting, read access is denied to these removable storage classes.If you disable or do not configure this policy setting, read access is allowed to these removable storage classes.

oval:org.secpod.oval:def:29421
This policy setting denies write access to custom removable storage classes.If you enable this policy setting, write access is denied to these removable storage classes.If you disable or do not configure this policy setting, write access is allowed to these removable storage classes.

oval:org.secpod.oval:def:29490
If enabled then only those connections that are configured for IPSec may be established. If disabled then connections that are configured for IPSec or connections not configured for IPSec may be established.

oval:org.secpod.oval:def:29499
Prevents user from changing the DirectSound audio setting. DirectSound provides much better audio quality, but older audio hardware may not support it.

oval:org.secpod.oval:def:29493
Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations. Enabling this setting will cause the page files to be encrypted.

oval:org.secpod.oval:def:29494
Disables the application sharing feature of NetMeeting completely. Users will not be able to host or view shared applications.

oval:org.secpod.oval:def:29491
If enabled then new iSNS servers may not be added and thus new targets discovered via those iSNS servers; existing iSNS servers may not be removed. If disabled then new iSNS servers may be added and thus new targets discovered via those iSNS servers; existing iSNS servers may be removed.

oval:org.secpod.oval:def:29492
Allows you to disable Windows Messenger.If you enable this setting, Windows Messenger will not run.If you disable or do not configure this setting, Windows Messenger can be used.Note: If you enable this setting, Remote Assistance also cannot use Windows Messenger.Note: This setting is available unde ...

oval:org.secpod.oval:def:29497
Prevents users from sharing Explorer windows. This prevents users from inadvertently sharing out applications, since Explorer windows can be used to launch other applications.

oval:org.secpod.oval:def:29498
Disables the audio feature of NetMeeting. Users will not be able to send or receive audio.

oval:org.secpod.oval:def:29495
Prevents users from sharing anything themselves. They will still be able to view shared applications\/desktops from others.

oval:org.secpod.oval:def:29496
Prevents users from sharing command prompts. This prevents users from inadvertently sharing out applications, since command prompts can be used to launch other applications.

oval:org.secpod.oval:def:29488
This policy setting turns off Windows Mobility Center.If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file does not launch it.If you disable this policy setting, the user is ab ...

oval:org.secpod.oval:def:29489
If enabled then do not allow the initiator iqn name to be changed. If disabled then the initiator iqn name may be changed.

oval:org.secpod.oval:def:29482
Microsoft XPS Document Writer (MXDW) generates OpenXPS (*.oxps) files by default in Windows 8.If you enable this group policy setting, the default MXDW output format is the legacy Microsoft XPS (*.xps).If you disable or do not configure this policy setting, the default MXDW output format is OpenXPS ...

oval:org.secpod.oval:def:29483
This setting prevents users from using the Programs Control Panel in Category View and Programs and Features in Classic View. The Programs Control Panel allows users to uninstall, change, and repair programs, enable and disable Windows Features, set program defaults, view installed updates, and purc ...

oval:org.secpod.oval:def:29480
This policy setting allows you to control pinning items in Jump Lists.If you enable this policy setting, users cannot pin files, folders, websites, or other items to their Jump Lists in the Start Menu and Taskbar. Users also cannot unpin existing items pinned to their Jump Lists. Existing items alre ...

oval:org.secpod.oval:def:29481
This policy setting allows you to turn off all notification balloons.If you enable this policy setting, no notification balloons are shown to the user.If you disable or do not configure this policy setting, notification balloons are shown to the user.

oval:org.secpod.oval:def:29486
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29487
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29484
This policy setting denies write access to the CD and DVD removable storage class.If you enable this policy setting, write access is denied to this removable storage class.If you disable or do not configure this policy setting, write access is allowed to this removable storage class.

oval:org.secpod.oval:def:29485
This policy setting denies read access to the Tape Drive removable storage class.If you enable this policy setting, read access is denied to this removable storage class.If you disable or do not configure this policy setting, read access is allowed to this removable storage class.

oval:org.secpod.oval:def:29479
Prevents the snipping tool from running.If you enable this policy setting, the Snipping Tool will not run.If you disable this policy setting, the Snipping Tool will run.If you do not configure this policy setting, the Snipping Tool will run.

oval:org.secpod.oval:def:29477
This policy setting denies execute access to the CD and DVD removable storage class.If you enable this policy setting, execute access will be denied to this removable storage class.If you disable or do not configure this policy setting, execute access will be allowed to this removable storage class.

oval:org.secpod.oval:def:29478
Determines the execution level for Windows Shutdown Performance Diagnostics.If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Shutdown Perform ...

oval:org.secpod.oval:def:29471
Directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs cannot perform all of their functions unless Windows has intern ...

oval:org.secpod.oval:def:29472
The Persistent System Timestamp allows the system to detect the time of unexpected shutdowns by writing the current time to disk on a schedule controlled by the Timestamp Interval.If you enable this setting, the Persistent System Timestamp will be refreshed according to the Timestamp Interval.If you ...

oval:org.secpod.oval:def:29470
Specifies whether or not the local access only network icon will be shown.When enabled, the icon for Internet access will be shown in the system tray even when a user is connected to a network with local access only.If you disable this setting or do not configure it, the local access only icon will ...

oval:org.secpod.oval:def:29475
Enable or disable the Client Side Extension for User State Management. This setting is managed by System Center Configuration Manager

oval:org.secpod.oval:def:29476
Disables the Offline Files folder.This setting disables the View Files button on the Offline Files tab. As a result, users cannot use the Offline Files folder to view or open copies of network files stored on their computer. Also, they cannot use the folder to view characteristics of offline files, ...

oval:org.secpod.oval:def:29473
This policy setting configures the Program Compatibility Assistant (PCA) to diagnose failures with programs under User Account Control (UAC). If you enable this policy setting, the PCA detects programs that failed to launch child processes that are installers (typically updaters). When this failure ...

oval:org.secpod.oval:def:29474
Prevents the Tablet PC Input Panel from providing text prediction suggestions. This policy applies for both the on-screen keyboard and the handwriting tab.Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or k ...

oval:org.secpod.oval:def:29468
Microsoft Windows will always unload the users registry, even if there are any open handles to the per-user registry keys at user logoff. Using this policy setting, an administrator can negate this behavior, preventing Windows from forcefully unloading the users registry at user logoff.Note: This po ...

oval:org.secpod.oval:def:29469
This policy setting allows you to control the processing of incoming mailslot messages by a local domain controller (DC).Note: To locate a remote DC based on its NetBIOS (single-label) domain name, DC Locator first gets the list of DCs from a WINS server that is configured in its local client settin ...

oval:org.secpod.oval:def:29466
Windows Messenger is automatically loaded and running when a user logs on to a Windows XP computer. You can use this setting to stop Windows Messenger from automatically being run at logon.If you enable this setting, Windows Messenger will not be loaded automatically when a user logs on.If you disab ...

oval:org.secpod.oval:def:29467
Specifies whether Remote Desktop Services retains a users per-session temporary folders at logoff.You can use this setting to maintain a users session-specific temporary folders on a remote computer, even if the user logs off from a session. By default, Remote Desktop Services deletes a users tempor ...

oval:org.secpod.oval:def:29460
This setting affects whether the BITS client is allowed to use Windows Branch Cache. If the Windows Branch Cache component is installed and enabled on a computer, then BITS jobs on that computer can use Windows Branch Cache by default. If you enable this setting, then the BITS client does ...

oval:org.secpod.oval:def:29461
This setting specifies whether the computer will act as a BITS peercaching client. By default, when BITS peercaching is enabled, the computer acts as both a peercaching server (offering files to its peers) and a peercaching client (downloading files from its peers).If you enable this setting, the co ...

oval:org.secpod.oval:def:29464
Specifies whether Windows Media Center can run.If you enable this setting, Windows Media Center will not run.If you disable or do not configure this setting, Windows Media Center can be run.

oval:org.secpod.oval:def:29465
Prevents Windows Explorer from encrypting files that are moved to an encrypted folder.If you disable this setting or do not configure it, Windows Explorer automatically encrypts files that are moved to an encrypted folder.This setting applies only to files moved within a volume. When files are moved ...

oval:org.secpod.oval:def:29462
This setting specifies whether the computer will act as a BITS peercaching server. By default, when BITS peercaching is enabled, the computer acts as both a peercaching server (offering files to its peers) and a peercaching client (downloading files from its peers).If you enable this setting, the co ...

oval:org.secpod.oval:def:29463
This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows.If you enable this setting, window animations will be turned off.If you disable or do not configure this setting, window animations will be turned on.Changing this ...

oval:org.secpod.oval:def:28995
This policy setting denies read access to the Floppy Drives removable storage class, including USB Floppy Drives.If you enable this policy setting, read access will be denied to this removable storage class.If you disable or do not configure this policy setting, read access will be allowed to this r ...

oval:org.secpod.oval:def:28996
This policy setting allows you to manage the reading of all certificates from the smart card for logon.During logon Windows will by default only read the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This setting forces Windows to read al ...

oval:org.secpod.oval:def:28993
This policy setting determines whether the print spooler will execute print drivers in an isolated or separate process. When print drivers are loaded in an isolated process (or isolated processes), a print driver failure will not cause the print spooler service to fail.If you enable or do not config ...

oval:org.secpod.oval:def:28994
This policy settings lets you configure if all your valid logon certificates are displayed.During the certificate renewal period, a user can have multiple valid logon certificates issued from the same certificate template. This can cause confusion as to which certificate to select for logon. The c ...

oval:org.secpod.oval:def:28999
This policy setting allows you to enforce or ignore the computers default list of blocked Trusted Platform Module (TPM) commands.If you enable this policy setting, Windows will ignore the computers default list of blocked TPM commands and will only block those TPM commands specified by Group Policy ...

oval:org.secpod.oval:def:28997
This policy setting lets you hide the list of previous versions of files that are on file shares. The previous versions come from the on-disk restore points on the file share.If you enable this policy setting, users cannot list or restore previous versions of files on file shares.If you disable this ...

oval:org.secpod.oval:def:28998
This setting determines the behavior of the default consent setting in relation to custom consent settings. If this setting is enabled, the default Consent level setting will always override any other consent setting. If this setting is disabled or not configured, each custom consent setting will d ...

oval:org.secpod.oval:def:28991
Determines whether disk quota limits are enforced and prevents users from changing the setting.If you enable this setting, disk quota limits are enforced. If you disable this setting, disk quota limits are not enforced. When you enable or disable the setting, the system disables the Deny disk space ...

oval:org.secpod.oval:def:28992
This setting causes the Windows Installer to enforce strict rules for component upgrades - setting this may cause some updates to fail.If you enable this policy setting strict upgrade rules will be enforced by the Windows Installer. Upgrades can fail if they attempt to do one of the following:(1) Re ...

oval:org.secpod.oval:def:28990
Specifies whether the Windows NTP Client is enabled. Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers. You may want to disable this service if you decide to use a third-party time provider.

oval:org.secpod.oval:def:28979
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28984
This policy setting removes the option to change the users geographical location (GeoID) from the Region settings control panel.This policy setting is used only to simplify the Regional Options control panel.If you enable this policy setting, the user does not see the option to change the GeoID. Thi ...

oval:org.secpod.oval:def:28985
This policy setting removes the regional formats interface from the Region settings control panel.This policy setting is used only to simplify the Regional and Language Options control panel.If you enable this policy setting, the user does not see the regional formats options. This does not prevent ...

oval:org.secpod.oval:def:28982
Specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking notification area icon.If the user clicks the Disconnect option, NCA removes the DirectAccess rules from the Name Resolution Policy Table (NRPT) and the DirectAccess client co ...

oval:org.secpod.oval:def:28983
This policy setting allows you to control the domain controller (DC) location algorithm. By default, the DC location algorithm prefers DNS-based discovery if the DNS domain name is known. If DNS-based discovery fails and the NetBIOS domain name is known, the algorithm then uses NetBIOS-based discove ...

oval:org.secpod.oval:def:28988
This policy setting restricts users on a computer to the specified list of user locales. If the list is empty, it locks all user locales to their current values. This policy setting does not change existing user locale settings; however, the next time a user attempts to change their user locale, the ...

oval:org.secpod.oval:def:28989
This policy setting prevents the Group Policy Client Service from stopping when idle.

oval:org.secpod.oval:def:28986
This policy turns off the insert a space after selecting a text prediction option. This does not, however, prevent the user or an application from changing the setting programmatically. The insert a space after selecting a text prediction option controls whether or not a space will be inserte ...

oval:org.secpod.oval:def:28987
This policy turns off the offer text predictions as I type option. This does not, however, prevent the user or an application from changing the setting programmatically. The offer text predictions as I type option controls whether or not text prediction suggestions will be presented to the us ...

oval:org.secpod.oval:def:28980
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28981
This policy setting controls the ability to prevent embedded UI.If you enable this policy setting, no packages on the system can run embedded UI.If you disable or do not configure this policy setting, embedded UI is allowed to run.

oval:org.secpod.oval:def:28968
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28969
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28973
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28974
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28971
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28972
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28977
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28978
Prevents the Screen Saver dialog from opening in the Personalization or Display Control Panel. This setting prevents users from using Control Panel to add, configure, or change the screen saver on the computer. It does not prevent a screen saver from running.

oval:org.secpod.oval:def:28975
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28976
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:28970
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29408
This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.Note: The default account picture is stored at %PROGRAMDATA%\Micr ...

oval:org.secpod.oval:def:29409
This setting controls the behavior of the Windows Error Reporting archive. If Archive behavior is set to Store all, all data collected for each report will be stored in the appropriate location. If Archive behavior is set to Store parameters only, only the minimum information required to check for ...

oval:org.secpod.oval:def:29413
Prevents users from deleting tasks from the Scheduled Tasks folder.This setting removes the Delete command from the Edit menu in the Scheduled Tasks folder and from the menu that appears when you right-click a task. Also, the system does not respond when users try to cut or drag a task from the Sche ...

oval:org.secpod.oval:def:29414
This policy determines if v4 printer drivers are allowed to run printer extensions. V4 printer drivers may include an optional, customized user interface known as a printer extension. These extensions may provide access to more device features, but this may not be appropriate for all enterpri ...

oval:org.secpod.oval:def:29411
This setting removes the Open advanced properties for this task when I click Finish checkbox from the last page of the Scheduled Task Wizard. This policy is only designed to simplify task creation for beginning users.The checkbox, when checked, instructs Task Scheduler to automatically open the new ...

oval:org.secpod.oval:def:29412
Prevents users from creating new tasks.This setting removes the Add Scheduled Task item that starts the New Task Wizard. Also, the system does not respond when users try to move, paste, or drag programs or documents into the Scheduled Tasks folder.Note: This setting appears in the Computer Configura ...

oval:org.secpod.oval:def:29417
This setting prevents users from accessing the Turn Windows features on or off task from the Programs Control Panel in Category View, Programs and Features in Classic View, and Get Programs. As a result, users cannot view, enable, or disable various Windows features and services.If this setting is ...

oval:org.secpod.oval:def:29418
This setting prevents users from access the Get new programs from Windows Marketplace task from the Programs Control Panel in Category View, Programs and Features in Classic View, and Get Programs.Windows Marketplace allows users to purchase and\/or download various programs to their computer for in ...

oval:org.secpod.oval:def:29415
Prevents users from viewing or installing published programs from the network. This setting prevents users from accessing the Get Programs page from the Programs Control Panel in Category View, Programs and Features in Classic View and the Install a program from the netowrk task. The Get Programs ...

oval:org.secpod.oval:def:29416
This setting prevents users from accessing Installed Updates page from the View installed updates task.Installed Updates allows users to view and uninstall updates currently installed on the computer. The updates are often downloaded directly from Windows Update or from various program publishers.I ...

oval:org.secpod.oval:def:29410
Turns off Tablet PC hardware buttons.If you enable this policy, no actions will occur when the buttons are pressed, and the buttons tab in Tablet PC Control Panel will be removed.If you disable this policy, user and OEM defined button actions will occur when the buttons are pressed.If you do not con ...

oval:org.secpod.oval:def:29402
This policy setting allows you to turn off taskbar thumbnails.If you enable this policy setting, the taskbar thumbnails are not displayed and the system uses standard text for the tooltips.If you disable or do not configure this policy setting, the taskbar thumbnails are displayed.

oval:org.secpod.oval:def:29403
Prevents users from adding or removing tasks by moving or copying programs in the Scheduled Tasks folder.This setting disables the Cut, Copy, Paste, and Paste Shortcut items on the context menu and the Edit menu in Scheduled Tasks. It also disables the drag-and-drop features of the Scheduled Tasks f ...

oval:org.secpod.oval:def:29400
This policy setting allows you to remove pinned programs from the taskbar.If you enable this policy setting, pinned programs are prevented from being shown on the Taskbar. Users cannot pin programs to the Taskbar.If you disable or do not configure this policy setting, users can pin programs so that ...

oval:org.secpod.oval:def:29401
This policy setting allows you to prevent users from moving taskbar to another screen dock location.If you enable this policy setting, users are not able to drag their taskbar to another area of the monitor(s).If you disable or do not configure this policy setting, users are able to drag their taskb ...

oval:org.secpod.oval:def:29406
Allows you to view and change a list of DCOM server application ids (appids) which are exempted from the DCOM Activation security check. DCOM uses two such lists, one configured via Group Policy through this policy setting, and the other via the actions of local computer administrators. DCOM ignor ...

oval:org.secpod.oval:def:29407
This policy setting allows you to manage whether backups of a machine can run to locally attached storage or not.If you enable this policy setting, machine administrator\/backup operator cannot use Windows Server Backup to run backups to a locally attached storage or disk.If you disable or do not co ...

oval:org.secpod.oval:def:29404
Prevents users from starting and stopping tasks manually.This setting removes the Run and End Task items from the context menu that appears when you right-click a task. As a result, users cannot start tasks manually or force tasks to end before they are finished.Note: This setting appears in the Com ...

oval:org.secpod.oval:def:29405
Extends the disk quota policies in this folder to NTFS file system volumes on removable media.If you disable this setting or do not configure it, the disk quota policies established in this folder apply to fixed-media NTFS volumes only. Note: When this setting is applied, the computer will apply the ...

oval:org.secpod.oval:def:29578
This policy setting allows you to limit the size of the entire roaming user profile cache on the local drive. This policy setting only applies to a computer on which the Remote Desktop Session Host role service is installed.Note: If you want to limit the size of an individual user profile, use the ...

oval:org.secpod.oval:def:29579
This policy setting allows users to have their feeds authenticated through the Basic authentication scheme over an unencrypted HTTP connection.If you enable this policy setting, the Windows RSS Platform authenticates feeds to servers by using the Basic authentication scheme in combination with a les ...

oval:org.secpod.oval:def:29576
This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data.By default, interactively logged on users can view their own Resultant Set of Policy (RSoP) data.If you enable this policy setting, interactive users cannot generate RSoP data.If you disable or do not ...

oval:org.secpod.oval:def:29577
This policy setting allows you to manage whether Windows marks file attachments from Internet Explorer or Microsoft Outlook? Express with information about their zone of origin (such as restricted, Internet, intranet, or local). This policy setting requires that files be downloaded to NTFS disk part ...

oval:org.secpod.oval:def:29570
This policy setting allows you to control the redirection of supported Plug and Play devices, such as Windows Portable Devices, to the remote computer in a Remote Desktop Services session.By default, Remote Desktop Services allows redirection of supported Plug and Play devices. Users can use the Mor ...

oval:org.secpod.oval:def:29571
This policy will automatically log off a user when Windows cannot load their profile. If Windows cannot access the user profile folder or the profile contains errors that prevent it from loading, Windows logs on the user with a temporary profile. This policy allows the administrator to disable this ...

oval:org.secpod.oval:def:29574
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29575
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29572
Hides the General page of the Tools Options dialog. Users will not then be able to change personal identification and bandwidth settings.

oval:org.secpod.oval:def:29573
This setting allows you to display or hide specified Control Panel items, such as Mouse, System, or Personalization, from the Control Panel window and the Start screen. The setting affects the Start screen and Control Panel window, as well as other ways to access Control Panel items, such as shortcu ...

oval:org.secpod.oval:def:29567
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29568
This policy setting directs Windows Installer to use elevated permissions when it installs any program on the system.If you enable this policy setting, privileges are extended to all programs. These privileges are usually reserved for programs that have been assigned to the user (offered on the desk ...

oval:org.secpod.oval:def:29565
Limits newly scheduled to items on the users Start menu, and prevents the user from changing the scheduled program for existing tasks.This setting removes the Browse button from the Schedule Task Wizard and from the Task tab of the properties dialog box for a task. Also, users cannot edit the Run bo ...

oval:org.secpod.oval:def:29566
This policy setting displays the instructions in logoff scripts as they run.Logoff scripts are batch files of instructions that run when the user logs off. By default, the system does not display the instructions in the logoff script.If you enable this policy setting, the system displays each instru ...

oval:org.secpod.oval:def:29569
Encryption can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of encrypted files

oval:org.secpod.oval:def:29560
This policy setting specifies the message that users see when they are denied access to a file or folder. You can customize the Access Denied message to include additional text and links. You can also provide users with the ability to send an email to request access to the file or folder to which th ...

oval:org.secpod.oval:def:29563
This policy setting allows administrators to prevent users from adding new items such as files or folders to the root of their Users Files folder in File Explorer.If you enable this policy setting, users will no longer be able to add new items such as files or folders to the root of their Users File ...

oval:org.secpod.oval:def:29564
Prevents press and hold actions on hardware buttons, so that only one action is available per button.If you enable this policy, press and hold actions are unavailable, and the button configuration dialog will display the following text: Some settings are controlled by Group Policy. If a setting is ...

oval:org.secpod.oval:def:29561
This policy setting controls the use of fast startup. If you enable this policy setting, the system requires hibernate to be enabled.If you disable or do not configure this policy setting, the local setting is used.

oval:org.secpod.oval:def:29562
This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.If you enable this policy setting, users cannot see any previous versions corr ...

oval:org.secpod.oval:def:29556
This policy setting allows you to enforce or ignore the computers local list of blocked Trusted Platform Module (TPM) commands.If you enable this policy setting, Windows will ignore the computers local list of blocked TPM commands and will only block those TPM commands specified by Group Policy or t ...

oval:org.secpod.oval:def:29557
This policy setting prevents redirection of specific USB devices.If you enable this setting, an alternate driver for the USB device cannot be loaded.If you disable or do not configure this setting, an alternate driver for the USB device can be loaded.

oval:org.secpod.oval:def:29554
This setting determines whether offline files are encrypted.Offline files reside on a users hard drive, not the network, and they are stored in a local cache on the computer. Encrypting this cache enhances security on a local computer. If the cache on the local computer is not encrypted, any encrypt ...

oval:org.secpod.oval:def:29555
This is a setting for computers with more than one UI language installed. If you enable this setting, the UI language of Windows menus and dialogs language for systems with more than one language will follow the language specified by the administrator as the system UI languages. The user UI languag ...

oval:org.secpod.oval:def:29558
This policy setting allows you to specify whether the RD Session Host server should join a farm in RD Connection Broker. RD Connection Broker tracks user sessions and allows a user to reconnect to their existing session in a load-balanced RD Session Host server farm. To participate in RD Connection ...

oval:org.secpod.oval:def:29559
This policy setting allows you to specify the RD Session Host servers to which a Remote Desktop license server will offer Remote Desktop Services client access licenses (RDS CALs).You can use this policy setting to control which RD Session Host servers are issued RDS CALs by the Remote Desktop licen ...

oval:org.secpod.oval:def:29552
If enabled, Search and Indexing Options in Control Panel does not allow opening the Modify Locations dialog. Otherwise it can be opened. Disabled by default.

oval:org.secpod.oval:def:29553
This policy turns off the highlight misspelled words option. This does not, however, prevent the user or an application from changing the setting programmatically. The highlight misspelled words option controls whether or next spelling errors in typed text will be highlighted. If the p ...

oval:org.secpod.oval:def:29550
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29551
Prevents users from changing the mouse pointers.By default, users can use the Pointers tab in the Mouse Control Panel to add, remove, or change the mouse pointers.If you enable this setting, none of the mouse pointer scheme settings can be changed by the user.

oval:org.secpod.oval:def:29545
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29546
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29543
Prevents users from adding or changing the background design of the desktop.By default, users can use the Desktop Background page in the Personalization or Display Control Panel to add a background design (wallpaper) to their desktop.If you enable this setting, none of the Desktop Background setting ...

oval:org.secpod.oval:def:29544
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29549
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29547
Permits or prohibits use of the Group Policy tab in property sheets for the Active Directory Users and Computers and Active Directory Sites and Services snap-ins.If you enable this setting, the Group Policy tab is displayed in the property sheet for a site, domain, or organizational unit displayed b ...

oval:org.secpod.oval:def:29548
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29541
Prevents users from changing the way calls are placed, either directly or via a gatekeeper server.

oval:org.secpod.oval:def:29542
This setting forces the theme color scheme to be the default color scheme.If you enable this setting, a user cannot change the color scheme of the current desktop theme.If you disable or do not configure this setting, a user may change the color scheme of the current desktop theme.For Windows 7 and ...

oval:org.secpod.oval:def:29540
Disables the 2.x whiteboard feature of NetMeeting.The 2.x whiteboard is available for compatibility with older versions of NetMeeting only.Deployers who do not need it can save bandwidth by disabling it.

oval:org.secpod.oval:def:29598
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29599
This setting determines if roaming user profiles are available on a particular computer. By default, when roaming profile users log on to a computer, their roaming profile is copied down to the local computer. If they have already logged on to this computer in the past, the roaming profile is merged ...

oval:org.secpod.oval:def:29592
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29593
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29590
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29591
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29596
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29597
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29594
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29595
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29589
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29587
Permits or prohibits use of this snap-in.If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited.If this setting is not configured, the setting of the Restrict users to the explicitly permitted list of snap-ins setting determines whether this snap- ...

oval:org.secpod.oval:def:29588
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29581
This policy setting prevents the user from using Internet Explorer as a feed reader. This policy setting has no impact on the Windows RSS Platform.If you enable this policy setting, the user cannot access the feed list in the Favorites Center.If you disable or do not configure this policy setting, t ...

oval:org.secpod.oval:def:29582
This policy setting controls whether a computer requires that Kerberos message exchanges be armored when communicating with a domain controller.Warning: When a domain does not support Kerberos armoring by enabling Support Dynamic Access Control and Kerberos armoring, then all authentication for all ...

oval:org.secpod.oval:def:29580
This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the users computer.If you enable this policy setting, the user cannot set the Feed Sync Engine to download an enclosure through the Feed property page. A developer cannot change the download set ...

oval:org.secpod.oval:def:29585
This policy setting turns off the Windows Location Provider feature for this computer. If you enable this policy setting, the Windows Location Provider feature will be turned off, and all programs on this computer will not be able to use the Windows Location Provider feature. If you di ...

oval:org.secpod.oval:def:29586
This policy setting allows or prevents Windows Media Center to run.Windows Media Center is a digital media player and video recorder that allows users to organize and play music and videos, and to view and record live television.If you enable this policy setting, Windows Media Center will not run.If ...

oval:org.secpod.oval:def:29583
This policy setting allows you to disable revocation check for the SSL certificate of the KDC proxy server being connected to.If you enable this policy setting, revocation check for the SSL certificate of the KDC proxy server is ignored by the Kerberos client. This policy setting should only be used ...

oval:org.secpod.oval:def:29584
This policy setting allows you to set the value returned to applications which request the maximum size of the SSPI context token buffer size.The size of the context token buffer determines the maximum size of SSPI context tokens an application expects and allocates. Depending upon authentication re ...

oval:org.secpod.oval:def:29529
Specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session.You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default, Remote Desktop Services al ...

oval:org.secpod.oval:def:29534
This policy setting turns off tile notifications. If you enable this policy setting, applications and system features will not be able to update their tiles and tile badges in the Start screen. If you disable or do not configure this policy setting, tile and badge notifications are ...

oval:org.secpod.oval:def:29535
Do Not Show First Use Dialog BoxesThis policy prevents the Privacy Options and Installation Options dialog boxes from being displayed the first time a user starts Windows Media Player.This policy prevents the dialog boxes which allow users to select privacy, file types, and other desktop options fro ...

oval:org.secpod.oval:def:29532
Prevents start of Windows Journal.If you enable this policy, the Windows Journal accessory will not run.If you disable this policy, the Windows Journal accessory will run.If you do not configure this policy, the Windows Journal accessory will run.

oval:org.secpod.oval:def:29533
This setting disables the more secure default setting for the user?s roaming user profile folder.Once an administrator has configured a users roaming profile, the profile will be created at the users next login. The profile is created at the location that is specified by the administrator.For Window ...

oval:org.secpod.oval:def:29538
Prevents users from sharing applications in true color. True color sharing uses more bandwidth in a conference.

oval:org.secpod.oval:def:29539
Disables the Advanced Calling button on the General Options page. Users will not then be able to change the call placement method and the servers used.

oval:org.secpod.oval:def:29536
Specifies the target group name or names that should be used to receive updates from an intranet Microsoft update service.If the status is set to Enabled, the specified target group information is sent to the intranet Microsoft update service which uses it to determine which updates should be deploy ...

oval:org.secpod.oval:def:29537
This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs cannot perform all their functions unless W ...

oval:org.secpod.oval:def:29530
Prevents printing to Journal Note Writer.If you enable this policy, the Journal Note Writer printer driver will not allow printing to it. It will remain displayed in the list of available printers, but attempts to print to it will fail.If you disable this policy, you will be able to use this feature ...

oval:org.secpod.oval:def:29531
Specifies whether Sound Recorder can run.Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.If you enable this policy setting, Sound Recorder will not run.If you disable or ...

oval:org.secpod.oval:def:29518
This policy setting allows you to prevent users from resizing the taskbar.If you enable this policy setting, users are not be able to resize their taskbar.If you disable or do not configure this policy setting, users are able to resize their taskbar unless prevented by another setting.

oval:org.secpod.oval:def:29519
This policy setting configures the amount of time (in seconds) that the operating system waits to reboot in order to enforce a change in access rights to removable storage devices.If you enable this policy setting, you can set the number of seconds you want the system to wait until a reboot.If you d ...

oval:org.secpod.oval:def:29523
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29524
This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29521
This policy setting denies read access to removable disks.If you enable this policy setting, read access is denied to this removable storage class.If you disable or do not configure this policy setting, read access is allowed to this removable storage class.

oval:org.secpod.oval:def:29522
This policy setting denies write access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.If you enable this policy setting, write access is denied to this removable storage class.If you disable or do not configure this policy setting, write acc ...

oval:org.secpod.oval:def:29527
If enabled then new targets may not be manually configured by entering the target name and target portal; already discovered targets may be manually configured. If disabled then new and already discovered targets may be manually configured. Note: if enabled there may be cases where this will break ...

oval:org.secpod.oval:def:29528
This policy setting controls the ability to change the color of window frames.If you enable this policy setting, you prevent users from changing the default window frame color.If you disable or do not configure this policy setting, you allow users to change the default window frame color.Note: This ...

oval:org.secpod.oval:def:29525
This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29526
This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29520
This policy setting denies read access to the Floppy Drives removable storage class, including USB Floppy Drives.If you enable this policy setting, read access is denied to this removable storage class.If you disable or do not configure this policy setting, read access is allowed to this removable s ...

oval:org.secpod.oval:def:29509
Prevents users from sending files to others in a conference.

oval:org.secpod.oval:def:29507
Prevents users from turning on automatic acceptance of incoming calls.This ensures that others cannot call and connect to NetMeeting when the user is not present.This policy is recommended when deploying NetMeeting to run always.

oval:org.secpod.oval:def:29508
Disables the directory feature of NetMeeting.Users will not logon to a directory (ILS) server when NetMeeting starts. Users will also not be able to view or place calls via a NetMeeting directory.This policy is for deployers who have their own location or calling schemes such as a Web site or an ad ...

oval:org.secpod.oval:def:29512
This policy setting controls which Control Panel items such as Mouse, System, or Personalization, are displayed on the Control Panel window and the Start screen. The only items displayed in Control Panel are those you specify in this setting. This setting affects the Start screen and Control Panel, ...

oval:org.secpod.oval:def:29513
This policy setting allows you to configure the recovery behavior for corrupted files to one of three states:Regular: Detection, troubleshooting, and recovery of corrupted files will automatically start with a minimal UI display. Windows will attempt to present you with a dialog box when a system re ...

oval:org.secpod.oval:def:29510
Prevents users from viewing directories as Web pages in a browser.

oval:org.secpod.oval:def:29511
This policy setting controls the default Control Panel view, whether by category or icons. If this policy setting is enabled, the Control Panel opens to the icon view.If this policy setting is disabled, the Control Panel opens to the category view.If this policy setting is not configured, the Contro ...

oval:org.secpod.oval:def:29516
This policy setting allows you to remove the battery meter from the system control area.If you enable this policy setting, the battery meter is not displayed in the system notification area.If you disable or do not configure this policy setting, the battery meter is displayed in the system notificat ...

oval:org.secpod.oval:def:29517
This policy setting allows you to lock all taskbar settings.If you enable this policy setting, the user cannot access the taskbar control panel. The user is also unable to resize, move or rearrange toolbars on their taskbar.If you disable or do not configure this policy setting, the user will be abl ...

oval:org.secpod.oval:def:29514
Determines the execution level for Windows Standby\/Resume Performance Diagnostics.If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Standby\/ ...

oval:org.secpod.oval:def:29515
Removes the Back->ESC mapping that normally occurs when menus are visible, and for applications that subscribe to this behavior.If you enable this policy, a button assigned to Back will not map to ESC.If you disable this policy, Back->ESC mapping will occur.If you do not configure this policy, ...

oval:org.secpod.oval:def:29501
Prevents users from sending video if they have the hardware. Users will still be able to receive video from others.

oval:org.secpod.oval:def:29502
Hides the Audio page of the Tools Options dialog. Users will not then be able to change audio settings.

oval:org.secpod.oval:def:29500
Prevents users from receiving video. Users will still be able to send video provided they have the hardware.

oval:org.secpod.oval:def:29505
Disables the T.126 whiteboard feature of NetMeeting.

oval:org.secpod.oval:def:29506
Configures NetMeeting to download settings for users each time it starts.The settings are downloaded from the URL listed in the Configuration URL: text box.Group Policy based settings have precedence over any conflicting settings set by downloading them from this URL.

oval:org.secpod.oval:def:29503
Hides the Security page of the Tools Options dialog. Users will not then be able to change call security and authentication settings.

oval:org.secpod.oval:def:29504
Make the automatic acceptance of incoming calls persistent.

oval:org.secpod.oval:def:29699
This policy setting determines whether the system records an event in the local Application log when users reach their disk quota limit on a volume, and prevents users from changing the logging setting.If you enable this policy setting, the system records an event when the user reaches their limit. ...

oval:org.secpod.oval:def:29697
This setting controls automatic updates to a users computer.Whenever a user connects to the Internet, Windows searches for updates available for the software and hardware on their computer and automatically downloads them. This happens in the background, and the user is prompted when downloaded comp ...

oval:org.secpod.oval:def:29698
This policy setting allows you to manage whether the Install Updates and Shut Down option is allowed to be the default choice in the Shut Down Windows dialog.If you enable this policy setting, the users last shut down choice (Hibernate, Restart, etc.) is the default option in the Shut Down Windows d ...

oval:org.secpod.oval:def:29691
Controls whether a user can save passwords using Remote Desktop Connection.If you enable this setting the credential saving checkbox in Remote Desktop Connection will be disabled and users will no longer be able to save passwords. When a user opens an RDP file using Remote Desktop Connection and sav ...

oval:org.secpod.oval:def:29692
This policy setting allows you to manage the duration in minutes for counting standard user authorization failures for Trusted Platform Module (TPM) commands requiring authorization. If the number of TPM commands with an authorization failure within the duration equals a threshold, a standard user ...

oval:org.secpod.oval:def:29690
Microsoft recommends that you use this setting, if appropriate to your environment and your organizations business requirements, to help protect end user computers. This policy setting specifies a text message that displays to users when they log on.

oval:org.secpod.oval:def:29695
This policy setting allows you to prevent radio station presets from being retrieved from the Internet.If you enable this policy setting, the Player is prevented from automatically retrieving radio station presets from the Internet and displaying them in Media Library. In addition, presets that exis ...

oval:org.secpod.oval:def:29696
This policy setting allows you to prevent Windows Messenger from running.If you enable this policy setting, Windows Messenger does not run.If you disable or do not configure this policy setting, Windows Messenger can be used.Note: If you enable this policy setting, Remote Assistance also cannot use ...

oval:org.secpod.oval:def:29693
This policy setting allows you to specify the HTTP proxy settings for Windows Media Player.If you enable this policy setting, select one of the following proxy types:- Autodetect: the proxy settings are automatically detected.- Custom: unique proxy settings are used.- Use browser proxy settings: bro ...

oval:org.secpod.oval:def:29694
This policy setting allows you to hide the Security tab in Windows Media Player.If you enable this policy setting, the default security settings for the options on the Security tab are used unless the user changed the settings previously. Users can still change security and zone settings by using In ...

oval:org.secpod.oval:def:29688
This setting determines if the changes a user makes to their roaming profile are merged with the server copy of their profile.By default, when a roaming profile user logs on to a computer, their roaming profile is copied down to the local computer. If they have already logged on to this computer in ...

oval:org.secpod.oval:def:29689
This policy setting determines whether the Lightweight Directory Access Protocol (LDAP) server requires LDAP clients to negotiate data signing.

oval:org.secpod.oval:def:29686
By enabling the policy, Administrators hide the Switch user button in the Logon UI, the Start menu and the Task Manager.

oval:org.secpod.oval:def:29687
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29680
Disables all Control Panel programs and the PC settings app.This setting prevents Control.exe and SystemSettings.exe, the program files for Control Panel and PC settings, from starting. As a result, users cannot start Control Panel or PC settings, or run any of their items.This setting removes Contr ...

oval:org.secpod.oval:def:29681
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29684
Specifies whether NCA service runs in Passive Mode or not.Set this to Disabled to keep NCA probing actively all the time. If this setting is not configured, NCA probing is in active mode by default.

oval:org.secpod.oval:def:29685
Prevents the system from updating the Administrative Templates source files automatically when you open the Group Policy Object Editor. Administrators might want to use this if they are concerned about the amount of space used on the system volume of a DC.By default, when you start the Group Policy ...

oval:org.secpod.oval:def:29682
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29683
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29677
This policy setting allows you to specify whether network buffering uses the default or a specified number of seconds.If you enable this policy setting, select one of the following options to specify the number of seconds streaming media is buffered before it is played.- Custom: the number of second ...

oval:org.secpod.oval:def:29678
This policy setting allows a screen saver to interrupt playback.If you enable this policy setting, a screen saver is displayed during playback of digital media according to the options selected on the Screen Saver tab in the Display Properties dialog box in Control Panel. The Allow screen saver duri ...

oval:org.secpod.oval:def:29675
Windows Mail will not check your newsgroup servers for Communities support.

oval:org.secpod.oval:def:29676
This policy setting allows you to specify the RTSP proxy settings for Windows Media Player.If you enable this policy setting, select one of the following proxy types:- Autodetect: the proxy settings are automatically detected.- Custom: unique proxy settings are used.If the Custom proxy type is selec ...

oval:org.secpod.oval:def:29679
Hides the Video page of the Tools Options dialog. Users will not then be able to change video settings.

oval:org.secpod.oval:def:29670
This setting lets you disable the creation of system images. If you enable this policy setting, users cannot create system images. If you disable or do not configure this policy setting, users can create system images.

oval:org.secpod.oval:def:29673
This policy setting prevents clients from connecting to Mobile Broadband networks when the client is registered on a roaming provider network. If this policy setting is enabled, all automatic and manual connection attempts to roaming provider networks are blocked until the client registers wit ...

oval:org.secpod.oval:def:29674
This policy setting affects the ability of users to install or uninstall color profiles.If you enable this policy setting, users cannot install new color profiles or uninstall previously installed color profiles.If you disable or do not configure this policy setting, all users can install new color ...

oval:org.secpod.oval:def:29671
This policy setting controls on a per-computer basis whether roaming profiles are downloaded on a users primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such ...

oval:org.secpod.oval:def:29672
This policy setting specifies that power management is disabled when the machine enters connected standby mode. If this policy setting is enabled, Windows Connection Manager does not manage adapter radios to reduce power consumption when the machine enters connected standby mode. If this ...

oval:org.secpod.oval:def:29666
This policy setting allows you to manage the maximum number of authorization failures for all standard users for the Trusted Platform Module (TPM). If the total number of authorization failures for all standard users within the duration for Standard User Lockout Duration equals this value, all stan ...

oval:org.secpod.oval:def:29667
This setting lets you prevent users from selecting a local disk (internal or external) for storing backups. If you enable this policy setting, users are prevented from selecting a local disk as a backup location. If you disable or do not configure this policy setting, users can select a local disk a ...

oval:org.secpod.oval:def:29664
This policy setting allows you to specify whether the default client printer is the only printer redirected in Remote Desktop Services sessions.If you enable this policy setting, only the default client printer is redirected in Remote Desktop Services sessions.If you disable or do not configure this ...

oval:org.secpod.oval:def:29665
Turn off Tablet PC touch inputTurns off touch input, which allows the user to interact with their computer using their finger.If you enable this setting, the user will not be able to produce input with touch. They will not be able to use touch input or touch gestures such as tap and double tap, the ...

oval:org.secpod.oval:def:29668
This policy setting lets you prevent users from selecting optical media (CD\/DVD) for storing backups. If you enable this policy setting, users are blocked from selecting optical media as a backup location. If you disable or do not configure this policy setting, users can select optical media as a b ...

oval:org.secpod.oval:def:29669
This setting lets you disable the data file backup functionality. If you enable this policy setting, users cannot back up data files. If you disable or do not configure this policy setting, users can back up data files.

oval:org.secpod.oval:def:29662
This policy setting Sspecifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.You can use this setting to direct Remote Desktop Services to end a session (that is, the user is logged off and the session is deleted from the server) after time limits fo ...

oval:org.secpod.oval:def:29663
This policy setting allows you to specify whether the client computer redirects its time zone settings to the Remote Desktop Services session.If you enable this policy setting, clients that are capable of time zone redirection send their time zone information to the server. The server base time is t ...

oval:org.secpod.oval:def:29660
This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. If you enable or do not configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install al ...

oval:org.secpod.oval:def:29661
Configures Remote Desktop Services to run a specified program automatically upon connection.You can use this setting to specify a program to run automatically when a user logs on to a remote computer.By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless othe ...

oval:org.secpod.oval:def:29608
This policy prevents a shortcut for the Player from being added to the Quick Launch bar.When this policy is not configured or disabled, the user can choose whether to add the shortcut for the Player to the Quick Launch bar.

oval:org.secpod.oval:def:29609
Prevents video smoothing from occurring.This policy prevents video smoothing, which can improve video playback on computers with limited resources, from occurring. In addition, the Use Video Smoothing check box in the Video Acceleration Settings dialog box in the Player is cleared and is not availab ...

oval:org.secpod.oval:def:29606
Prevents the user from launching an application from a Tablet PC hardware button.If you enable this policy, applications cannot be launched from a hardware button, and Launch an application is removed from the drop down menu for configuring button actions (in the Tablet PC Control Panel buttons tab) ...

oval:org.secpod.oval:def:29607
Prevents press and hold actions on hardware buttons, so that only one action is available per button.If you enable this policy, press and hold actions are unavailable, and the button configuration dialog will display the following text: Some settings are controlled by Group Policy. If a setting is ...

oval:org.secpod.oval:def:29611
Determines whether the DNS client performs primary DNS suffix devolution in a name resolution process.When a user submits a query for a single-label name, such as example, a local DNS client attaches a suffix, such as microsoft.com, resulting in the query example.microsoft.com, before sending the qu ...

oval:org.secpod.oval:def:29612
This policy setting determines whether a portable computer can be undocked if the user does not log on to the system. Enable this policy setting to eliminate a Logon requirement and allow use of an external hardware eject button to undock the computer. If you disable this policy setting, a user must ...

oval:org.secpod.oval:def:29610
Prevents Windows Media Digital Rights Management (DRM) from accessing the Internet (or intranet).When enabled, Windows Media DRM is prevented from accessing the Internet (or intranet) for license acquisition and security upgrades.When this policy is enabled, programs are not able to acquire licenses ...

oval:org.secpod.oval:def:29615
Determines whether the XPS Rasterization Service or the XPS-to-GDI conversion (XGC) is forced to use a software rasterizer instead of a Graphics Processing Unit (GPU) to rasterize pages.On machines with an ARM processor, this policy setting is ignored by the XPS Rasterization Service and the XPS-to- ...

oval:org.secpod.oval:def:29616
This setting prevents users from accessing Programs and Features to view, uninstall, change, or repair programs that are currently installed on the computer.If this setting is disabled or not configured, Programs and Features will be available to all users.This setting does not prevent users from us ...

oval:org.secpod.oval:def:29613
This policy setting determines whether members of the Server Operators group are allowed to submit jobs by means of the AT schedule facility. The impact of this policy setting configuration should be small for most organizations. Users, including those in the Server Operators group, will still be ab ...

oval:org.secpod.oval:def:29614
This security setting is to support clients running a version of Windows prior to Windows 8 that are trying to access a file share that requires user claims. This setting determines whether the local file server will attempt to use Kerberos Service-For-User-To-Self (S4U2Self) functionality to obtain ...

oval:org.secpod.oval:def:29600
This policy setting determines whether the print spooler will override the Driver Isolation compatibility reported by the print driver. This enables executing print drivers in an isolated process, even if the driver does not report compatibility.If you enable this policy setting, the print spooler w ...

oval:org.secpod.oval:def:29601
Enables the physical Location Tracking setting for Windows printers.Use Location Tracking to design a location scheme for your enterprise and assign computers and printers to locations in the scheme. Location Tracking overrides the standard method used to locate and associate computers and printers. ...

oval:org.secpod.oval:def:29604
This policy setting prevents the display of the user interface for critical errors.If you enable this policy setting, Windows Error Reporting prevents the display of the user interface for critical errors.If you disable or do not configure this policy setting, Windows Error Reporting displays the us ...

oval:org.secpod.oval:def:29605
Prevents Input Panel tab from appearing on the edge of the Tablet PC screen.Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.If you enable this policy, Input Panel tab will not appear on ...

oval:org.secpod.oval:def:29602
This setting lets you prevent users from selecting a network location for storing backups.If this setting is enabled, users will be blocked from selecting a network location as a backup location.If this setting is disabled or not configured, users can select a network location as a backup location.

oval:org.secpod.oval:def:29603
This policy prevents a shortcut icon for the Player from being added to the users desktop.When this policy is not configured or disabled, users can choose whether to add the Player shortcut icon to their desktops.

oval:org.secpod.oval:def:29655
This policy setting allows you to deny or allow NTLM authentication within a domain from this domain controller. This policy does not affect interactive logon to this domain controller.

oval:org.secpod.oval:def:29656
This policy setting determines whether users private keys (such as their S-MIME keys) require a password to be used. If you configure this policy setting so that users must provide a password?distinct from their domain password?every time that they use a key, then it will be more difficult for an at ...

oval:org.secpod.oval:def:29653
This policy setting allows you to create an exception list of servers in this domain to which clients are allowed to use NTLM pass-through authentication if the Network Security: Restrict NTLM: Deny NTLM authentication in this domain is set.The naming format for servers on this exception list is the ...

oval:org.secpod.oval:def:29654
This policy setting allows you to audit NTLM authentication in a domain from this domain controller.This policy is supported on at least Windows Server 2008 R2.Note: Audit events are recorded on this computer in the Operational Log located under the Applications and Services Log\/Microsoft\/Windows\ ...

oval:org.secpod.oval:def:29659
This policy setting specifies whether the UDP protocol will be used to access servers via Remote Desktop Protocol. If you enable this policy setting, Remote Desktop Protocol traffic will only use the TCP protocol.If you disable or do not configure this policy setting, Remote Desktop Protocol traffic ...

oval:org.secpod.oval:def:29657
If you enable this policy setting, when Remote Desktop Connection cannot connect directly to a remote computer (an RD Session Host server or a computer with Remote Desktop enabled), the clients will attempt to connect to the remote computer through an RD Gateway server. In this case, the clients wil ...

oval:org.secpod.oval:def:29658
This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one issued by an authority recognized by the client, such as the issuers in the clients Third-Party Root Certifi ...

oval:org.secpod.oval:def:29651
Restricts package point and print to approved servers.This policy setting restricts package point and print connections to approved servers. This setting only applies to Package Point and Print connections, and is completely independent from the Point and Print Restrictions policy that governs the b ...

oval:org.secpod.oval:def:29652
This policy setting allows you to create an exception list of remote servers to which clients are allowed to use NTLM authentication if the Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers policy setting is configured.The naming format for servers on this exception list is t ...

oval:org.secpod.oval:def:29650
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29639
This policy setting removes the option to change the users menus and dialogs (UI) language from the Language and Regional Options control panel.This policy setting is used only to simplify the Regional Options control panel.If you enable this policy setting, the user does not see the option for chan ...

oval:org.secpod.oval:def:29644
This policy setting turns off all support for the non-volatile (NV) cache on all hybrid hard disks in the system. To check if you have hybrid hard disks in the system, from Device Manager, right-click the disk drive and select Properties. The NV cache can be used to optimize boot and resume by readi ...

oval:org.secpod.oval:def:29645
Determines whether the system retains a roaming user?s Windows Installer and Group Policy based software installation data on their profile deletion.By default User profile deletes all information related to a roaming user (which includes the user?s settings, data, Windows Installer related data etc ...

oval:org.secpod.oval:def:29642
Specifies whether desktop wallpaper is displayed to remote clients connecting via Remote Desktop Services.You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. By default, Windows XP Professional displays wallpaper to remote clients connecting through ...

oval:org.secpod.oval:def:29643
This policy setting denies execute access to the Floppy Drives removable storage class, including USB Floppy Drives.If you enable this policy setting, execute access will be denied to this removable storage class.If you disable or do not configure this policy setting, execute access will be allowed ...

oval:org.secpod.oval:def:29648
Permits or prohibits use of this snap-in.If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited.If this setting is not configured, the setting of the Restrict users to the explicitly permitted list of snap-ins setting determines whether this snap- ...

oval:org.secpod.oval:def:29649
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29646
This policy setting controls the state of the Inventory Collector. The Inventory Collector inventories applications, files, devices, and drivers on the system and sends the information to Microsoft. This information is used to help diagnose compatibility problems.If you enable this policy sett ...

oval:org.secpod.oval:def:29647
Specifies whether or not to log events when the pruning service on a domain controller attempts to contact a computer before pruning the computers printers.The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a c ...

oval:org.secpod.oval:def:29640
This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.This does not affect the selection of replacement locales. To prevent the selection of replacement locales, ...

oval:org.secpod.oval:def:29641
This policy setting allows you to create new Group Policy object links in the disabled state.If you enable this setting, you can create all new Group Policy object links in the disabled state by default. After you configure and test the new object links by using a policy compliant Group Policy manag ...

oval:org.secpod.oval:def:29628
Prevents users from allowing others in a conference to control what they have shared. This enforces a read-only mode; the other participants cannot change the data in the shared application.

oval:org.secpod.oval:def:29629
Disables full duplex mode audio. Users will not be able to listen to incoming audio while speaking into the microphone. Older audio hardware does not perform well when in full duplex mode.

oval:org.secpod.oval:def:29633
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29634
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29631
Prevents users from receiving files from others in a conference.

oval:org.secpod.oval:def:29632
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29637
Prevents users from changing the sound scheme.By default, users can use the Sounds tab in the Sound Control Panel to add, remove, or change the system Sound Scheme.If you enable this setting, none of the Sound Scheme settings can be changed by the user.

oval:org.secpod.oval:def:29638
This policy setting controls the ability to turn off shared components.If you enable this policy setting, no packages on the system get the shared component functionality enabled by the msidbComponentAttributesShared attribute in the Component Table.If you disable or do not configure this policy set ...

oval:org.secpod.oval:def:29635
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29636
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29630
Prevents users from adding directory (ILS) servers to the list of those they can use for placing calls.

oval:org.secpod.oval:def:29619
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29617
This policy setting denies read access to the CD and DVD removable storage class.If you enable this policy setting, read access is denied to this removable storage class.If you disable or do not configure this policy setting, read access is allowed to this removable storage class.

oval:org.secpod.oval:def:29618
Configure access to all removable storage classes.This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes, use the policy settings available for each class.If you enable this policy setting, no access is allowed to any removable storag ...

oval:org.secpod.oval:def:29622
If enabled then do not allow the initiator CHAP secret to be changed. If disabled then the initiator CHAP secret may be changed.

oval:org.secpod.oval:def:29623
Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files.

oval:org.secpod.oval:def:29620
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29621
This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29626
This setting allows you to configure whether power is automatically turned off when Windows shutdown completes. This setting does not effect Windows shutdown behavior when shutdown is manually selected using the Start menu or Task Manager user interfaces. Applications such as UPS software may rely ...

oval:org.secpod.oval:def:29627
Enables and disables disk quota management on all NTFS volumes of the computer, and prevents users from changing the setting.If you enable this setting, disk quota management is enabled, and users cannot disable it.If you disable the setting, disk quota management is disabled, and users cannot enabl ...

oval:org.secpod.oval:def:29624
If enabled then only those sessions that are configured for one-way CHAP may be established. If disabled then sessions that are configured for one-way CHAP or sessions not configured for one-way CHAP may be established. Note that if the Do not allow sessions without mutual CHAP setting is enabled th ...

oval:org.secpod.oval:def:29625
This policy setting blocks applications from using the network to send notifications to update tiles, tile badges, toast, or raw notifications. This policy setting turns off the connection between Windows and the Windows Push Notification Service (WNS). This policy setting also stops applications fr ...

oval:org.secpod.oval:def:29798
If enabled, the search indexer backoff feature will be disabled. Indexing will continue at full speed even when system activity is high. If disabled, backoff logic will be used to throttle back indexing activity when system activity is high. Default is disabled.

oval:org.secpod.oval:def:29799
Enabling this policy removes the option of searching the Web from Windows Desktop Search.When this policy is disabled or not configured, the Web option is available and users can search the Web via their default browser search engine.

oval:org.secpod.oval:def:29796
This policy setting configures how Windows Search adds shared folders to the search index.If you enable this policy setting, Windows Search is prevented from automatically adding shared folders to the index. Windows Search does not automatically add shares created on the computer to the scope of the ...

oval:org.secpod.oval:def:29797
This policy setting allows encrypted items to be indexed. If you enable this policy setting, indexing will attempt to decrypt and index the content (access restrictions will still apply). If you disable this policy setting, the search service components (including non-Microsoft components) are expe ...

oval:org.secpod.oval:def:29790
This policy setting hides or displays the Advanced Options dialog for Search and Indexing Options in the Control Panel.If you enable this policy setting, the Advanced Options dialog for Search and Indexing Options in the Control Panel cannot be opened.If you disable or do not configure this policy s ...

oval:org.secpod.oval:def:29791
This policy setting directs the system to display highly detailed status messages.This policy setting is designed for advanced users who require this information.If you enable this policy setting, the system displays status messages that reflect each step in the process of starting, shutting down, l ...

oval:org.secpod.oval:def:29794
Prevent the browser group from syncing to and from this PC. This turns off and disables the browser group on the sync your settings page in PC settings. The browser group contains settings and info like history and favorites.If you enable this policy setting, the browser group, including info like ...

oval:org.secpod.oval:def:29795
Prevent the personalize group from syncing to and from this PC. This turns off and disables the personalize group on the sync your settings page in PC settings.If you enable this policy setting, the personalize group will not be synced.Use the option Allow users to turn personalize syncing on so th ...

oval:org.secpod.oval:def:29792
This policy setting allows users to patch elevated products.If you enable this policy setting, all users are permitted to install patches, even when the installation program is running with elevated system privileges. Patches are updates or upgrades that replace only those program files that have ch ...

oval:org.secpod.oval:def:29793
This policy setting determines whether Windows Error Reporting (WER) checks for a network cost policy that restricts the amount of data that is sent over the network.If you enable this policy setting, WER does not check for network cost policy restrictions, and transmits data even if network cost is ...

oval:org.secpod.oval:def:29787
This policy setting controls configuring the devices Active Directory account for compound authentication.Support for providing compound authentication which is used for access control will require enough domain controllers in the resource account domains to support the requests. The Domain Administ ...

oval:org.secpod.oval:def:29788
This policy setting allows you to configure a domain controller to support claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication.If you enable this policy setting, client computers that support claims and compound authentication for Dynamic ...

oval:org.secpod.oval:def:29785
This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data.By default, interactively logged on users can view their own Resultant Set of Policy (RSoP) data.If you enable this policy setting, interactive users cannot generate RSoP data.If you disable or do not ...

oval:org.secpod.oval:def:29786
This policy setting determines whether removable floppy media are accessible to both local and remote users simultaneously. If you enable this policy setting, only the interactively logged-on user is allowed to access removable floppy media. If this policy setting is enabled and no one is logged on ...

oval:org.secpod.oval:def:29789
Enabling this setting will cause the Group Policy Client to connect to the same domain controller for DFS shares as is being used for Active Directory.

oval:org.secpod.oval:def:29780
This setting allows you to remove access to Windows Update.If you enable this setting, all Windows Update features are removed. This includes blocking access to the Windows Update Web site at http:\/\/windowsupdate.microsoft.com, from the Windows Update hyperlink on the Start menu, and also on the T ...

oval:org.secpod.oval:def:29783
This policy setting controls whether or not the Netlogon share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.If you enable this policy setting, the Netlogon share will honor file sharing semantics that gr ...

oval:org.secpod.oval:def:29784
This policy setting allows you to control whether a domain user can sign in using a picture password.If you enable this policy setting, a domain user cant set up or sign in with a picture password. If you disable or dont configure this policy setting, a domain user can set up and use a picture passw ...

oval:org.secpod.oval:def:29781
This policy setting turns off toast notifications.If you enable this policy setting, applications and system features will not be able to raise toast notifications. Note that this policy does not affect taskbar notification balloons.If you disable or do not configure this policy setting, toast notif ...

oval:org.secpod.oval:def:29782
This policy setting disallows AutoPlay for MTP devices like cameras or phones. If you enable this policy setting, AutoPlay is not allowed for MTP devices like cameras or phones. If you disable or do not configure this policy setting, AutoPlay is enabled for non-volume devices.

oval:org.secpod.oval:def:29729
Removes the Back->ESC mapping that normally occurs when menus are visible, and for applications that subscribe to this behavior.If you enable this policy, a button assigned to Back will not map to ESC.If you disable this policy, Back->ESC mapping will occur.If you do not configure this policy, ...

oval:org.secpod.oval:def:29727
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29728
This policy setting allows you to control whether a confirmation message is displayed when a smart card device driver is installed.If you enable or do not configure this policy setting, a confirmation message will be displayed when a smart card device driver is installed.If you disable this policy s ...

oval:org.secpod.oval:def:29732
Disables the Color (or Window Color) page in the Personalization Control Panel, or the Color Scheme dialog in the Display Control Panel on systems where the Personalization feature is not available.This setting prevents users from using Control Panel to change the window border and taskbar color (on ...

oval:org.secpod.oval:def:29733
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29730
This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote Desktop Services license server will issue to clients connecting to RD Session Host servers running other Windows-based operating systems.A license server attempts to provide t ...

oval:org.secpod.oval:def:29731
Microsoft recommends that you use this setting, if appropriate to your environment and your organizations business requirements, to help protect end user computers. This policy setting allows text to be specified in the title bar of the window that users see when they log on to the system.

oval:org.secpod.oval:def:29736
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29737
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29734
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29735
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29718
Specifies whether an entry for DirectAccess connectivity appears when the user clicks the Networking notification area icon.Set this to Disabled to prevent user confusion when you are just using DirectAccess to remotely manage DirectAccess client computers from your intranet and not providing seamle ...

oval:org.secpod.oval:def:29719
This policy setting prevents users from changing their user geographical location (GeoID).If you enable this policy setting, users cannot change their GeoID.If you disable or do not configure this policy setting, users may select any GeoID.If you enable this policy setting at the computer level, it ...

oval:org.secpod.oval:def:29716
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29717
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29721
Specifies whether the Windows NTP Server is enabled. Enabling the Windows NTP Server allows your computer to service NTP requests from other machines.

oval:org.secpod.oval:def:29722
This policy setting denies write access to the Floppy Drives removable storage class, including USB Floppy Drives.If you enable this policy setting, write access will be denied to this removable storage class.If you disable or do not configure this policy setting, write access will be allowed to thi ...

oval:org.secpod.oval:def:29720
This policy setting prevents administrators from viewing or using Group Policy preferences.A Group Policy administration (.adm) file can contain both true settings and preferences. True settings, which are fully supported by Group Policy, must use registry entries in the Software\Policies or Softwar ...

oval:org.secpod.oval:def:29725
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29726
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29723
This policy setting prevents redirection of USB devices.If you enable this setting, an alternate driver for USB devices cannot be loaded.If you disable or do not configure this setting, an alternate driver for USB devices can be loaded.

oval:org.secpod.oval:def:29724
Prevents users from entering author mode.This setting prevents users from opening the Microsoft Management Console (MMC) in author mode, explicitly opening console files in author mode, and opening any console files that open in author mode by default.As a result, users cannot create console files o ...

oval:org.secpod.oval:def:29707
Prevent the passwords group from syncing to and from this PC. This turns off and disables the passwords group on the sync your settings page in PC settings.If you enable this policy setting, the passwords group will not be synced.Use the option Allow users to turn passwords syncing on so that synci ...

oval:org.secpod.oval:def:29708
This policy setting allows you to prevent data loss when you change the target location for Folder Redirection, and the new and old targets point to the same network share, but have different network paths.If you enable this policy setting, Folder Redirection creates a temporary file in the old loca ...

oval:org.secpod.oval:def:29705
This policy setting controls whether a device will request claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication with domains that support these features. If you enable this policy setting, the client computers will request claims, provide ...

oval:org.secpod.oval:def:29706
Prevent the desktop personalization group from syncing to and from this PC. This turns off and disables the desktop personalization group on the sync your settings page in PC settings.If you enable this policy setting, the desktop personalization group will not be synced.Use the option Allow users ...

oval:org.secpod.oval:def:29709
This policy setting specifies whether the computers to which this setting is applied attempt DNS name resolution of a single-label domain names.By default, when a computer (or the DC Locator running on a computer, to be more specific) needs to locate a domain controller hosting an Active Directory d ...

oval:org.secpod.oval:def:29710
Prevents users from changing the size of the font in the windows and buttons displayed on their screens.If this setting is enabled, the Font size drop-down list on the Appearance tab in Display Properties is disabled. If you disable or do not configure this setting, a user may change the font size u ...

oval:org.secpod.oval:def:29711
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29714
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29715
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29712
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29713
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29700
This policy setting defines whether Wi-Fi hotspots are probed for Wireless Internet Service Provider roaming (WISPr) protocol support.If a Wi-Fi hotspot supports the WISPr protocol, users can submit credentials when manually connecting to the network. If authentication is successful, users will be c ...

oval:org.secpod.oval:def:29703
This policy setting allows you to prevent AutoPlay from remembering users choice of what to do when a device is connected. If you enable this policy setting, AutoPlay prompts the user to choose what to do when a device is connected. If you disable or do not configure this policy se ...

oval:org.secpod.oval:def:29704
This policy setting controls the state of Steps Recorder.Steps Recorder keeps a record of steps taken by the user. The data generated by Steps Recorder can be used in feedback systems such as Windows Error Reporting to help developers understand and fix problems. The data includes user actions such ...

oval:org.secpod.oval:def:29701
This policy setting determines whether Windows Error Reporting (WER) checks if the computer is running on battery power. By default, when a computer is running on battery power, WER only checks for solutions, but does not upload additional report data until the computer is connected to a more perman ...

oval:org.secpod.oval:def:29702
This policy setting allows you to specify whether the app registration is completed before showing the Start screen to the user. By default, when a new user signs in to a computer, the Start screen is shown and apps are registered in the background. However, some apps may not work until app registra ...

oval:org.secpod.oval:def:29776
This policy setting allows you to deny or audit outgoing NTLM traffic from this Windows 7 or this Windows Server 2008 R2 computer to any Windows remote server.This policy is supported on at least Windows 7 or Windows Server 2008 R2.Note: Audit and block events are recorded on this computer in the Op ...

oval:org.secpod.oval:def:29777
This setting lets you prevent users from running the Backup Status and Configuration program, which links to the file backup, file restore, and Complete PC Backup applications, and shows backup status. If you enable this policy setting, users cannot start the Backup Status and Configuration program. ...

oval:org.secpod.oval:def:29774
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29775
This policy restricts clients computers to use package point and print only.If this setting is enabled, users will only be able to point and print to printers that use package-aware drivers. When using package point and print, client computers will check the driver signature of all drivers that are ...

oval:org.secpod.oval:def:29778
This policy setting sets the maximum size of each user profile and determines the systems response when a user profile reaches the maximum size. This policy setting affects both local and roaming profiles.If you disable this policy setting or do not configure it, the system does not limit the size o ...

oval:org.secpod.oval:def:29779
This policy setting allows you to hide the Network tab.If you enable this policy setting, the Network tab in Windows Media Player is hidden. The default network settings are used unless the user has previously defined network settings for the Player.If you disable or do not configure this policy set ...

oval:org.secpod.oval:def:29773
This policy setting hides the welcome screen that is displayed on Windows 2000 Professional each time the user logs on.If you enable this policy setting, the welcome screen is hidden from the user logging on to a computer where this policy is applied.Users can still display the welcome screen by sel ...

oval:org.secpod.oval:def:29770
This policy will enable the Enhanced Storage device to be locked when the computer is locked.This policy is supported in Windows Enterprise and Business SKUs only.If you enable this policy setting, the Enhanced Storage device will remain locked when the computer is locked.If you disable or do not co ...

oval:org.secpod.oval:def:29771
This policy setting prevents users from having Internet Explorer automatically discover whether a feed or Web Slice is available for an associated webpage.If you enable this policy setting, the user does not receive a notification on the toolbar that a feed or Web Slice is available.If you disable o ...

oval:org.secpod.oval:def:29765
This policy setting allows you to prevent media information for music files from being retrieved from the Internet.If you enable this policy setting, the Player is prevented from automatically obtaining media information for music files such as Windows Media Audio (WMA) and MP3 files from the Intern ...

oval:org.secpod.oval:def:29766
This policy setting allows you to manage whether the Install Updates and Shut Down option is displayed in the Shut Down Windows dialog box.If you enable this policy setting, Install Updates and Shut Down will not appear as a choice in the Shut Down Windows dialog box, even if updates are available f ...

oval:org.secpod.oval:def:29763
Prevents the anchor window from being displayed when Windows Media Player is in skin mode.This policy hides the anchor window when the Player is in skin mode. In addition, the option on the Player tab in the Player that enables users to choose whether the anchor window displays is not available.When ...

oval:org.secpod.oval:def:29764
This policy setting allows you to prevent media information for CDs and DVDs from being retrieved from the Internet.If you enable this policy setting, the Player is prevented from automatically obtaining media information from the Internet for CDs and DVDs played by users. In addition, the Retrieve ...

oval:org.secpod.oval:def:29769
This policy setting allows users to search for installation files during privileged installations.If you enable this policy setting, the Browse button in the Use feature from dialog box is enabled. As a result, users can search for installation files even when the installation program is running wit ...

oval:org.secpod.oval:def:29767
This policy controls whether the logged on user should be notified if the logon server could not be contacted during logon and he has been logged on using previously stored account information.If enabled, a notification popup will be displayed to the user when the user logs on with cached credential ...

oval:org.secpod.oval:def:29768
This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers. (This policy setting does not affect foreground transfers.) You can specify a limit to use during a specific time interval and at all other times. For example, ...

oval:org.secpod.oval:def:29761
Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars.If you enable this setting, Windows Calendar will be turned off.If you disable or do not configure this setting, Windows Calendar ...

oval:org.secpod.oval:def:29762
This policy setting allows you to specify the MMS proxy settings for Windows Media Player.If you enable this policy setting, select one of the following proxy types:- Autodetect: the proxy settings are automatically detected.- Custom: unique proxy settings are used.If the Custom proxy type is select ...

oval:org.secpod.oval:def:29760
This policy setting restores the definitions of the %HOMESHARE% and %HOMEPATH% environment variables to those used in Windows NT 4.0 and earlier. Along with %HOMEDRIVE%, these variables define the home directory of a user profile. The home directory is a persistent mapping of a drive letter on the l ...

oval:org.secpod.oval:def:29749
Makes pen flicks learning mode unavailable.If you enable this policy, pen flicks are still available but learning mode is not. Pen flicks are off by default and can be turned on system-wide, but cannot be restricted to learning mode applications. This means that the pen flicks training triggers in I ...

oval:org.secpod.oval:def:29754
This policy setting allows you to deny or allow incoming NTLM traffic.This policy is supported on at least Windows 7 or Windows Server 2008 R2.Note: Block events are recorded on this computer in the Operational Log located under the Applications and Services Log\/Microsoft\/Windows\/NTLM.

oval:org.secpod.oval:def:29755
This policy setting allows you to configure IP Stateless Autoconfiguration Limits.If you enable or do not configure this policy setting, IP Stateless Autoconfiguration Limits will be enabled and system will limit the number of autoconfigured addresses and routes.If you disable this policy setting, I ...

oval:org.secpod.oval:def:29752
This policy setting determines whether the account name of the last user to log on to the client computers in your organization can display in each computers respective Windows logon screen. If you enable this policy setting, intruders cannot collect account names visually from the screens of deskt ...

oval:org.secpod.oval:def:29753
This policy setting allows you to audit incoming NTLM traffic.This policy is supported on at least Windows 7 or Windows Server 2008 R2.Note: Audit events are recorded on this computer in the Operational Log located under the Applications and Services Log\/Microsoft\/Windows\/NTLM.

oval:org.secpod.oval:def:29758
This policy setting allows you to manage the maximum number of authorization failures for each standard user for the Trusted Platform Module (TPM). If the number of authorization failures for the user within the duration for Standard User Lockout Duration equals this value, the standard user is pre ...

oval:org.secpod.oval:def:29759
This setting lets you disable file restore functionality. If you enable this policy setting, the file restore program is disabled. If you disable or do not configure this policy setting, the file restore program is enabled and users can restore files.

oval:org.secpod.oval:def:29756
This policy setting allows you to specify whether desktop wallpaper is displayed to clients when they are connected to a remote server using RDP. You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. If you enable this policy setting, wallpaper is not ...

oval:org.secpod.oval:def:29757
This policy setting allows you to specify whether the desktop is always displayed after a client connects to a remote computer or whether an initial program can run. It can require that the desktop be displayed after a client connects to a remote computer, even if an initial program is already speci ...

oval:org.secpod.oval:def:29750
Prevents media sharing from Windows Media Player.This policy prevents any user on this computer from sharing digital media content from Windows Media Player with other computers and devices that are on the same network. When this policy is disabled or not configured, anyone using Windows Media Playe ...

oval:org.secpod.oval:def:29751
This policy setting determines the Domain Name System (DNS) suffix devolution level that DNS clients will use, if the clients perform primary DNS suffix devolution in a name resolution process. When DNS suffix devolution is enabled, the leftmost label of a primary DNS suffix is dropped on each succe ...

oval:org.secpod.oval:def:29738
This policy turns off the autocorrect misspelled words option. This does not, however, prevent the user or an application from changing the setting programmatically. The autocorrect misspelled words option controls whether or not errors in typed text will be automatically corrected. If ...

oval:org.secpod.oval:def:29739
This policy setting prevents the user from customizing their locale by changing their user overrides.Any existing overrides in place when this policy is enabled will be frozen. To remove existing user overrides, first reset the user(s) values to the defaults and then apply this policy.When this poli ...

oval:org.secpod.oval:def:29743
This policy setting controls whether to have background synchronization for feeds and Web Slices.If you enable this policy setting, the ability to synchronize feeds and Web Slices in the background is turned off.If you disable or do not configure this policy setting, the user can synchronize feeds a ...

oval:org.secpod.oval:def:29744
This policy setting allows you to monitor tickets issued during Kerberos authentication whose size is close to or greater than a configured threshold value. The ticket size warnings are logged in the System log.If you enable this policy setting, you can set the threshold limit above which warnings w ...

oval:org.secpod.oval:def:29741
Includes rarely used Chinese, Kanji, and Hanja characters when handwriting is converted to typed text. This policy applies only to the use of the Microsoft recognizers for Chinese (Simplified), Chinese (Traditional), Japanese, and Korean. This setting appears in Input Panel Options only when these i ...

oval:org.secpod.oval:def:29742
This Group Policy Setting should be set on Windows clients to enable access-denied assistance for all file types

oval:org.secpod.oval:def:29747
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29748
This setting lets you prevent users from selecting a local disk (internal or external) for storing backups.If this setting is enabled, the user will be blocked from selecting a local disk as a backup location.If this setting is disabled or not configured, users can select a local disk as a backup lo ...

oval:org.secpod.oval:def:29745
Lets you selectively permit or prohibit the use of Microsoft Management Console (MMC) snap-ins.-- If you enable this setting, all snap-ins are prohibited, except those that you explicitly permit. Use this setting if you plan to prohibit use of most snap-ins. To explicitly permit a snap-in, open ...

oval:org.secpod.oval:def:29746
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29740
Specifies whether the Windows Update will use the Windows Power Management features to automatically wake up the system from hibernation, if there are updates scheduled for installation.Windows Update will only automatically wake up the system if Windows Update is configured to install updates autom ...

oval:org.secpod.oval:def:22380
Enable: 'Choose how BitLocker-protected removable drives can be recovered' for RDVRecovery

oval:org.secpod.oval:def:22389
Disable: 'Configure Windows SmartScreen'

oval:org.secpod.oval:def:22388
Enable: 'Turn on PIN sign-in'

oval:org.secpod.oval:def:22383
Disable: 'Enumerate local users on domain-joined computers'

oval:org.secpod.oval:def:22368
This setting controls whether local administrators are allowed to create connection security rules that apply with other connection security rules enforced by Group Policy.

oval:org.secpod.oval:def:22378
'Configure use of passwords for fixed data drives' for FDVPassphrase

oval:org.secpod.oval:def:22376
Terminal Services / Remote Desktop Services - Prevent users from connecting using Terminal Services or Remote Desktop

oval:org.secpod.oval:def:22361
'Configure use of passwords for operating system drives' for OSPassphrase

oval:org.secpod.oval:def:22352
Multiple network connections can provide additional attack vectors to a system and must be limited.

oval:org.secpod.oval:def:22350
Enable: 'Allow unencrypted traffic (Client)'

oval:org.secpod.oval:def:29806
Enable this policy to prevent indexing public folders in Microsoft Office Outlook. When this policy is disabled or not configured, the user has the option to index cached public folders in Outlook. Public folders are only indexed when using Outlook 2003 or later. The user must be running in cached m ...

oval:org.secpod.oval:def:29807
This policy setting displays the instructions in shutdown scripts as they run.Shutdown scripts are batch files of instructions that run when the user restarts the system or shuts it down. By default, the system does not display the instructions in the shutdown script.If you enable this policy settin ...

oval:org.secpod.oval:def:29804
Enable this policy setting to prevent the indexing of the content of e-mail attachments. If enabled, indexing service components (including non-Microsoft components) are expected not to index e-mail attachments. Consider enabling this policy if you are concerned about the security or indexing perfor ...

oval:org.secpod.oval:def:29805
If enabled, files on network shares made available offline are not indexed. Otherwise they are indexed. Disabled by default.

oval:org.secpod.oval:def:29808
This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a fil ...

oval:org.secpod.oval:def:29809
Determines whether scheduled diagnostics will run to proactively detect and resolve system problems.If you enable this policy setting, you must choose an execution level. If you choose detection and troubleshooting only, Windows will periodically detect and troubleshoot problems. The user will be ...

oval:org.secpod.oval:def:29810
This policy setting displays the instructions in startup scripts as they run.Startup scripts are batch files of instructions that run before the user is invited to log on. By default, the system does not display the instructions in the startup script.If you enable this policy setting, the system dis ...

oval:org.secpod.oval:def:29813
Permits or prohibits use of this snap-in.If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited.If this setting is not configured, the setting of the Restrict users to the explicitly permitted list of snap-ins setting determines whether this snap- ...

oval:org.secpod.oval:def:29814
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29811
Turns off the handwriting recognition error reporting tool.The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error repor ...

oval:org.secpod.oval:def:29812
Restricts the tool download policy for Microsoft Support Diagnostic Tool.Microsoft Support Diagnostic Tool (MSDT) gathers diagnostic data for analysis by support professionals. For some problems, MSDT may prompt the user to download additional tools for troubleshooting.These tools are required to c ...

oval:org.secpod.oval:def:29802
This policy setting allows you to enable or disable the Add\/Remove location options on the All Locations menu as well as any defined locations that were made by a user. When this policy is not configured, the default behavior is to allow users to add and remove new locations to the locations menu. ...

oval:org.secpod.oval:def:29803
If enabled, Search and Indexing Options in Control Panel does not allow opening the Modify Locations dialog. Otherwise it can be opened. Disabled by default.

oval:org.secpod.oval:def:29800
When using Microsoft Office Outlook in online mode, you can enable this policy to control how fast online mail is indexed on a Microsoft Exchange server. The lower you set this policy, the lower the burden will be on the corresponding Microsoft Exchange server. The default value for this policy is 1 ...

oval:org.secpod.oval:def:29801
Enabling this policy prevents users from adding UNC locations to the index from the Search and Indexing Options in Control Panel. Any UNC locations that have already been added to the index by the user will not be removed.When this policy is disabled or not configured, users will be able to add UNC ...

oval:org.secpod.oval:def:22391
This policy setting prevents users from adding new Microsoft accounts on this computer.

oval:org.secpod.oval:def:22397
Enable: 'Disallow WinRM from storing RunAs credentials'

oval:org.secpod.oval:def:22395
Prevent installation of devices using drivers that match these device setup classes (DenyDeviceClasses)

oval:org.secpod.oval:def:29017
Disabling heap termination on corruption can allow certain legacy plug-in applications to function without terminating Explorer immediately, although Explorer may still terminate unexpectedly later.

oval:org.secpod.oval:def:29018
This policy setting lets you hide the list of previous versions of files that are on local disks. The previous versions could come from the on-disk restore points or from backup media.If you enable this policy setting, users cannot list or restore previous versions of files on local disks.If you dis ...

oval:org.secpod.oval:def:29015
Windows Server operating systems support 8.3 file name formats for backward compatibility with16-bit applications. The 8.3 file name convention is a naming format that allows file names up to eight characters long.The registry value entry NtfsDisable8dot3NameCreation was added to the template file i ...

oval:org.secpod.oval:def:29016
This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain.When the policy setting is enabled:-Windows XP and late ...

oval:org.secpod.oval:def:29019
This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file.If yo ...

oval:org.secpod.oval:def:29010
This policy setting prevents Windows Messenger from automatically running at logon. If you enable this policy setting, Windows Messenger is not loaded automatically when a user logs on.If you disable or do not configure this policy setting, Windows Messenger will be loaded automatically at logon.Not ...

oval:org.secpod.oval:def:29013
Prevent the app settings group from syncing to and from this PC. This turns off and disables the app settings group on the sync your settings page in PC settings.If you enable this policy setting, the app settings group will not be synced.Use the option Allow users to turn app settings syncing on s ...

oval:org.secpod.oval:def:29014
This policy setting controls whether users are shown an error dialog box that lets them report an error.If you enable this policy setting, users are notified in a dialog box that an error has occurred, and can display more details about the error. If the Configure Error Reporting policy setting is a ...

oval:org.secpod.oval:def:29011
This policy setting turns off toast notifications on the lock screen.If you enable this policy setting, applications will not be able to raise toast notifications on the lock screen.If you disable or do not configure this policy setting, toast notifications on the lock screen are enabled and can be ...

oval:org.secpod.oval:def:29012
This policy setting allows you to control a users ability to invoke a computer policy refresh.If you enable this policy setting, users are not able to invoke a refresh of computer policy. Computer policy will still be applied at startup or when an official policy refresh occurs.If you disable or do ...

oval:org.secpod.oval:def:29006
This policy setting prevents plaintext PINs from being returned by Credential Manager. If you enable this policy setting, Credential Manager does not return a plaintext PIN. If you disable or do not configure this policy setting, plaintext PINs can be returned by Credential Manager.Note: Enabling th ...

oval:org.secpod.oval:def:29007
This policy setting determines which subsystems are used to support applications in your environment.Note: When you configure this setting you specify a list of one or more objects. The delimiter used when entering the list is a line feed or carriage return, that is, type the first object on the lis ...

oval:org.secpod.oval:def:29004
This setting lets you prevent users from selecting optical media (CD\/DVD) for storing backups.If this setting is enabled, users will be blocked from selecting optical media as a backup location.If this setting is disabled or not configured, users can select optical media as a backup location.

oval:org.secpod.oval:def:29005
This policy setting allows you to prevent the installation of devices that are not specifically described by any other policy setting.If you enable this policy setting, Windows is prevented from installing, or updating the device driver for, any device that is not described by either the Allow insta ...

oval:org.secpod.oval:def:29008
Turn off Panning Turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.If you enable this setting, the user ...

oval:org.secpod.oval:def:29009
This policy setting prohibits access to Windows Connect Now (WCN) wizards. If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration related tasks, including Set up a wireless router or access point and Add a wireless dev ...

oval:org.secpod.oval:def:29002
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29003
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29000
This policy setting prevents the user from subscribing to or deleting a feed or a Web Slice.If you enable this policy setting, the menu command to subscribe to a feed and the menu command to delete a feed are disabled, and access to Web Slices is turned off. A developer cannot add a feed or Web Slic ...

oval:org.secpod.oval:def:29001
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29848
Removes the list of most recently used files from the Open dialog box.If you disable this setting or do not configure it, the File name field includes a drop-down list of recently used files. If you enable this setting, the File name field is a simple text box. Users must browse directories to find ...

oval:org.secpod.oval:def:29849
Shows or hides hibernate from the power options menu. If you enable this policy setting, the hibernate option will be shown in the Power Options menu (as long as it is supported by the machines hardware).If you disable this policy setting, the hibernate option will never be shown in the Power Option ...

oval:org.secpod.oval:def:29853
This policy setting disables the detection of slow network connections. Slow link detection measures the speed of the connection between a users computer and the remote server that stores the roaming user profile. When the system detects a slow link, the related policy settings in this folder tell t ...

oval:org.secpod.oval:def:29854
This policy setting determines if dynamic registration of the domain controller (DC) locator DNS resource records is enabled. These DNS records are dynamically registered by the Net Logon service and are used by the Locator algorithm to locate the DC.If you enable this policy setting, DCs to which t ...

oval:org.secpod.oval:def:29851
This security setting determines whether domain controllers will refuse requests from member computers to change computer account passwords. By default, member computers change their computer account passwords every 30 days. If enabled, the domain controller will refuse computer account password cha ...

oval:org.secpod.oval:def:29852
Enable this policy to prevent indexing of any Microsoft Outlook items. The default is to automatically index Outlook items. If this policy is enabled then the users Outlook items will not be added to the index and the user will not see them in search results.

oval:org.secpod.oval:def:29857
This policy setting allows you to prevent users from accessing Folder Options through the View tab on the ribbon in File Explorer. Folder Options allows users to change the way files and folders open, what appears in the navigation pane, and other advanced view settings.If you enable this policy set ...

oval:org.secpod.oval:def:29858
This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical order. If you enable this policy setting, File Explorer will sort file names by each digit in a file name (for example, 111 < 22 < 3).If you disable or do not configure ...

oval:org.secpod.oval:def:29855
This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file, in which the previous version is stored on a backup.If you enable this policy setting, the Restore button is disabled when the user selects a ...

oval:org.secpod.oval:def:29856
Disables the Hide keyboard navigation indicators until I use the ALT key option in Display in Control Panel.When this Display Properties option is selected, the underlining that indicates a keyboard shortcut character (hot key) does not appear on menus until you press ALT.Effects, such as transitory ...

oval:org.secpod.oval:def:29850
This policy setting causes the run list, which is a list of programs that Windows runs automatically when it starts, to be ignored. The customized run lists for Windows Vista are stored in the registry at the following locations:- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run- HKE ...

oval:org.secpod.oval:def:29839
Denies or allows access to the Windows Mail application.If you enable this setting, access to the Windows Mail application is denied.If you disable or do not configure this setting, access to the Windows Mail application is allowed.

oval:org.secpod.oval:def:29837
This policy setting ignores customized run-once lists.You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system star ...

oval:org.secpod.oval:def:29838
This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.If you enable or do not configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers ...

oval:org.secpod.oval:def:29842
Prevent syncing to and from this PC when on metered Internet connections. This turns off and disables sync your settings on metered connections switch on the sync your settings page in PC Settings.If you enable this policy setting, syncing on metered connections will be turned off, and no syncing w ...

oval:org.secpod.oval:def:29843
This policy setting allows words that contain diacritic characters to be treated as separate words. If you enable this policy setting, words that only differ in diacritics are treated as different words. If you disable this policy setting, words with diacritics and words without diacritics are treat ...

oval:org.secpod.oval:def:29840
Specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses.This policy setting is designed for computers that register address (A) resource records in DNS zones that do not use Secure Dynamic Updates. Secure Dynamic Update preserves ownership o ...

oval:org.secpod.oval:def:29841
This policy setting allows you to control whether users see the first sign-in animation when signing in to the PC for the first time.If you enable this policy setting, users will see the animation.If you disable this policy setting, users will not see the animation.If you dont configure this policy ...

oval:org.secpod.oval:def:29846
Specifies whether Events.asp hyperlinks are available for events within the Event Viewer application.The Event Viewer normally makes all HTTP(S) URLs into hot links that activate the Internet browser when clicked. In addition, More Information is placed at the end of the description text if the even ...

oval:org.secpod.oval:def:29847
Removes all computers outside of the users workgroup or local domain from lists of network resources in File Explorer and Network Locations.If you enable this setting, the system removes the Entire Network option and the icons representing networked computers from Network Locations and from the brow ...

oval:org.secpod.oval:def:29844
If enabled, the indexer pauses whenever the computer is running on battery. If disabled, the indexing follows the default behavior. Default is disabled.

oval:org.secpod.oval:def:29845
This policy setting determines the maximum retry interval allowed when applications performing periodic searches for Domain Controllers (DCs) are unable to find a DC.For example, the retry intervals may be set at 10 minutes, then 20 minutes and then 40 minutes, but when the interval reaches the val ...

oval:org.secpod.oval:def:29828
Prevent syncing to and from this PC. This turns off and disables the sync your settings switch on the sync your settings page in PC Settings.If you enable this policy setting, sync your settings will be turned off, and none of the sync your setting groups will be synced on this PC.Use the option Al ...

oval:org.secpod.oval:def:29829
Enabling this policy allows indexing of items for online delegate mailboxes on a Microsoft Exchange server. This policy affects only delegate mailboxes that are online. Microsoft Outlook 2007 allows users to cache portions of delegate mailboxes locally (for example, contacts or a calendar). This pol ...

oval:org.secpod.oval:def:29826
By default, Add features to Windows 8 is available for all administrators. If you enable this policy setting, the wizard will not run.If you disable this policy setting or set it to Not Configured, the wizard will run.

oval:org.secpod.oval:def:29827
This policy setting prevents users from making network files and folders available offline.If you enable this policy setting, users cannot designate files to be saved on their computer for offline use. However, Windows will still cache local copies of files that reside on network shares designated f ...

oval:org.secpod.oval:def:29831
This policy setting enables Remote Assistance invitations to be generated with improved encryption so that only computers running this version (or later versions) of the operating system can connect. This policy setting does not affect Remote Assistance connections that are initiated by instant mess ...

oval:org.secpod.oval:def:29832
This policy setting determines whether Windows traces shortcuts back to their sources when it cannot find the target on the users system.Shortcut files typically include an absolute path to the original target file as well as the relative path to the current target file. When the system cannot find ...

oval:org.secpod.oval:def:29830
If enabled, clients will be unable to query this computers index remotely. Thus, when they are browsing network shares that are stored on this computer, they will not search them using the index. If disabled, client search requests will use this computers index. Default is disabled.

oval:org.secpod.oval:def:29835
This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol, applications can open folders and launch files. The protected mode reduces the functionality of this protocol allowing applications to only op ...

oval:org.secpod.oval:def:29836
This policy setting lets you hide the list of previous versions of files that are on file shares. The previous versions come from the on-disk restore points on the file share.If you enable this policy setting, users cannot list or restore previous versions of files on file shares.If you disable this ...

oval:org.secpod.oval:def:29833
This policy setting allows you to remove the Shared Documents folder from My Computer.When a Windows client is in a workgroup, a Shared Documents icon appears in the File Explorer Web view under Other Places and also under Files Stored on This Computer in My Computer. Using this policy setting, you ...

oval:org.secpod.oval:def:29834
Prevents users from submitting alternate logon credentials to install a program.This setting suppresses the Install Program As Other User dialog box for local and network installations. This dialog box, which prompts the current user for the user name and password of an administrator, appears when u ...

oval:org.secpod.oval:def:29817
Makes pen flicks and all related features unavailable.If you enable this policy, pen flicks and all related features are unavailable. This includes: pen flicks themselves, pen flicks training, pen flicks training triggers in Internet Explorer, the pen flicks notification and the pen flicks tray icon ...

oval:org.secpod.oval:def:29818
This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device.If you enable this policy setting, Windo ...

oval:org.secpod.oval:def:29815
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29816
Specifies whether to prevent the MS-DOS subsystem (ntvdm.exe) from running on this computer. This setting affects the launching of 16-bit applications in the operating system. By default, the MS-DOS subsystem runs for all users on this computer.You can use this setting to turn off the MS-DOS subsyst ...

oval:org.secpod.oval:def:29819
Microsoft recommends that you use this setting, if appropriate to your environment and your organizations business requirements, to help protect end user computers. This policy setting requires users to log on to a computer with a smart card.Note: This setting applies to Windows 2000 computers, but ...

oval:org.secpod.oval:def:29820
This policy setting determines whether digital certificates are processed when software restriction policies are enabled and a user or process attempts to run software with an .exe file name extension. It enables or disables certificate rules (a type of software restriction policies rule). With soft ...

oval:org.secpod.oval:def:29821
This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.You can use this setting to prevent users from redirecting Clipboard data to and from the remote compute ...

oval:org.secpod.oval:def:29824
This policy setting allows you to hide the Privacy tab in Windows Media Player.If you enable this policy setting, the Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet check box on the Media Library tab is available, even though the Privacy tab is hi ...

oval:org.secpod.oval:def:29825
This policy controls whether the logged on user should be notified when his logon hours are about to expire. By default, a user is notified before logon hours expire, if actions have been set to occur when the logon hours expire.If you enable this setting, warnings are not displayed to the user befo ...

oval:org.secpod.oval:def:29822
This policy setting lets you prevent users from selecting a network location for storing backups. If you enable this policy setting, users are blocked from selecting a network location as a backup location. If disable or do not configure this policy setting, users can select a network location as a ...

oval:org.secpod.oval:def:29823
This policy setting allows you to specify that Windows Media Player can attempt to use selected protocols when receiving streaming media from a server running Windows Media Services.If you enable this policy setting, the protocols that are selected on the Network tab of the Player are used to receiv ...

oval:org.secpod.oval:def:29897
Removes Active Desktop content and prevents users from adding Active Desktop content. This setting removes all Active Desktop items from the desktop. It also removes the Web tab from Display in Control Panel. As a result, users cannot add Web pages or pictures from the Internet or an intranet to th ...

oval:org.secpod.oval:def:29898
This policy setting allows you to permit or prohibit use of the Control Panel Settings item and all preference extensions listed in the Group Policy Management Editor window of the GPMC under Computer Configuration\Preferences\Control Panel Settings. When the Control Panel Settings item or a prefere ...

oval:org.secpod.oval:def:29895
This policy setting specifies whether to allow this client to download print driver packages over HTTP.To set up HTTP printing, non-inbox drivers need to be downloaded over HTTP.Note: This policy setting does not prevent the client from printing to printers on the Intranet or the Internet over HTTP. ...

oval:org.secpod.oval:def:29896
This policy setting allows users to enable authentication options that require user input from the pre-boot environment even if the platform indicates lack of pre-boot input capability.The Windows on-screen touch keyboard (such as used by slates) is not available in the pre-boot environment where Bi ...

oval:org.secpod.oval:def:29899
This policy setting allows you to permit or prohibit use of the Regional Options preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension ...

oval:org.secpod.oval:def:29890
This policy setting allows you to permit or prohibit use of Application snap-ins (Application preference item types). When prohibited, no Application preference item types appear when you attempt to create a new Application preference item, and you are unable to do so. This policy setting does not a ...

oval:org.secpod.oval:def:29893
This policy setting allows you to manage whether HotStart buttons can be used to launch applications.If you enable this policy setting, applications cannot be launched using the HotStart buttons.If you disable or do not configure this policy setting, applications can be launched using the HotStart b ...

oval:org.secpod.oval:def:29894
This policy setting specifies whether to allow printing over HTTP from this client.Printing over HTTP allows a client to print to printers on the intranet as well as the Internet.Note: This policy setting affects the client side of Internet printing only. It does not prevent this computer from actin ...

oval:org.secpod.oval:def:29891
This policy setting limits a node to resolving, but not publishing, names in a specific Peer Name Resolution Protocol (PNRP) cloud.This policy setting forces computers to act as clients in peer-to-peer (P2P) scenarios. For example, a client computer can detect other computers to initiate chat sessio ...

oval:org.secpod.oval:def:29892
This policy setting specifies whether users can provide ratings for Help content.If you enable this policy setting, ratings controls are not added to Help content.If you disable or do not configure this policy setting, ratings controls are added to Help topics.Users can use the control to provide fe ...

oval:org.secpod.oval:def:29886
This policy setting configures whether or not Windows will activate an Enhanced Storage device.If you enable this policy setting, Windows will not activate unactivated Enhanced Storage devices.If you disable or do not configure this policy setting, Windows will activate unactivated Enhanced Storage ...

oval:org.secpod.oval:def:29887
This policy setting specifies whether the client computer should use the Distributed Cache mode. This BranchCache mode enables a client computer to retrieve content that has been downloaded and cached by other client computers in the branch office. To access cached content from other client computer ...

oval:org.secpod.oval:def:29884
Symbolic links can introduce vulnerabilities in certain applications. To mitigate this issue, you can selectively enable or disable the evaluation of these types of symbolic links:Local Link to a Local TargetLocal Link to a Remote TargetRemote Link to Remote TargetRemote Link to Local TargetFor furt ...

oval:org.secpod.oval:def:29885
This policy setting specifies whether client computers should attempt the automatic configuration of hosted cache mode by searching for hosted cache servers publishing service connection points that are associated with the clients current Active Directory site. If you enable this policy setting, cl ...

oval:org.secpod.oval:def:29888
Prevents users from adjusting the length of desktop toolbars. Also, users cannot reposition items or toolbars on docked toolbars.This setting does not prevent users from adding or removing toolbars on the desktop.Note: If users have adjusted their toolbars, this setting prevents them from restoring ...

oval:org.secpod.oval:def:29889
This policy setting allows you to permit or prohibit use of the Preferences tab. When prohibited, the Preferences tab does not appear when you view a preference extension in the Group Policy Management Editor window of the GPMC. The Extended and Standard tabs are unaffected, and you can still create ...

oval:org.secpod.oval:def:29882
This policy setting determines whether Windows PowerShell scripts will run before non-PowerShell scripts during computer startup and shutdown. By default, PowerShell scripts run after non-PowerShell scripts. If you enable this policy setting, within each applicable Group Policy object (GPO), PowerS ...

oval:org.secpod.oval:def:29883
Use this outbound rule to block IP protocol number 41.

oval:org.secpod.oval:def:29880
This policy setting allows you to restrict the installation of unsigned gadgets. Desktop gadgets can be deployed as compressed files, either digitally signed or unsigned.If you enable this setting, gadgets that have not been digitally signed will not be extracted.If you disable or do not configure ...

oval:org.secpod.oval:def:29881
Directs the system to wait for the logon scripts to finish running before it starts the Windows Explorer interface program and creates the desktop.If you enable this setting, Windows Explorer does not start until the logon scripts have finished running. This setting ensures that logon script process ...

oval:org.secpod.oval:def:29875
This policy setting allows you to permit or prohibit use of the Ini Files preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension. Enabli ...

oval:org.secpod.oval:def:29876
This policy setting allows you to permit or prohibit use of the Services preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension unless r ...

oval:org.secpod.oval:def:29873
Prevents users from using the Desktop Cleanup Wizard.If you enable this setting, the Desktop Cleanup wizard does not automatically run on a users workstation every 60 days. The user will also not be able to access the Desktop Cleanup Wizard.If you disable this setting or do not configure it, the def ...

oval:org.secpod.oval:def:29874
Remote shared folders are not added to Network Locations whenever you open a document in the shared folder.If you disable this setting or do not configure it, when you open a document in a remote shared folder, the system adds a connection to the shared folder to Network Locations.If you enable this ...

oval:org.secpod.oval:def:29879
This policy restricts the permitted system locales to the specified list. If the list is empty, it locks the system locale to its current value. This policy does not change the existing system locale; however, the next time that an admin attempts to change the machines system locale they will be res ...

oval:org.secpod.oval:def:29877
Use this outbound rule to block UDP port 3544.

oval:org.secpod.oval:def:29878
This policy setting allows you to restrict users to a single remote Remote Desktop Services session.If you enable this policy setting, users who log on remotely using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server. If the user leaves the ...

oval:org.secpod.oval:def:29871
This policy setting disables or removes all menu items and buttons that log the user off the system.If you enable this policy setting, users will not see the Log off menu item when they press Ctrl+Alt+Del. This will prevent them from logging off unless they restart or shutdown the computer, or click ...

oval:org.secpod.oval:def:29872
Enables Active Desktop and prevents users from disabling it.This setting prevents users from trying to enable or disable Active Desktop while a policy controls it.If you disable this setting or do not configure it, Active Desktop is disabled by default, but users can enable it.Note: If both the Enab ...

oval:org.secpod.oval:def:29870
Removes the Add programs from Microsoft section from the Add New Programs page. This setting prevents users from using Add or Remove Programs to connect to Windows Update.If you disable this setting or do not configure it, Add programs from Microsoft is available to all users.This setting does not p ...

oval:org.secpod.oval:def:29859
This policy setting allows you to remove computers in the users workgroup and domain from lists of network resources in File Explorer and Network Locations.If you enable this policy setting, the system removes the Computers Near Me option and the icons representing nearby computers from Network Loca ...

oval:org.secpod.oval:def:29864
This setting allows an administrator to revert specific Windows Shell behavior to classic Shell behavior.If you enable this setting, users cannot configure their system to open items by single-clicking (such as in Mouse in Control Panel). As a result, the user interface looks and operates like the i ...

oval:org.secpod.oval:def:29865
This policy setting allows you to turn off the display of snippets in Content view mode.If you enable this policy setting, File Explorer will not display snippets in Content view mode.If you disable or do not configure this policy setting, File Explorer shows snippets in Content view mode by default ...

oval:org.secpod.oval:def:29862
This policy setting prevents the display of the Welcome Center at user logon.If you enable this policy setting, the Welcome Center is not displayed at user logon. The user can access the Welcome Center using the Control Panel or Start menu.If you disable or do not configure this policy setting, the ...

oval:org.secpod.oval:def:29863
This policy setting ignores the customized run list.You can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista, Windows XP Professional, and Windows 2000 Professional. These programs are added to the standard run list of p ...

oval:org.secpod.oval:def:29868
If you enable this policy setting, users are required to enter Windows credentials on the Secure Desktop by means of the trusted path mechanism. This means that before entering account and password information to authorize an elevation request, a user first need to press CTRL+ALT+DEL.

oval:org.secpod.oval:def:29869
This setting controls whether local accounts can be used for remote administration via network logon (e.g., NET USE, connecting to C$, etc.). Local accounts are at high risk for credential theft when the same account and password is configured on multiple systems. Enabling this policy significantly ...

oval:org.secpod.oval:def:29866
Removes the Manage item from the File Explorer context menu. This context menu appears when you right-click File Explorer or My Computer.The Manage item opens Computer Management (Compmgmt.msc), a console tool that includes many of the primary Windows 2000 administrative tools, such as Event Viewer, ...

oval:org.secpod.oval:def:29867
Hides the Preview Pane in File Explorer.If you enable this policy setting, the Preview Pane in File Explorer is hidden and cannot be turned on by the user.If you disable, or do not configure this setting, the Preview Pane is hidden by default and can be displayed by the user.

oval:org.secpod.oval:def:29860
Shows or hides sleep from the power options menu. If you enable this policy setting, the sleep option will be shown in the Power Options menu (as long as it is supported by the machines hardware).If you disable this policy setting, the sleep option will never be shown in the Power Options menu.If yo ...

oval:org.secpod.oval:def:29861
This policy setting lets you hide the list of previous versions of files that are on local disks. The previous versions could come from the on-disk restore points or from backup media.If you enable this policy setting, users cannot list or restore previous versions of files on local disks.If you dis ...

oval:org.secpod.oval:def:22491
Uncontrolled installation of applications can introduce various issues including system instability, and provide access to sensitive information. Installation of applications must be controlled by the enterprise. Turning off access to the Windows Store will limit access to publicly available applica ...

oval:org.secpod.oval:def:22496
Disable: 'Require additional authentication at startup' for UseAdvancedStartup

oval:org.secpod.oval:def:22494
This policy setting allows you to set the encryption types that Kerberos is allowed to use.

oval:org.secpod.oval:def:22488
App notifications that are displayed on the lock screen could display sensitive information to unauthorized personnel. Turning off this feature will limit access to the information to a logged on user.

oval:org.secpod.oval:def:22487
'Choose how BitLocker-protected fixed drives can be recovered' for FDVRecovery

oval:org.secpod.oval:def:22481
This policy setting specifies whether computers in your environment will receive security updates from Windows Update or WSUS

oval:org.secpod.oval:def:22473
Enabling trusted app installation allows for enterprise line of business Windows 8 type apps. A trusted app package is one that is signed with a certificate chain that can be successfully validated in the enterprise. Configuring this ensures enterprise line of business apps are accessible.

oval:org.secpod.oval:def:29927
This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings.If you enable this policy setting, the default consent levels of Windows Error Reporting always override any other consent policy setting.If you disable or do not configure thi ...

oval:org.secpod.oval:def:29928
This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log.If you enable this policy setting, Windows Error Reporting events are not recorded in the system event log.If you disable or do not configure this policy setting, Windows Erro ...

oval:org.secpod.oval:def:29925
This policy setting allows you to turn off saving the auto-tuning result to file.If you enable this policy setting, the auto-tuning data is not saved to file. If you disable or do not configure this policy setting, auto-tuning data is saved to file by default.This policy setting applies to Japanese ...

oval:org.secpod.oval:def:29926
This policy setting prevents Windows from keeping track of the apps that are used and searched most frequently. If you enable this policy setting, apps will be sorted alphabetically in: - search results - the Search and Share panes - the drop-down app list in the Picker If you di ...

oval:org.secpod.oval:def:29929
This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically.If you enable this policy setting, any additional data requests from Microsoft in response to a Windows Error Reporting report are automatically declined, without notification to t ...

oval:org.secpod.oval:def:29930
This policy setting controls the default color for window frames when the user does not specify a color.If you enable this policy setting and specify a default color, this color will be used in glass window frames, if the user has not specified a color.If you disable or do not configure this policy ...

oval:org.secpod.oval:def:29931
This policy setting determines whether Group Policy processing is synchronous (that is, whether computers wait for the network to be fully initialized during computer startup and user logon). By default, on client computers, Group Policy processing is not synchronous; client computers typically do n ...

oval:org.secpod.oval:def:29934
Removes the Add New Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page.The Add New Programs button lets users install programs published or assigned by a system administrator.If you disable this setting or do not configure it, the Add New ...

oval:org.secpod.oval:def:29935
Prevents the user from enabling or disabling Active Desktop or changing the Active Desktop configuration.This is a comprehensive setting that locks down the configuration you establish by using other policies in this folder. This setting removes the Web tab from Display in Control Panel. As a result ...

oval:org.secpod.oval:def:29932
This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer. This policy setting is applied when you turn on BitLocker.If you enable this policy setting, all fixed data drives that are not BitLocker-protected will be mounted as read-only ...

oval:org.secpod.oval:def:29933
This policy setting controls whether a BitLocker-protected computer that is connected to a trusted wired Local Area Network (LAN) and joined to a domain can create and use Network Key Protectors on TPM-enabled computers to automatically unlock the operating system drive when the computer is started. ...

oval:org.secpod.oval:def:29916
This policy setting disallows AutoPlay for MTP devices like cameras or phones. If you enable this policy setting, AutoPlay is not allowed for MTP devices like cameras or phones. If you disable or do not configure this policy setting, AutoPlay is enabled for non-volume devices.

oval:org.secpod.oval:def:29917
Specifies that the DNS client should prefer responses from link local name resolution protocols on non-domain networks over DNS responses when issuing queries for flat names. Examples of link local name resolution protocols include link local multicast name resolution (LLMNR) and NetBIOS over TCP\/I ...

oval:org.secpod.oval:def:29914
This policy setting allows you to manage the deployment operations of app packages when the user is logged in under special profiles.Deployment operation refers to adding, registering, staging, updating or removing an app package.Special profiles refer to profiles with the following types: mandatory ...

oval:org.secpod.oval:def:29915
This policy setting allows you to minimize the risk involved when an app launches the default program for a protocol. Because desktop programs run at a higher integrity level than apps, there is a risk that a protocol launched by an app could compromise the system by launching a desktop program. ...

oval:org.secpod.oval:def:29918
This policy setting controls the default color for window frames when the user does not specify a color. If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user does not specify a color. If you disable or do not configure this policy sett ...

oval:org.secpod.oval:def:29919
This policy setting controls the ability to change the color of window frames. If you enable this policy setting, you prevent users from changing the default window frame color. If you disable or do not configure this policy setting, you allow users to change the default window frame color. Note: Th ...

oval:org.secpod.oval:def:29920
This policy setting allows you to configure the accessibility of the Flip 3D feature. Flip 3D allows the user to view items on the Windows desktop as they are being flipped through in three dimensions. If you enable this policy setting, Flip 3D is inaccessible. If you disable or do not configure thi ...

oval:org.secpod.oval:def:29923
This policy setting allows you to turn off Internet search integration.If you enable this policy setting, you cannot add a new search integration configuration file. A search integration configuration file that was installed before enabling this policy setting is not used.If you disable or do not c ...

oval:org.secpod.oval:def:29924
This policy setting allows you to turn off Open Extended Dictionary.If you enable this policy setting, Open Extended Dictionary is turned off. You cannot add a new Open Extended Dictionary.For Japanese Microsoft IME, an Open Extended Dictionary that is added before enabling this policy setting is no ...

oval:org.secpod.oval:def:29921
This policy setting allows you to include the Non-Publishing Standard Glyph in the candidate list when Publishing Standard Glyph for the word exists.If you enable this policy setting, Non-Publishing Standard Glyph is not included in the candidate list when Publishing Standard Glyph for the word exis ...

oval:org.secpod.oval:def:29922
This policy setting allows you to turn off the ability to use a custom dictionary.If you enable this policy setting, you cannot add, edit, and delete words in the custom dictionary either with GUI tools or APIs. A word registered in the custom dictionary before enabling this policy setting is not us ...

oval:org.secpod.oval:def:29905
This policy setting specifies whether the tasks Publish this file to the Web, Publish this folder to the Web, and Publish the selected items to the Web are available from File and Folder Tasks in Windows folders.The Web Publishing Wizard is used to download a list of providers and allow users to pub ...

oval:org.secpod.oval:def:29906
This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used.With the Customer Experience Improvement program, users can allow Microsoft to collect anonymous information about how the product is used. This informatio ...

oval:org.secpod.oval:def:29903
This policy setting specifies whether to use the Store service for finding an application to open a file with an unhandled file type or protocol association. When a user opens a file type or protocol that is not associated with any applications on the computer, the user is given the choice to select ...

oval:org.secpod.oval:def:29904
This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards.These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default, Windows displays provi ...

oval:org.secpod.oval:def:29909
Specifies that NetBIOS over TCP\/IP (NetBT) queries are issued for fully qualified domain names. If you enable this policy setting, NetBT queries will be issued for multi-label and fully qualified domain names such as www.example.com in addition to single-label names. If you disable this policy set ...

oval:org.secpod.oval:def:29907
Device compatibility settings.

oval:org.secpod.oval:def:29908
Specifies whether the administrator will be prompted about going to Windows Update to search for device drivers using the Internet.Note: This setting only has effect if Turn off Windows Update device driver searching in Administrative Templates\/System\/Internet Communication Management\/Internet Co ...

oval:org.secpod.oval:def:29912
Removes the Change or Remove Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page.The Change or Remove Programs button lets users uninstall, repair, add, or remove features of installed programs.If you disable this setting or do not configur ...

oval:org.secpod.oval:def:29913
Prevents users from using Add or Remove Programs to configure installed services.This setting removes the Set up services section of the Add\/Remove Windows Components page. The Set up services section lists system services that have not been configured and offers users easy access to the configurat ...

oval:org.secpod.oval:def:29910
Specifies whether the DNS client should convert internationalized domain names (IDNs) to Punycode when the computer is on non-domain networks with no WINS servers configured.If this policy setting is enabled, IDNs are not converted to Punycode.If this policy setting is disabled, or if this policy se ...

oval:org.secpod.oval:def:29911
Specifies whether the DNS client should convert internationalized domain names (IDNs) to the Nameprep form, a canonical Unicode representation of the string.If this policy setting is enabled, IDNs are converted to the Nameprep form.If this policy setting is disabled, or if this policy setting is not ...

oval:org.secpod.oval:def:29901
This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers during the work and non-work days and hours. The work schedule is defined using a weekly calendar, which consists of days of the week and hours of the day. All hours and ...

oval:org.secpod.oval:def:29902
This policy setting specifies whether to use the Microsoft Web service for finding an application to open a file with an unhandled file association.When a user opens a file that has an extension that is not associated with any applications on the computer, the user is given the choice to select a lo ...

oval:org.secpod.oval:def:29900
This policy setting specifies whether users can search and view content from Windows Online in Help and Support. Windows Online provides the most up-to-date Help content for Windows.If you enable this policy setting, users are prevented from accessing online assistance content from Windows Online.If ...

oval:org.secpod.oval:def:22416
'Deny write access to removable drives not protected by BitLocker' for RDVDenyWriteAccess

oval:org.secpod.oval:def:29050
This policy setting prevents users from using Windows Installer to install patches.If you enable this policy setting, users are prevented from using Windows Installer to install patches. Patches are updates or upgrades that replace only those program files that have changed. Because patches can be e ...

oval:org.secpod.oval:def:29059
Enter ?0? to disable Logon Script Delay. This policy setting allows you to configure how long the Group Policy client waits after logon before running scripts. By default, the Group Policy client waits five minutes before running logon scripts. This helps create a respo ...

oval:org.secpod.oval:def:29053
This policy setting allows you to turn off caching of thumbnail pictures.If you enable this policy setting, thumbnail views are not cached.If you disable or do not configure this policy setting, thumbnail views are cached.Note: For shared corporate workstations or computers where security is a top c ...

oval:org.secpod.oval:def:29054
This policy removes the end-user notification for new application associations. These associations are based on file types (e.g. *.txt) or protocols (e.g. http:)If this group policy is enabled, no notifications will be shown. If the group policy is not configured or disabled, notifications will be s ...

oval:org.secpod.oval:def:29051
Prevent the Other Windows settings group from syncing to and from this PC. This turns off and disables the Other Windows settings group on the sync your settings page in PC settings.If you enable this policy setting, the Other Windows settings group will not be synced.Use the option Allow users to ...

oval:org.secpod.oval:def:29052
This policy setting detremines the type of IP address that is returned for a domain controller. The DC Locator APIs return the IP address of the DC with the other parts of information. Before the support of IPv6, the returned DC IP address was IPv4. But with the support of IPv6, the DC Locator APIs ...

oval:org.secpod.oval:def:29057
When running in restricted mode, participating apps do not expose credentials to remote computers (regardless of the delegation method). Restricted mode may limit access to resources located on other servers or networks beyond the target computer because credentials are not delegated.Participating a ...

oval:org.secpod.oval:def:29058
This policy setting allows you to configure Group Policy caching behavior. If you enable or do not configure this policy setting, Group Policy caches policy information after every background processing session. This cache saves applicable GPOs and the settings contained within them. ...

oval:org.secpod.oval:def:29055
Removes the Security tab from File Explorer.If you enable this setting, users opening the Properties dialog box for all file system objects, including folders, files, shortcuts, and drives, will not be able to access the Security tab. As a result, users will be able to neither change the security se ...

oval:org.secpod.oval:def:29056
This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file.If yo ...

oval:org.secpod.oval:def:29048
This policy setting controls whether or not the SYSVOL share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.When this setting is enabled, the SYSVOL share will honor file sharing semantics that grant reque ...

oval:org.secpod.oval:def:29049
Antivirus programs are mandatory in many environments and provide a strong defense against attack.The Notify antivirus programs when opening attachments setting allows you to manage how registered antivirus programs are notified. When enabled, this policy setting configures Windows to call the regis ...

oval:org.secpod.oval:def:29042
This policy setting allows an administrator to define the Direct Access connection to be considered a fast network connection for the purposes of applying and updating Group Policy. When Group Policy detects the bandwidth speed of a Direct Access connection, the detection can sometimes fail to prov ...

oval:org.secpod.oval:def:29043
This entry appears as MSS: (AutoShareWks) Enable Administrative Shares (recommended except for highly secure environments) in the SCE. By default, when Windows networking is active on a server, Windows will create hidden administrative shares.

oval:org.secpod.oval:def:29040
Removes the shortcut bar from the Open dialog box.This setting, and others in this folder, lets you remove new features added in Windows 2000 Professional, so that the Open dialog box looks like it did in Windows NT 4.0 and earlier. These policies only affect programs that use the standard Open dial ...

oval:org.secpod.oval:def:29041
This policy setting configures File Explorer to always display the menu bar.Note: By default, the menu bar is not displayed in File Explorer.If you enable this policy setting, the menu bar will be displayed in File Explorer.If you disable or do not configure this policy setting, the menu bar will no ...

oval:org.secpod.oval:def:29046
This policy setting allows you to turn off Found New Hardware balloons during device installation.If you enable this policy setting, Found New Hardware balloons do not appear while a device is being installed.If you disable or do not configure this policy setting, Found New Hardware balloons appear ...

oval:org.secpod.oval:def:29047
This policy setting allows users to install programs from removable media during privileged installations.If you enable this policy setting, all users are permitted to install programs from removable media, such as floppy disks and CD-ROMs, even when the installation program is running with elevated ...

oval:org.secpod.oval:def:29044
This policy setting allows you to prevent Windows Media Player from downloading codecs.If you enable this policy setting, the Player is prevented from automatically downloading codecs to your computer. In addition, the Download codecs automatically check box on the Player tab in the Player is not av ...

oval:org.secpod.oval:def:29045
This policy setting allows you to set and lock Windows Media Player in skin mode, using a specified skin.If you enable this policy setting, the Player displays only in skin mode using the skin specified in the Skin box on the Setting tab.You must use the complete file name for the skin (for example, ...

oval:org.secpod.oval:def:29039
Hide the Back button in the Open dialog box.This policy setting lets you remove new features added in Microsoft Windows 2000 Professional, so the Open dialog box appears as it did in Windows NT 4.0 and earlier. This policy setting affects only programs that use the standard Open dialog box provided ...

oval:org.secpod.oval:def:29037
This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file, in which the previous version is stored on a backup.If you enable this policy setting, the Restore button is disabled when the user selects a ...

oval:org.secpod.oval:def:29038
This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a fil ...

oval:org.secpod.oval:def:29031
Turn off Windows+X hotkeys.Keyboards with a Windows key provide users with shortcuts to common shell features. For example, pressing the keyboard sequence Windows+R opens the Run dialog box; pressing Windows+E starts File Explorer. By using this setting, you can disable these Windows+X shortcut keys ...

oval:org.secpod.oval:def:29032
Prompts users for alternate logon credentials during network-based installations.This setting displays the Install Program As Other User dialog box even when a program is being installed from files on a network computer across a local area network connection.If you disable this setting or do not con ...

oval:org.secpod.oval:def:29030
Removes shortcut menus from the desktop and File Explorer. Shortcut menus appear when you right-click an item.If you enable this setting, menus do not appear when you right-click the desktop or when you right-click the items in File Explorer. This setting does not prevent users from using other meth ...

oval:org.secpod.oval:def:29035
This policy setting allows you to add Internet or intranet sites to the Search again links located at the bottom of search results in File Explorer and the Start menu links. The Search again links at the bottom of the Search Results view allow the user to reconduct a search but in a different locati ...

oval:org.secpod.oval:def:29036
This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.If you enable this policy setting, users cannot see any previous versions corr ...

oval:org.secpod.oval:def:29033
Shows or hides lock from the user tile menu. If you enable this policy setting, the lock option will be shown in the User Tile menu.If you disable this policy setting, the lock option will never be shown in the User Tile menu.If you do not configure this policy setting, users will be able to choose ...

oval:org.secpod.oval:def:29034
This policy setting allows up to five Libraries or Search Connectors to be pinned to the Search again links and the Start menu links. The Search again links at the bottom of the Search Results view allow the user to reconduct a search but in a different location. To add a Library or Search Connecto ...

oval:org.secpod.oval:def:29028
This policy setting allows you to remove the Search button from the File Explorer toolbar.If you enable this policy setting, the Search button is removed from the Standard Buttons toolbar that appears in File Explorer and other programs that use the File Explorer window, such as My Computer and Netw ...

oval:org.secpod.oval:def:29029
This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical order. If you enable this policy setting, File Explorer will sort file names by each digit in a file name (for example, 111 < 22 < 3).If you disable or do not configure ...

oval:org.secpod.oval:def:29026
When a file or folder is deleted in File Explorer, a copy of the file or folder is placed in the Recycle Bin. Using this setting, you can change this behavior.If you enable this setting, files and folders that are deleted using File Explorer will not be placed in the Recycle Bin and will therefore b ...

oval:org.secpod.oval:def:29027
If you enable this policy, the Internet Search again link will not be shown when the user performs a search in the Explorer window.If you disable this policy, there will be an Internet Search again link when the user performs a search in the Explorer window. This button launches a search in the def ...

oval:org.secpod.oval:def:29020
This policy setting allows you to remove CD Burning features. File Explorer allows you to create and modify re-writable CDs if you have a CD writer connected to your PC.If you enable this policy setting, all features in the File Explorer that allow you to use your CD writer are removed.If you disabl ...

oval:org.secpod.oval:def:29021
This policy setting allows you to prevent users from enabling or disabling minor animations in the operating system for the movement of windows, menus, and lists.If you enable this policy setting, the Use transition effects for menus and tooltips option in Display in Control Panel is disabled, and c ...

oval:org.secpod.oval:def:29024
Removes the Hardware tab.This setting removes the Hardware tab from Mouse, Keyboard, and Sounds and Audio Devices in Control Panel. It also removes the Hardware tab from the Properties dialog box for all local drives, including hard drives, floppy disk drives, and CD-ROM drives. As a result, users c ...

oval:org.secpod.oval:def:29025
Prevents users from using File Explorer or Network Locations to map or disconnect network drives.If you enable this setting, the system removes the Map Network Drive and Disconnect Network Drive commands from the toolbar and Tools menus in File Explorer and Network Locations and from menus that appe ...

oval:org.secpod.oval:def:29022
This policy setting allows you to remove the DFS tab from File Explorer.If you enable this policy setting, the DFS (Distributed File System) tab is removed from File Explorer and from other programs that use the File Explorer browser, such as My Computer. As a result, users cannot use this tab to vi ...

oval:org.secpod.oval:def:29023
Removes the File menu from My Computer and File Explorer.This setting does not prevent users from using other methods to perform tasks available on the File menu.

oval:org.secpod.oval:def:29090
This policy setting configures a local override for the configuration of behavior monitoring. This setting can only be set by Group Policy.If you enable this setting, the local preference setting will take priority over Group Policy.If you disable or do not configure this setting, Group Policy will ...

oval:org.secpod.oval:def:29093
This policy setting allows you to configure monitoring for incoming and outgoing files, without having to turn off monitoring entirely. It is recommended for use on servers where there is a lot of incoming and outgoing file activity but for performance reasons need to have scanning disabled for a pa ...

oval:org.secpod.oval:def:29094
This policy setting defines the number of days items should be kept in the Quarantine folder before being removed.If you enable this setting, items will be removed from the Quarantine folder after the number of days specified.If you disable or do not configure this setting, items will be kept in the ...

oval:org.secpod.oval:def:29091
This policy setting configures a local override for the configuration of network protection against exploits of known vulnerabilities. This setting can only be set by Group Policy.If you enable this setting, the local preference setting will take priority over Group Policy.If you disable or do not c ...

oval:org.secpod.oval:def:29092
This policy setting configures a local override for the configuration to turn on real-time protection. This setting can only be set by Group Policy.If you enable this setting, the local preference setting will take priority over Group Policy.If you disable or do not configure this setting, Group Pol ...

oval:org.secpod.oval:def:29095
This policy setting defines the maximum size (in kilobytes) of downloaded files and attachments that will be scanned.If you enable this setting, downloaded files and attachments smaller than the size specified will be scanned.If you disable or do not configure this setting, a default size will be ap ...

oval:org.secpod.oval:def:29096
This policy setting allows you to configure monitoring for file and program activity.If you enable or do not configure this setting, monitoring for file and program activity will be enabled.If you disable this setting, monitoring for file and program activity will be disabled.

oval:org.secpod.oval:def:22463
Disable: 'Configure use of hardware-based encryption for operating system drives' for OSHardwareEncryption

oval:org.secpod.oval:def:29099
This policy setting allows you to configure scanning for all downloaded files and attachments.If you enable or do not configure this setting, scanning for all downloaded files and attachments will be enabled.If you disable this setting, scanning for all downloaded files and attachments will be disab ...

oval:org.secpod.oval:def:29083
This policy setting allows you to configure definition retirement for network protection against exploits of known vulnerabilities. Definition retirement checks to see if a computer has the required security updates necessary to protect it against a particular vulnerability. If the system is not vul ...

oval:org.secpod.oval:def:29081
This policy setting allows you to enable or disable randomization of the scheduled scan start time and the scheduled definition update start time. This setting is used to distribute the resource impact of scanning. For example, it could be used in guest virtual machines sharing a host, to prevent mu ...

oval:org.secpod.oval:def:29086
This policy setting configures a local override for the configuration of monitoring for incoming and outgoing file activity. This setting can only be set by Group Policy.If you enable this setting, the local preference setting will take priority over Group Policy.If you disable or do not configure t ...

oval:org.secpod.oval:def:22455
Disable: 'Allow enhanced PINs for startup'

oval:org.secpod.oval:def:29087
This policy setting configures a local override for the configuration of scanning for all downloaded files and attachments. This setting can only be set by Group Policy.If you enable this setting, the local preference setting will take priority over Group Policy.If you disable or do not configure th ...

oval:org.secpod.oval:def:29084
This policy setting allows you to configure protocol recognition for network protection against exploits of known vulnerabilities.If you enable or do not configure this setting, protocol recognition will be enabled.If you disable this setting, protocol recognition will be disabled.

oval:org.secpod.oval:def:29085
This policy setting configures a local override for the configuration of monitoring for file and program activity on your computer. This setting can only be set by Group Policy.If you enable this setting, the local preference setting will take priority over Group Policy.If you disable or do not conf ...

oval:org.secpod.oval:def:29088
This policy setting configures a local override for the configuration of the number of days items should be kept in the Quarantine folder before being removed. This setting can only be set by Group Policy.If you enable this setting, the local preference setting will take priority over Group Policy.I ...

oval:org.secpod.oval:def:29089
This policy setting configures a local override for the configuration of the time to run a scheduled full scan to complete remediation. This setting can only be set by Group Policy.If you enable this setting, the local preference setting will take priority over Group Policy.If you disable or do not ...

oval:org.secpod.oval:def:29071
This policy setting configures a local override for the configuration to join Microsoft MAPS. This setting can only be set by Group Policy.If you enable this setting, the local preference setting will take priority over Group Policy.If you disable or do not configure this setting, Group Policy will ...

oval:org.secpod.oval:def:22437
Windows notices inactivity of a logon session, and if the amount of inactive time exceeds the inactivity limit, then the screen saver will run, locking the session.

oval:org.secpod.oval:def:29072
This policy, if defined, will prevent antimalware from using the configured proxy server when communicating with the specified IP addresses. The address value should be entered as a valid URL.If you enable this setting, the proxy server will be bypassed for the specified addresses.If you disable or ...

oval:org.secpod.oval:def:29070
This policy setting controls whether or not complex list settings configured by a local administrator are merged with Group Policy settings. This setting applies to lists such as threats and Exclusions.If you enable or do not configure this setting, unique items defined in Group Policy and in prefer ...

oval:org.secpod.oval:def:22434
Uncontrolled system updates can introduce issues to a system. Obtaining update components from an outside source may also potentially provide sensitive information outside of the enterprise. Optional component installation or repair must be obtained from an internal source.

oval:org.secpod.oval:def:29075
This policy setting allows you to configure whether or not to display additional text to clients when they need to perform an action. The text displayed is a custom administrator-defined string. For example, the phone number to call the company help desk. The client interface will only display a max ...

oval:org.secpod.oval:def:29076
This policy setting allows you to configure whether or not to display notifications to clients when they need to perform the following actions:Run a full scanDownload the latest virus and spyware definitions Download Standalone System SweeperIf you enable or do not configure this setting, notificati ...

oval:org.secpod.oval:def:22443
This policy setting controls the level of validation a computer with shared folders or printers performs on the service principal name provided by the client computer when it establishes a session using the server message block (SMB) protocol

oval:org.secpod.oval:def:29073
This policy setting allows you to configure the named proxy that should be used when the client attempts to connect to the network for definition updates and MAPS reporting. If the named proxy fails or if there is no proxy specified, the following settings will be used (in order):1. Internet Explore ...

oval:org.secpod.oval:def:29074
This policy setting limits the rate at which detection events for network protection against exploits of known vulnerabilities will be logged. Logging will be limited to not more often than one event per the defined interval. The interval value is defined in minutes. The default interval is 60 minut ...

oval:org.secpod.oval:def:29078
This policy, if defined, will prevent network protection against exploits of known vulnerabilities from inspecting the specified IP addresses. IP addresses should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representa ...

oval:org.secpod.oval:def:29060
This policy setting controls whether a device always sends a compound authentication request when the resource domain requests compound identity.Note: For a domain controller to request compound authentication, the policies KDC support for claims, compound authentication, and Kerberos armoring and R ...

oval:org.secpod.oval:def:29061
This policy setting allows you to control whether anyone can interact with available networks UI on the logon screen.If you enable this policy setting, the PCs network connectivity state cannot be changed without signing into Windows.If you disable or dont configure this policy setting, any user can ...

oval:org.secpod.oval:def:29064
This policy setting lets you prevent apps and features from working with files on OneDrive.If you enable this policy setting:* Users can?t access OneDrive from the OneDrive app and file picker.* Windows Store apps can?t access OneDrive using the WinRT API.* OneDrive doesn?t appear in the navigation ...

oval:org.secpod.oval:def:29065
This policy setting lets you select the local PC as the default save location. It does not prevent apps and users from saving files on OneDrive. If you enable this policy setting, files will be saved locally by default. Users will still be able to change the value of this setting to save to OneDrive ...

oval:org.secpod.oval:def:29062
This policy setting turns off the advertising ID, preventing apps from using the ID for experiences across apps.If you enable this policy setting, the advertising ID is turned off. Apps cant use the ID for experiences across apps.If you disable or do not configure this policy setting, users can cont ...

oval:org.secpod.oval:def:29063
Allows or denies development of Windows Store applications without installing a developer license. If you enable this setting and enable the Allow all trusted apps to install Group Policy, you can develop Windows Store apps without installing a developer license. If you disable ...

oval:org.secpod.oval:def:29068
This policy setting allows you to configure whether or not the antimalware service remains running when antivirus and antispyware definitions are disabled. It is recommended that this setting remain disabled.If you enable this setting, the antimalware service will always remain running even if both ...

oval:org.secpod.oval:def:29069
This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance.If you enable or do not configure this setting, the antimalware service will load as a normal priority task.If you disable this s ...

oval:org.secpod.oval:def:29066
Prevent the AppSync group from syncing to and from this PC. This turns off and disables the AppSync group on the sync your settings page in PC settings.If you enable this policy setting, the AppSync group will not be synced.Use the option Allow users to turn app syncing on so that syncing it turned ...

oval:org.secpod.oval:def:29067
Prevent the Start layout group from syncing to and from this PC. This turns off and disables the Start layout group on the sync your settings page in PC settings. If you enable this policy setting, the Start layout group will not be synced. Use the option Allow users to turn start sync ...

oval:org.secpod.oval:def:28697
This policy setting denies write access to removable disks.If you enable this policy setting, write access will be denied to this removable storage class.If you disable or do not configure this policy setting, write access will be allowed to this removable storage class.NOTE: To require that users w ...

oval:org.secpod.oval:def:28696
This policy setting denies execute access to removable disks.If you enable this policy setting, execute access will be denied to this removable storage class.If you disable or do not configure this policy setting, execute access will be allowed to this removable storage class.

oval:org.secpod.oval:def:28699
This policy controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file.The compatibility property page displays a list of options that can be selected and applied to the ...

oval:org.secpod.oval:def:28698
Prevents users from searching for installation files when they add features or components to an installed program.This setting disables the Browse button beside the Use feature from list in the Windows Installer dialog box. As a result, users must select an installation file source from the Use feat ...

oval:org.secpod.oval:def:28691
This policy setting allows you to permit or prohibit use of the Registry preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension. Enablin ...

oval:org.secpod.oval:def:28690
This policy setting allows you to permit or prohibit use of the Printers preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension unless r ...

oval:org.secpod.oval:def:28693
This policy setting allows you to permit or prohibit use of the Shortcuts preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension. Enabli ...

oval:org.secpod.oval:def:28692
This policy setting allows you to permit or prohibit use of the Scheduled Tasks preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension u ...

oval:org.secpod.oval:def:28695
Determines if a computer performing dynamic registration may register A and PTR resource records with a concatenation of its Computer Name and a connection-specific DNS suffix, in addition to registering these records with a concatenation of its Computer Name and the Primary DNS suffix.Warning: Enab ...

oval:org.secpod.oval:def:28694
This policy setting allows you to permit or prohibit use of the Control Panel Settings item and all preference extensions listed in the Group Policy Management Editor window of the GPMC under User Configuration\Preferences\Control Panel Settings. When the Control Panel Settings item or a preference ...

oval:org.secpod.oval:def:29138
This policy setting allows you to specify the time of day at which to perform a daily quick scan. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. By default, this setting is set to a time value of 2:00 AM. The schedul ...

oval:org.secpod.oval:def:29139
This policy setting allows you to specify the time of day at which to perform a scheduled scan. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. By default, this setting is set to a time value of 2:00 AM. The schedule ...

oval:org.secpod.oval:def:29136
This policy setting allows you to configure the maximum size of archive files such as .ZIP or .CAB that will be scanned. The value represents file size in kilobytes (KB). The default value is 0 and represents no limit to archive size for scanning.If you enable this setting, archive files less than o ...

oval:org.secpod.oval:def:29137
This policy setting allows you to specify the scan type to use during a scheduled scan. Scan type options are:1 = Quick Scan (default)2 = Full ScanIf you enable this setting, the scan type will be set to the specified value.If you disable or do not configure this setting, the default scan type will ...

oval:org.secpod.oval:def:29130
Disables help tips that Windows shows to the user.By default, Windows will show the user help tips until the user has successfully completed the scenarios.If this setting is enabled, Windows will not show any help tips to the user.

oval:org.secpod.oval:def:29131
This policy setting allows you to prevent the last app and the list of recent apps from appearing when the mouse is pointing to the upper-left corner of the screen.If you enable this policy setting, the user will no longer be able to switch to recent apps using the mouse. The user will still be abl ...

oval:org.secpod.oval:def:29134
This policy setting allows you to configure the maximum directory depth level into which archive files such as .ZIP or .CAB are unpacked during scanning. The default directory depth level is 0.If you enable this setting, archive files will be scanned to the directory depth level specified.If you dis ...

oval:org.secpod.oval:def:29135
This policy setting allows you to configure the maximum percentage CPU utilization permitted during a scan. Valid values for this setting are a percentage represented by the integers 5 to 100. A value of 0 indicates that there should be no throttling of CPU utilization. The default value is 50.If yo ...

oval:org.secpod.oval:def:29132
This policy setting allows you to prevent users from replacing the Command Prompt with Windows PowerShell in the menu they see when they right-click the lower-left corner or press the Windows logo key + X.If you enable this policy setting, the Command Prompt will always be listed in that menu, and u ...

oval:org.secpod.oval:def:29133
This policy setting allows you to prevent Search, Share, Start, Devices, and Settings from appearing when the mouse is pointing to the upper-right corner of the screen.If you enable this policy setting, Search, Share, Start, Devices, and Settings will no longer appear when the mouse is pointing to t ...

oval:org.secpod.oval:def:29127
This policy setting allows you to specify the day of the week on which to perform a scheduled scan. The scan can also be configured to run every day or to never run at all.This setting can be configured with the following ordinal number values:(0x0) Every Day(0x1) Sunday (0x2) Monday(0x3) Tuesday(0x ...

oval:org.secpod.oval:def:29128
This policy setting allows you to specify an interval at which to perform a quick scan. The time value is represented as the number of hours between quick scans. Valid values range from 1 (every hour) to 24 (once per day). If set to zero, interval quick scans will not occur. By default, this setting ...

oval:org.secpod.oval:def:29125
This policy setting allows you to configure scanning for packed executables. It is recommended that this type of scanning remain enabled.If you enable or do not configure this setting, packed executables will be scanned.If you disable this setting, packed executables will not be scanned.

oval:org.secpod.oval:def:29126
This policy setting allows you to manage whether or not to scan for malicious software and unwanted software in the contents of removable drives, such as USB flash drives, when running a full scan.If you enable this setting, removable drives will be scanned during any type of scan.If you disable or ...

oval:org.secpod.oval:def:29129
This policy setting controls whether a device will automatically sign-in the last interactive user after Windows Update restarts the system.If you enable or do not configure this policy setting, the device securely saves the users credentials (including the user name, domain and encrypted password) ...

oval:org.secpod.oval:def:29120
This policy allows you to configure tracing levels for Windows software trace preprocessor (WPP Software Tracing). Tracing levels are defined as:1 - Error2 - Warning3 - Info4 - DebugIf you enable this setting, you can configure the WPP Software Tracing level.If you disable this setting, you cannot c ...

oval:org.secpod.oval:def:29123
This policy setting allows you to configure scans for malicious software and unwanted software in archive files such as .ZIP or .CAB files.If you enable or do not configure this setting, archive files will be scanned.If you disable this setting, archive files will not be scanned.

oval:org.secpod.oval:def:29124
This policy setting allows you to configure scanning for network files. It is recommended that you do not enable this setting.If you enable this setting, network files will be scanned.If you disable or do not configure this setting, network files will not be scanned.

oval:org.secpod.oval:def:29121
This policy setting allows you to create a system restore point on the computer on a daily basis prior to cleaning. If you enable this setting, a system restore point will be created.If you disable or do not configure this setting, a system restore point will not be created.

oval:org.secpod.oval:def:29122
This policy setting allows you to configure scanning mapped network drives.If you enable this setting, mapped network drives will be scanned.If you disable or do not configure this setting, mapped network drives will not be scanned.

oval:org.secpod.oval:def:29116
This policy setting configures the time in minutes before a detection in the completed state moves to the cleared state.

oval:org.secpod.oval:def:29117
This policy setting configures the time in minutes before a detection in the additional action state moves to the cleared state.

oval:org.secpod.oval:def:29114
This policy setting configures the time in minutes before a detection in the ?critically failed? state to moves to either the ?additional action? state or the ?cleared? state.

oval:org.secpod.oval:def:29115
This policy setting configures the time in minutes before a detection in the non-critically failed state moves to the cleared state.

oval:org.secpod.oval:def:29118
This policy setting allows you to configure whether or not Watson events are sent.If you enable or do not configure this setting, Watson events will be sent.If you disable this setting, Watson events will not be sent.

oval:org.secpod.oval:def:29119
This policy configures Windows software trace preprocessor (WPP Software Tracing) components.If you enable this setting, you can configure the Windows software trace preprocessor components.If you disable this setting, you cannot configure the Windows software trace preprocessor components.

oval:org.secpod.oval:def:29112
This policy setting configures a local override for the configuration of scheduled scan time. This setting can only be set by Group Policy.If you enable this setting, the local preference setting will take priority over Group Policy.If you disable or do not configure this setting, Group Policy will ...

oval:org.secpod.oval:def:29113
This policy setting configures a local override for the configuration of the scan type to use during a scheduled scan. This setting can only be set by Group Policy.If you enable this setting, the local preference setting will take priority over Group Policy.If you disable or do not configure this s ...

oval:org.secpod.oval:def:29110
This policy setting configures a local override for the configuration of scheduled scan day. This setting can only be set by Group Policy.If you enable this setting, the local preference setting will take priority over Group Policy.If you disable or do not configure this setting, Group Policy will t ...

oval:org.secpod.oval:def:29111
This policy setting configures a local override for the configuration of scheduled quick scan time. This setting can only be set by Group Policy.If you enable this setting, the local preference setting will take priority over Group Policy.If you disable or do not configure this setting, Group Policy ...

oval:org.secpod.oval:def:29105
This policy setting allows you to configure network protection against exploits of known vulnerabilities.If you enable or do not configure this setting, the network protection will be enabled.If you disable this setting, the network protection will be disabled.

oval:org.secpod.oval:def:29106
This policy setting allows you to configure process scanning when real-time protection is turned on. This helps to catch malware which could start when real-time protection is turned off.If you enable or do not configure this setting, a process scan will be initiated when real-time protection is tu ...

oval:org.secpod.oval:def:29103
This policy setting allows you to configure behavior monitoring.If you enable or do not configure this setting, behavior monitoring will be enabled.If you disable this setting, behavior monitoring will be disabled.

oval:org.secpod.oval:def:29104
This policy setting allows you to configure Information Protection Control (IPC).If you enable this setting, IPC will be enabled.If you disable or do not configure this setting, IPC will be disabled.

oval:org.secpod.oval:def:29109
This policy setting configures a local override for the configuration of maximum percentage of CPU utilization during scan. This setting can only be set by Group Policy.If you enable this setting, the local preference setting will take priority over Group Policy.If you disable or do not configure th ...

oval:org.secpod.oval:def:29107
This policy setting controls whether raw volume write notifications are sent to behavior monitoring.If you enable or do not configure this setting, raw write notifications will be enabled.If you disable this setting, raw write notifications be disabled.

oval:org.secpod.oval:def:29108
This policy setting allows you to manage whether or not end users can pause a scan in progress.If you enable or do not configure this setting, a new context menu will be added to the task tray icon to allow the user to pause a scan.If you disable this setting, users will not be able to pause scans.

oval:org.secpod.oval:def:29101
This policy setting allows you to specify the time of day at which to perform a scheduled full scan in order to complete remediation. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. The schedule is based on local time ...

oval:org.secpod.oval:def:29100
This policy setting allows you to specify the day of the week on which to perform a scheduled full scan in order to complete remediation. The scan can also be configured to run every day or to never run at all.This setting can be configured with the following ordinal number values:(0x0) Every Day(0x ...

oval:org.secpod.oval:def:29969
This policy setting allows you to configure Group Policy caching behavior on Windows Server machines.If you enable this policy setting, Group Policy caches policy information after every background processing session. This cache saves applicable GPOs and the settings contained within them. When Grou ...

oval:org.secpod.oval:def:29974
This policy setting allows you to control whether or not Search can perform queries on the web over metered connections, and if the web results are displayed in Search.If you enable this policy setting, queries wont be performed on the web over metered connections and web results wont be displayed w ...

oval:org.secpod.oval:def:29975
This policy setting allows you to control the SafeSearch setting used when performing a query in Search. If you enable this policy setting, you can specify one of three SafeSearch settings, which users wont be able to change: -Strict: Filter out adult text, images, and videos from search results; ...

oval:org.secpod.oval:def:29972
This policy setting configures whether or not locations on removable drives can be added to libraries. If you enable this policy setting, locations on removable drives cannot be added to libraries. In addition, locations on removable drives cannot be indexed.If you disable or do not configure ...

oval:org.secpod.oval:def:29973
This policy setting allows you to control whether or not Search can perform queries on the web, and if the web results are displayed in Search.If you enable this policy setting, queries wont be performed on the web and web results wont be displayed when a user performs a query in Search.If you disab ...

oval:org.secpod.oval:def:29979
This policy setting determines what information is logged in security audit events when a new process has been created.This setting only applies when the Audit Process Creation policy is enabled. If you enable this policy setting the command line information for every process will be logged in plain ...

oval:org.secpod.oval:def:29976
Disables the lock screen camera toggle switch in PC Settings and prevents a camera from being invoked on the lock screen.By default, users can enable invocation of an available camera on the lock screen.If you enable this setting, users will no longer be able to enable or disable lock screen camera ...

oval:org.secpod.oval:def:29977
Disables the lock screen slide show settings in PC Settings and prevents a slide show from playing on the lock screen.By default, users can enable a slide show that will run after they lock the machine.If you enable this setting, users will no longer be able to modify slide show settings in PC Setti ...

oval:org.secpod.oval:def:29970
This policy setting allows you to configure a domain controller to request compound authentication.Note: For a domain controller to request compound authentication, the policy KDC support for claims, compound authentication, and Kerberos armoring must be configured and enabled. If you enable this po ...

oval:org.secpod.oval:def:29971
This policy setting specifies whether the computers to which this setting is applied attempts DNS name resolution of single-label domain names, by appending different registered DNS suffixes, and uses NetBIOS name resolution only if DNS name resolution fails. This policy, including the specified def ...

oval:org.secpod.oval:def:29958
The policy controls the state of the Application Telemetry engine in the system.Application Telemetry is a mechanism that tracks anonymous usage of specific Windows system components by applications.Turning Application Telemetry off by selecting enable will stop the collection of usage data.If the c ...

oval:org.secpod.oval:def:29959
This policy setting specifies whether Windows will allow console applications and GUI applications without visible top-level windows to block or cancel shutdown. By default, such applications are automatically terminated if they attempt to cancel shutdown or block it indefinitely.If you enable this ...

oval:org.secpod.oval:def:29963
This policy setting allows you to exclude HTML Help Executable from being monitored by software-enforced DEP. DEP is designed to block malicious code that takes advantage of exception-handling mechanisms in Windows. If you enable this policy setting, DEP for HTML Help Executable will be t ...

oval:org.secpod.oval:def:29964
Manages download of game box art and ratings from the Windows Metadata Services.If you enable this setting, game information including box art and ratings will not be downloaded. If you disable or do not configure this setting, game information will be downloaded from Windows Metadata Services.

oval:org.secpod.oval:def:29961
Turns off the power save mode on the hybrid hard disks in the system.If you enable this policy, the disks will not be put into NV cache power save mode and no power savings would be achieved.If you disable this policy setting, then the hard disks are put into a NV cache power saving mode. In this mo ...

oval:org.secpod.oval:def:29962
Disables the Connect to a Network Projector wizard so that users cannot connect to a network projector.If you enable this policy, users cannot use the Connect to a Network Projector wizard to connect to a projector.If you disable this policy or do not configure it, users can run the Connect to a Net ...

oval:org.secpod.oval:def:29967
This policy setting allows you to control what information is shared with Bing in Search.If you enable this policy setting, you can specify one of four settings, which users wont be able to change: -User info and location: Share a users search history, some Microsoft account info, and specific lo ...

oval:org.secpod.oval:def:29968
Specifies the Start screen layout for users.This setting lets you specify the Start screen layout for users and prevents them from changing its configuration. The Start screen layout you specify must be stored in an XML file that was generated by the Export-StartLayout PowerShell cmdlet.To use this ...

oval:org.secpod.oval:def:29965
Turns off Tablet PC hardware buttons.If you enable this policy, no actions will occur when the buttons are pressed, and the buttons tab in Tablet PC Control Panel will be removed.If you disable this policy, user and OEM defined button actions will occur when the buttons are pressed.If you do not con ...

oval:org.secpod.oval:def:29966
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and ...

oval:org.secpod.oval:def:29960
Prevents Group Policy from being updated while the computer is in use. This setting applies to Group Policy for computers, users, and domain controllers.If you enable this setting, the system waits until the current user logs off the system before updating the computer and user settings.If you disab ...

oval:org.secpod.oval:def:29949
This policy setting denies read access to the Tape Drive removable storage class.If you enable this policy setting, read access will be denied to this removable storage class.If you disable or do not configure this policy setting, read access will be allowed to this removable storage class.

oval:org.secpod.oval:def:29947
This policy setting turns off Windows Error Reporting, so that reports are not collected or sent to either Microsoft or internal servers within your organization when software unexpectedly stops working or fails.If you enable this policy setting, Windows Error Reporting does not send any problem inf ...

oval:org.secpod.oval:def:29948
Switches the gesture set used for editing from the common handheld computer gestures to the Simplified Chinese (PRC) standard gestures.Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.If ...

oval:org.secpod.oval:def:29952
This policy setting allows users to access and run the troubleshooting tools that are available in the Troubleshooting Control Panel and to run the troubleshooting wizard to troubleshoot problems on their computers.If you enable or do not configure this policy setting, users can access and run the t ...

oval:org.secpod.oval:def:29953
This policy setting allows you to manage whether Windows Remote Management (WinRM) client uses the list specified in TrustedHostsList to determine if the destination host is a trusted entity.If you enable this policy setting, the WinRM client uses the list specified in TrustedHostsList to determine ...

oval:org.secpod.oval:def:29950
This policy setting denies write access to the Tape Drive removable storage class.If you enable this policy setting, write access will be denied to this removable storage class.If you disable or do not configure this policy setting, write access will be allowed to this removable storage class.

oval:org.secpod.oval:def:29951
Set the amount of time (in seconds) that the system will wait to reboot in order to enforce a change in device installation restriction policies.If you enable this setting, set the amount of seconds you want the system to wait until a reboot.If you disable or do not configure this setting, the syste ...

oval:org.secpod.oval:def:29956
Specifies whether active content links in trusted assistance content are rendered. By default, the Help viewer renders trusted assistance content with active elements such as ShellExecute links and Guided Help links.If you enable this policy, such links are not rendered. The text is displayed but t ...

oval:org.secpod.oval:def:29957
Manages how Windows controls the setting that specifies how long a computer must be inactive before Windows turns off the computer?s display. When this policy is enabled, Windows automatically adjusts the setting based on what users do with their keyboard or mouse to keep the display on. When this ...

oval:org.secpod.oval:def:29954
This setting allows you to remove access to Windows Update.If you enable this setting, all Windows Update features are removed. This includes blocking access to the Windows Update Web site at http:\/\/windowsupdate.microsoft.com, from the Windows Update hyperlink on the Start menu, and also on the T ...

oval:org.secpod.oval:def:29955
Removes access to the performance center control panel page. If you enable this setting, some settings within the performance control panel page will not be displayed. The administrative tools will not be affected. If you disable or do not configure this setting, the performance center control panel ...

oval:org.secpod.oval:def:29938
This policy setting allows you to permit or prohibit use of the Local Users and Groups preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference exte ...

oval:org.secpod.oval:def:29939
This policy setting allows you to permit or prohibit use of the Start Menu preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension unless ...

oval:org.secpod.oval:def:29936
This setting hides Computer from the desktop and from the new Start menu. It also hides links to Computer in the Web view of all Explorer windows, and it hides Computer in the Explorer folder tree pane. If the user navigates into Computer via the Up button while this setting is enabled, they view an ...

oval:org.secpod.oval:def:29937
Removes the Properties option from the Recycle Bin context menu.If you enable this setting, the Properties option will not be present when the user right-clicks on Recycle Bin or opens Recycle Bin and then clicks File. Likewise, Alt-Enter does nothing when Recycle Bin is selected.If you disable or d ...

oval:org.secpod.oval:def:29941
Specifies whether to remove the Windows Security item from the Settings menu on Remote Desktop clients. You can use this setting to prevent inexperienced users from logging off from Remote Desktop Services inadvertently.If the status is set to Enabled, Windows Security does not appear in Settings on ...

oval:org.secpod.oval:def:29942
This policy setting allows you to specify whether to require user authentication for remote connections to the RD Session Host server by using Network Level Authentication. This policy setting enhances security by requiring that user authentication occur earlier in the remote connection process.If y ...

oval:org.secpod.oval:def:29940
This policy setting denies read access to removable disks.If you enable this policy setting, read access will be denied to this removable storage class.If you disable or do not configure this policy setting, read access will be allowed to this removable storage class.

oval:org.secpod.oval:def:29945
This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows. If you enable this policy setting, window animations are turned off. If you disable or do not configure this policy setting, window animations are turned on. Chang ...

oval:org.secpod.oval:def:29946
This policy setting determines the behavior of the Windows Error Reporting report queue.If you enable this policy setting, you can configure report queue behavior by using the controls in the policy setting. When the Queuing behavior pull-down list is set to Default, Windows determines, when a probl ...

oval:org.secpod.oval:def:29943
Lets the system run startup scripts simultaneously.Startup scripts are batch files that run before the user is invited to log on. By default, the system waits for each startup script to complete before it runs the next startup script.If you enable this setting, the system does not coordinate the run ...

oval:org.secpod.oval:def:29944
This policy setting allows you to prevent AutoPlay from remembering users choice of what to do when a device is connected. If you enable this policy setting, AutoPlay prompts the user to choose what to do when a device is connected. If you disable or do not configure this policy se ...

oval:org.secpod.oval:def:28686
This policy setting allows you to permit or prohibit use of the Internet Settings preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension ...

oval:org.secpod.oval:def:28685
This policy setting allows you to permit or prohibit use of the Environment preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension. Enab ...

oval:org.secpod.oval:def:28688
This policy setting allows you to permit or prohibit use of the Network Shares preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension. E ...

oval:org.secpod.oval:def:28687
This policy setting allows you to permit or prohibit use of the Network Options preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension u ...

oval:org.secpod.oval:def:28689
This policy setting allows you to permit or prohibit use of the Power Options preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension unl ...

oval:org.secpod.oval:def:28680
Prevents users from saving certain changes to the desktop.If you enable this setting, users can change the desktop, but some changes, such as the position of open windows or the size and position of the taskbar, are not saved when users log off. However, shortcuts placed on the desktop are always sa ...

oval:org.secpod.oval:def:28682
This policy setting allows you to permit or prohibit use of the Applications preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension. Ena ...

oval:org.secpod.oval:def:28681
Prevents users from manipulating desktop toolbars.If you enable this setting, users cannot add or remove toolbars from the desktop. Also, users cannot drag toolbars on to or off of docked toolbars.Note: If users have added or removed toolbars, this setting prevents them from restoring the default co ...

oval:org.secpod.oval:def:28684
This policy setting allows you to permit or prohibit use of the Devices preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension unless re ...

oval:org.secpod.oval:def:28683
This policy setting allows you to permit or prohibit use of the Data Sources preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension unle ...

oval:org.secpod.oval:def:28675
Removes most occurrences of the My Documents icon.This setting removes the My Documents icon from the desktop, from Windows Explorer, from programs that use the Windows Explorer windows, and from the standard Open dialog box.This setting does not prevent the user from using other methods to gain acc ...

oval:org.secpod.oval:def:28674
Removes the Internet Explorer icon from the desktop and from the Quick Launch bar on the taskbar.This setting does not prevent the user from starting Internet Explorer by using other methods.

oval:org.secpod.oval:def:28677
This setting hides Properties on the context menu for Computer.If you enable this setting, the Properties option will not be present when the user right-clicks My Computer or clicks Computer and then goes to the File menu. Likewise, Alt-Enter does nothing when Computer is selected.If you disable or ...

oval:org.secpod.oval:def:28676
Removes the Network Locations icon from the desktop.This setting only affects the desktop icon. It does not prevent users from connecting to the network or browsing for shared computers on the network.Note: In operating systems earlier than Microsoft Windows Vista, this policy applies to the My Netw ...

oval:org.secpod.oval:def:28679
Removes most occurrences of the Recycle Bin icon.This setting removes the Recycle Bin icon from the desktop, from Windows Explorer, from programs that use the Windows Explorer windows, and from the standard Open dialog box.This setting does not prevent the user from using other methods to gain acces ...

oval:org.secpod.oval:def:28678
This policy setting hides the Properties menu command on the shortcut menu for the My Documents icon.If you enable this policy setting, the Properties menu command will not be displayed when the user does any of the following:Right-clicks the My Documents icon.Clicks the My Documents icon, and then ...

oval:org.secpod.oval:def:28671
Prevents users from changing the properties of Web content items on their Active Desktop.This setting disables the Properties button on the Web tab in Display in Control Panel. Also, it removes the Properties item from the menu for each item on the Active Desktop. As a result, users cannot change th ...

oval:org.secpod.oval:def:28670
Prevents users from deleting Web content from their Active Desktop.This setting removes the Delete button from the Web tab in Display in Control Panel. As a result, users can temporarily remove, but not delete, Web content from their Active Desktop.This setting does not prevent users from adding Web ...

oval:org.secpod.oval:def:28673
Prevents users from changing the path to their profile folders.By default, a user can change the location of their individual profile folders like Documents, Music etc. by typing a new path in the Locations tab of the folders Properties dialog box.If you enable this setting, users are unable to type ...

oval:org.secpod.oval:def:28672
Permits only bitmap images for wallpaper. This setting limits the desktop background (wallpaper) to bitmap (.bmp) files. If users select files with other image formats, such as JPEG, GIF, PNG, or HTML, through the Browse button on the Desktop tab, the wallpaper does not load. Files that are autoconv ...

oval:org.secpod.oval:def:28664
This policy setting provides users with the ability to download their roaming profile, even when a slow network connection with their roaming profile server is detected.If you enable this policy setting, users will be allowed to define whether they want their roaming profile to be downloaded when a ...

oval:org.secpod.oval:def:28663
This setting controls the ability for users or administrators to remove Windows Installer based updates. This setting should be used if you need to maintain a tight control over updates. One example is a lockdown environment where you want to ensure that updates once installed cannot be removed by u ...

oval:org.secpod.oval:def:28666
This policy setting prevents users from locking the system.While locked, the desktop is hidden and the system cannot be used. Only the user who locked the system or the system administrator can unlock it.If you enable this policy setting, users cannot lock the computer from the keyboard using Ctrl+A ...

oval:org.secpod.oval:def:28665
This policy setting controls whether the domain controller provides information about previous logons to client computers.If you enable this policy setting, the domain controller provides the information message about previous logons.For Windows Logon to leverage this feature, the Display informatio ...

oval:org.secpod.oval:def:28668
Disables Active Desktop and prevents users from enabling it.This setting prevents users from trying to enable or disable Active Desktop while a policy controls it.If you disable this setting or do not configure it, Active Desktop is disabled by default, but users can enable it.Note: If both the Enab ...

oval:org.secpod.oval:def:28667
Hides the Active Directory folder in Network Locations.The Active Directory folder displays Active Directory objects in a browse window.If you enable this setting, the Active Directory folder does not appear in the Network Locations folder.If you disable this setting or do not configure it, the Acti ...

oval:org.secpod.oval:def:28669
Prevents users from adding Web content to their Active Desktop.This setting removes the New button from Web tab in Display in Control Panel. As a result, users cannot add Web pages or pictures from the Internet or an intranet to the desktop. This setting does not remove existing Web content from the ...

oval:org.secpod.oval:def:29992
When WDigest authentication is enabled, Lsass.exe retains a copy of the users plaintext password in memory, where it can be at risk of theft. Microsoft recommends disabling WDigest authentication unless it is needed.If this setting is not configured, WDigest authentication is disabled in Windows 8.1 ...

oval:org.secpod.oval:def:28660
Prevents users from using Add or Remove Programs.This setting removes Add or Remove Programs from Control Panel and removes the Add or Remove Programs item from menus.Add or Remove Programs lets users install, uninstall, repair, add, and remove features and components of Windows 2000 Professional an ...

oval:org.secpod.oval:def:29993
This policy setting allows you to prevent Windows from installing removable devices. A device is considered removable when the driver for the device to which it is connected indicates that the device is removable. For example, a Universal Serial Bus (USB) device is reported to be removable by the dr ...

oval:org.secpod.oval:def:29990
You can configure this setting to enable the auditing of Lsass.exe so that you can evaluate feasibility of enabling LSA protection. You can use the audit mode to identify LSA plug-ins and drivers that will fail to load in LSA Protection mode. While in the audit mode, the system will generate event ...

oval:org.secpod.oval:def:28662
This policy setting affects the ability of users to install or uninstall color profiles.If you enable this policy setting, users will not be able to install new color profiles or uninstall previously installed color profiles.If you disable or do not configure this policy setting, all users will be a ...

oval:org.secpod.oval:def:29991
This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan. This setting applies to scheduled scans as well as the command line mpcmdrun -SigUpdate, but it has no effect on scans initiated manually from the user interface.If you en ...

oval:org.secpod.oval:def:28661
Removes the Set Program Access and Defaults button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page.The Set Program Access and Defaults button lets administrators specify default programs for certain activities, such as Web browsing or sending e-mail ...

oval:org.secpod.oval:def:29986
Enables or disables the Store offer to update to the latest version of Windows.If you enable this setting, the Store application will not offer updates to the latest version of Windows.If you disable or do not configure this setting the Store application will offer updates to the latest version of W ...

oval:org.secpod.oval:def:29983
This policy setting allows you to enable RemoteApp programs to use advanced graphics, including support for transparency, live thumbnails, and seamless application moves. This policy setting applies only to RemoteApp programs and does not apply to remote desktop sessions.If you enable or do not conf ...

oval:org.secpod.oval:def:29984
Enables or disables the automatic download and installation of app updates.If you enable this setting, the automatic download and installation of app updates is turned off.If you disable this setting, the automatic download and installation of app updates is turned on.If you dont configure this sett ...

oval:org.secpod.oval:def:29989
Use this setting to configure additional protection for the Local Security Authority (LSA) process to prevent code injection that could compromise credentials.On x86-based or x64-based devices that use Secure Boot and UEFI, a UEFI variable is set in the UEFI firmware when LSA protection is enabled b ...

oval:org.secpod.oval:def:29987
Uncontrolled installation of applications can introduce various issues including system instability, and provide access to sensitive information. Installation of applications must be controlled by the enterprise. Turning off access to the Windows Store will limit access to publicly available applica ...

oval:org.secpod.oval:def:28659
Prevents users from viewing or installing published programs.This setting removes the Add programs from your network section from the Add New Programs page. The Add programs from your network section lists published programs and provides an easy way to install them.Published programs are those progr ...

oval:org.secpod.oval:def:29988
Denies or allows access to the Store application.If you enable this setting, access to the Store application is denied. Access to the Store is required for installing app updates.If you disable or dont configure this setting, access to the Store application is allowed.

oval:org.secpod.oval:def:28658
Removes the Add a program from CD-ROM or floppy disk section from the Add New Programs page. This prevents users from using Add or Remove Programs to install programs from removable media.If you disable this setting or do not configure it, the Add a program from CD-ROM or floppy disk option is avail ...

oval:org.secpod.oval:def:29981
This policy setting lets you turn on Content URI Rules to supplement the static Content URI Rules that were defined as part of the app manifest and apply to all Windows Store apps that use the enterpriseAuthentication capability on a computer.If you enable this policy setting, you can define additio ...

oval:org.secpod.oval:def:29982
Disables help tips that Windows shows to the user.By default, Windows will show the user help tips until the user has successfully completed the scenarios.If this setting is enabled, Windows will not show any help tips to the user.If this setting is disabled or not configured, Windows will show help ...

oval:org.secpod.oval:def:29980
This policy setting lets you control whether Microsoft accounts are optional for Windows Store apps that require an account to sign in. This policy only affects Windows Store apps that support it.If you enable this policy setting, Windows Store apps that typically require a Microsoft account to sign ...

oval:org.secpod.oval:def:22589
Enable: 'Extend Point and Print connection to search Windows Update and use alternate cooection if needed'

oval:org.secpod.oval:def:22594
Enable: 'Turn off game updates'

oval:org.secpod.oval:def:22591
This policy setting specifies whether the computer that is about to host the remote connection will enforce an encryption level for all data sent between it and the client computer for the remote session.

oval:org.secpod.oval:def:28716
Displays the filter bar above the results of an Active Directory search. The filter bar consists of buttons for applying additional filters to search results.If you enable this setting, the filter bar appears when the Active Directory Find dialog box opens, but users can hide it.If you disable this ...

oval:org.secpod.oval:def:28715
This policy setting prevents users from changing their Windows password on demand.If you enable this policy setting, the Change Password button on the Windows Security dialog box will not appear when you press Ctrl+Alt+Del.However, users are still able to change their password when prompted by the ...

oval:org.secpod.oval:def:28718
This policy setting allows you to permit or prohibit use of the Folder Options preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension un ...

oval:org.secpod.oval:def:28717
This policy setting allows you to permit or prohibit use of the Drive Maps preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension. Enabl ...

oval:org.secpod.oval:def:28719
When an application attempts to make a remote procedure call (RPC) to this server with a NULL value for the service principal name (SPN), computers running Windows 7 will attempt to use Kerberos by generating an SPN. This policy setting allows you to configure this server so that Kerberos can decryp ...

oval:org.secpod.oval:def:28721
This policy restricts users on a machine to the specified list of user locales. If the list is empty, it locks all user locales to their current values. This policy does not change existing user locale settings; however, the next time a user attempts to change their user locale, their choices will b ...

oval:org.secpod.oval:def:28720
Specifies whether Windows can access the Internet to accomplish tasks that require Internet resources.If this setting is enabled, all of the the policy settings listed in the Internet Communication settings section will be set such that their respective features can not access the Internet.If this s ...

oval:org.secpod.oval:def:28723
This policy setting specifies whether Windows can access the Internet to accomplish tasks that require Internet resources.If you enable this setting, all of the the policy settings listed in the Internet Communication settings section are set such that their respective features cannot access the Int ...

oval:org.secpod.oval:def:28722
This policy setting limits a node to resolving, but not publishing, names in a specific Peer Name Resolution Protocol (PNRP) cloud.This policy setting forces computers to act as clients in peer-to-peer (P2P) scenarios. For example, a client computer can detect other computers to initiate chat sessio ...

oval:org.secpod.oval:def:28725
This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the Turn off Program Compatibility Assistant setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibi ...

oval:org.secpod.oval:def:28724
Specifies whether Digital Locker can run.Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the users Windows Marketplace Digital Locker.If you enable this setting, Digita ...

oval:org.secpod.oval:def:28705
This policy setting controls the use of BitLocker on removable data drives. This policy setting is applied when you turn on BitLocker.When this policy setting is enabled you can select property settings that control how users can configure BitLocker. Choose Allow users to apply BitLocker protection ...

oval:org.secpod.oval:def:28704
This policy setting determines which users or groups might launch or activate DCOM applications remotely or locally. This setting is used to control the attack surface of the computer for DCOM applications.You can use this Group Policy setting to grant access to all the computers to particular users ...

oval:org.secpod.oval:def:28707
This policy setting allows you to configure how the computers Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection.Importa ...

oval:org.secpod.oval:def:28706
This policy setting allows you to associate unique organizational identifiers to a new drive that is enabled with BitLocker. These identifiers are stored as the identification field and allowed identification field. The identification field allows you to associate a unique organizational identifier ...

oval:org.secpod.oval:def:28709
This policy setting allows you to configure whether or not standard users are allowed to change BitLocker volume PINs, provided they are able to provide the existing PIN first.This policy setting is applied when you turn on BitLocker.If you enable this policy setting, standard users will not be allo ...

oval:org.secpod.oval:def:28708
This policy setting allows you to configure how the computers Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection.Importa ...

oval:org.secpod.oval:def:28710
This policy setting allows you to control whether or not platform validation data is refreshed when Windows is started following BitLocker recovery.If you enable this policy setting, platform validation data will be refreshed when Windows is started following BitLocker recovery.If you disable this p ...

oval:org.secpod.oval:def:28712
This policy setting controls whether the lock screen appears for users.If you enable this policy setting, users that are not required to press CTRL + ALT + DEL before signing in will see their selected tile after locking their PC.If you disable or do not configure this policy setting, users that ar ...

oval:org.secpod.oval:def:28711
Prevents users from changing the background image shown when the machine is locked.By default, users can change the background image shown when the machine is locked.If you enable this setting, the user will not be able to change their lock screen image, and they will instead see the image set prior ...

oval:org.secpod.oval:def:28714
Prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.This setting prevents Windows Installer from recording the original state of the system and sequence of changes it makes during installation. It also prevents Windows Inst ...

oval:org.secpod.oval:def:28713
This policy setting allows you to choose specific Boot Configuration Data (BCD) settings to verify during platform validation.If you enable this policy setting, you will be able to add additional settings, remove the default settings, or both.If you disable this policy setting, the computer will rev ...

oval:org.secpod.oval:def:28701
This policy setting requires users to enter a default personal identification number (PIN) to unlock and access data on the device after a specified period of inactivity (time-out period). This setting applies to Windows SideShow-compatible devices running Microsoft firmware.If you enable this polic ...

oval:org.secpod.oval:def:28700
Specifies the amount of time for Automatic Updates to wait before prompting again with a scheduled restart.If the status is set to Enabled, a scheduled restart will occur the specified number of minutes after the previous prompt for restart was postponed.If the status is set to Disabled or Not Confi ...

oval:org.secpod.oval:def:28703
This policy setting determines whether to audit the use of all user privileges, including Backup and Restore, when the Audit privilege use setting is in effect. If you enable both policies, an audit event will be generated for every file that is backed up or restored.If the Audit: Audit the use of B ...

oval:org.secpod.oval:def:28702
This policy setting controls the Kerberos clients behavior in validating the KDC certificate. If you enable this policy setting, the Kerberos client requires that the KDCs X.509 certificate contains the KDC key purpose object identifier in the Extended Key Usage (EKU) extensions, and that the ...

oval:org.secpod.oval:def:29170
This policy setting allows desktop apps to be listed first in the Apps view in Start.If you enable this policy setting, desktop apps would be listed first when the apps are sorted by category in the Apps view. The other sorting options would continue to be available and the user could choose to chan ...

oval:org.secpod.oval:def:22535
Disable: 'Allow Basic authentication (Client)'

oval:org.secpod.oval:def:22533
Disable: 'Allow Basic authentication (Server)'

oval:org.secpod.oval:def:29174
This policy setting allows the Start screen to appear on the display the user is using when they press the Windows logo key. This setting only applies to users who are using multiple displays.If you enable this policy setting, the Start screen will appear on the display the user is using when they p ...

oval:org.secpod.oval:def:29175
This policy setting allows the Apps view to be opened by default when the user goes to Start.If you enable this policy setting, the Apps view will appear whenever the user goes to Start. Users will still be able to switch between the Apps view and the Start screen.If you disable or don?t configure ...

oval:org.secpod.oval:def:29172
This policy setting allows you to prevent users from changing their Start screen layout.If you enable this setting, you will prevent a user from selecting an app, resizing a tile, pinning\/unpinning a tile or a secondary tile, entering the customize mode and rearranging tiles within Start and Apps.I ...

oval:org.secpod.oval:def:29173
This policy setting prevents the user from searching apps, files, settings (and the web if enabled) when the user searches from the Apps view.This policy setting is only applied when the Apps view is set as the default view for Start.If you enable this policy setting, searching from the Apps view wi ...

oval:org.secpod.oval:def:29178
This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products, or additional data other than memory dumps.If you enable or do not configure this policy set ...

oval:org.secpod.oval:def:29179
This policy setting blocks voice and video calls during Quiet Hours.If you enable this policy setting, voice and video calls will be blocked during the designated Quiet Hours time window each day, and users will not be able to customize any other Quiet Hours settings.If you disable this policy setti ...

oval:org.secpod.oval:def:29176
Specifies the Start screen layout for users.This setting lets you specify the Start screen layout for users and prevents them from changing its configuration. The Start screen layout you specify must be stored in an XML file that was generated by the Export-StartLayout PowerShell cmdlet.To use this ...

oval:org.secpod.oval:def:29177
This policy setting lets you control whether Microsoft accounts are optional for Windows Store apps that require an account to sign in. This policy only affects Windows Store apps that support it.If you enable this policy setting, Windows Store apps that typically require a Microsoft account to sign ...

oval:org.secpod.oval:def:22528
Windows Customer Experience Improvement Program is disabled

oval:org.secpod.oval:def:22527
Requiring warning text to display when allowing helpdesk personnel to connect to a system with remote assistance ensures personnel are aware of the activity and enforces the need to monitor the activity.

oval:org.secpod.oval:def:29160
This policy setting allows you to specify the time of day at which to check for definition updates. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. By default this setting is configured to check for definition updates ...

oval:org.secpod.oval:def:22522
'Configure use of hardware-based encryption for fixed data drives' for FDVHardwareEncryption

oval:org.secpod.oval:def:29169
This policy setting allows users to go to the desktop instead of the Start screen when they sign in, or when all the apps on a screen are closed. This policy setting applies to all versions of Windows, and versions of Windows Server with the Desktop Experience installed.If you enable this policy se ...

oval:org.secpod.oval:def:29163
This policy setting allows you to configure the automatic scan which starts after a definition update has occurred.If you enable or do not configure this setting, a scan will start following a definition update.If you disable this setting, a scan will not start following a definition update.

oval:org.secpod.oval:def:29164
This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products, or additional data other than memory dumps.If you enable or do not configure this policy set ...

oval:org.secpod.oval:def:29167
This setting lets you configure how domain joined client computers become workplace joined with domain users at your organization.If this setting is enabled, domain-joined client computers will automatically become workplace-joined upon domain user logon.Note: Additional requirements may apply on ce ...

oval:org.secpod.oval:def:29168
This policy setting specifies whether Work Folders should be set up automatically for all users of the affected computer. If you enable this policy setting, Work Folders will be set up automatically for all users of the affected computer. This prevents users from choosing not to use Work Folder ...

oval:org.secpod.oval:def:29165
If you enable this policy, a restart timer will always begin immediately after Windows Update installs important updates, instead of first notifying users on the login screen for at least two days.The restart timer can be configured to start with any value from 15 to 180 minutes. When the timer runs ...

oval:org.secpod.oval:def:29166
Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Windows Store.Enabling this poli ...

oval:org.secpod.oval:def:22516
Choose drive encryption method and cipher strength

oval:org.secpod.oval:def:29158
This policy setting allows you to specify the day of the week on which to check for definition updates. The check can also be configured to run every day or to never run at all.This setting can be configured with the following ordinal number values:(0x0) Every Day (default)(0x1) Sunday (0x2) Monday( ...

oval:org.secpod.oval:def:29159
This policy setting allows you to specify an interval at which to check for definition updates. The time value is represented as the number of hours between update checks. Valid values range from 1 (every hour) to 24 (once per day).If you enable this setting, checks for definition updates will occur ...

oval:org.secpod.oval:def:29152
This policy setting allows you to configure UNC file share sources for downloading definition updates. Sources will be contacted in the order specified. The value of this setting should be entered as a pipe-separated string enumerating the definition update sources. For example: . The list is empty ...

oval:org.secpod.oval:def:22521
Allowing different input methods for sign-in could open different avenues of attack. User input methods must be restricted to those enabled for the system account at sign-in.

oval:org.secpod.oval:def:29153
This policy setting allows you to define the number of days after which a catch-up definition update will be required. By default, the value of this setting is 1 day.If you enable this setting, a catch-up definition update will occur after the specified number of days.If you disable or do not config ...

oval:org.secpod.oval:def:29150
This policy setting allows you to enable real-time definition updates in response to reports sent to Microsoft MAPS. If the service reports a file as an unknown and Microsoft MAPS finds that the latest definition update has definitions for a threat involving that file, the service will receive all o ...

oval:org.secpod.oval:def:29151
This policy setting allows you to manage whether a check for new virus and spyware definitions will occur immediately after service startup.If you enable this setting, a check for new definitions will occur after service startup.If you disable this setting or do not configure this setting, a check f ...

oval:org.secpod.oval:def:29156
This policy setting allows you to define the order in which different definition update sources should be contacted. The value of this setting should be entered as a pipe-separated string enumerating the definition update sources in order. Possible values are: ?InternalDefinitionUpdateServer?, ?Micr ...

oval:org.secpod.oval:def:29157
This policy setting allows you to configure definition updates on startup when there is no antimalware engine present.If you enable or do not configure this setting, definition updates will be initiated on startup when there is no antimalware engine present.If you disable this setting, definition up ...

oval:org.secpod.oval:def:29154
This policy setting allows you to define the number of days that must pass before spyware definitions are considered out of date. If definitions are determined to be out of date, this state may trigger several additional actions, including falling back to an alternative update source or displaying a ...

oval:org.secpod.oval:def:29155
This policy setting allows you to define the number of days that must pass before virus definitions are considered out of date. If definitions are determined to be out of date, this state may trigger several additional actions, including falling back to an alternative update source or displaying a w ...

oval:org.secpod.oval:def:29149
This policy setting allows you to configure the antimalware service to receive notifications to disable individual definitions in response to reports it sends to Microsoft MAPS. Microsoft MAPS uses these notifications to disable definitions that are causing false positive reports. You must have conf ...

oval:org.secpod.oval:def:29147
This policy setting allows you to enable download of definition updates from Microsoft Update even if the Automatic Updates default server is configured to another download source such as Windows Update.If you enable this setting, definition updates will be downloaded from Microsoft Update.If you di ...

oval:org.secpod.oval:def:29148
This policy setting allows you to configure definition updates when the computer is running on battery power.If you enable or do not configure this setting, definition updates will occur as usual regardless of power state.If you disable this setting, definition updates will be turned off while the c ...

oval:org.secpod.oval:def:29141
This policy setting allows you to configure catch-up scans for scheduled full scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time. If you enable this sett ...

oval:org.secpod.oval:def:29142
This policy setting allows you to configure catch-up scans for scheduled quick scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time. If you enable this set ...

oval:org.secpod.oval:def:29140
This policy setting allows you to configure scheduled scans to start only when your computer is on but not in use.If you enable or do not configure this setting, scheduled scans will only run when the computer is on but not in use.If you disable this setting, scheduled scans will run at the schedule ...

oval:org.secpod.oval:def:29145
This policy setting defines the number of days items should be kept in the scan history folder before being permanently removed. The value represents the number of days to keep items in the folder. If set to zero, items will be kept forever and will not be automatically removed. By default, the valu ...

oval:org.secpod.oval:def:29146
This policy setting allows you to configure reparse point scanning. If you allow reparse points to be scanned, there is a possible risk of recursion. However, the engine supports following reparse points to a maximum depth so at worst scanning could be slowed. Reparse point scanning is disabled by d ...

oval:org.secpod.oval:def:29143
This policy setting allows you to configure e-mail scanning. When e-mail scanning is enabled, the engine will parse the mailbox and mail files, according to their specific format, in order to analyze the mail bodies and attachments. Several e-mail formats are currently supported, for example: pst (O ...

oval:org.secpod.oval:def:29144
This policy setting allows you to configure heuristics. Suspicious detections will be suppressed right before reporting to the engine client. Turning off heuristics will reduce the capability to flag new threats. It is recommended that you do not turn off heuristics.If you enable or do not configure ...

oval:org.secpod.oval:def:22579
The machine lockout policy is enforced only on those machines that have Bitlocker enabled for protecting OS volumes.

oval:org.secpod.oval:def:22578
Allowing biometrics may bypass required authentication methods. Biometrics may only be used as an additional authentication factor where an enhanced strength of identity credential is necessary or desirable. Additional factors must be met per DoD policy.

oval:org.secpod.oval:def:22582
Enable: 'Allow Secure Boot for integrity validation'

oval:org.secpod.oval:def:22567
'Configure use of smart cards on fixed data drives' for FDVAllowUserCert

oval:org.secpod.oval:def:22576
This policy setting determines whether all secure channel traffic that is initiated by the domain member must be signed or encrypted.

oval:org.secpod.oval:def:22575
This policy setting configures whether or not fixed data drives formatted with the FAT file system can be unlocked and viewed on computers running Windows Server 2008, Windows Vista, Windows XP with Service Pack 3 (SP3), or Windows XP with Service Pack 2 (SP2) operating systems.

oval:org.secpod.oval:def:22571
Allowing unsecure RPC communication exposes the system to man in the middle attacks and data disclosure attacks. A man in the middle attack occurs when an intruder captures packets between a client and server and modifies them before allowing the packets to be exchanged. Usually the attacker will mo ...

oval:org.secpod.oval:def:22559
This policy setting determines whether a domain member should attempt to negotiate encryption for all secure channel traffic that it initiates.

oval:org.secpod.oval:def:29192
Configure access to all removable storage classes.This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes, use the policy settings available for each class.If you enable this policy setting, no access is allowed to any removable storag ...

oval:org.secpod.oval:def:29193
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses CredSSP authentication. If you enable this policy setting, the WinRM client will use CredSSP authentication. If you disable or do not configure this policy setting, then the WinRM client ...

oval:org.secpod.oval:def:29190
Removes the Pictures icon from the Start Menu.

oval:org.secpod.oval:def:29191
Turns off the integration of application auto complete lists with Tablet PC Input Panel in applications where this behavior is available.Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts. ...

oval:org.secpod.oval:def:29196
This policy setting removes the Administrative options from the Region settings control panel. Administrative options include interfaces for setting system locale and copying settings to the default user. This policy setting does not, however, prevent an administrator or another application from ch ...

oval:org.secpod.oval:def:29197
This policy setting allows you to specify which DNS host names and which DNS suffixes are mapped to a Kerberos realm.If you enable this policy setting, you can view and change the list of DNS host names and DNS suffixes mapped to a Kerberos realm as defined by Group Policy. To view the list of mappi ...

oval:org.secpod.oval:def:29194
This policy setting saves copies of transform files in a secure location on the local computer.Transform files consist of instructions to modify or customize a program during installation.If you enable this policy setting, the transform file is saved in a secure location on the users computer.If you ...

oval:org.secpod.oval:def:29195
The ActiveX Installer Service is the solution to delegate the install of per-machine ActiveX controls to a Standard User in the enterprise.The list of Approved ActiveX Install sites contains the host URL and the policy settings for each host URL. Wild cards are not supported.

oval:org.secpod.oval:def:29198
Specifies the amount of time for Automatic Updates to wait before proceeding with a scheduled restart.If the status is set to Enabled, a scheduled restart will occur the specified number of minutes after the installation is finished.If the status is set to Disabled or Not Configured, the default wai ...

oval:org.secpod.oval:def:29199
This policy setting deletes all data stored on Windows SideShow-compatible devices (running Microsoft firmware) when a user logs off from the computer. This is a security precaution but it significantly limits the usefulness of the devices.If you enable this policy setting, all data stored on device ...

oval:org.secpod.oval:def:22548
Enable: 'Do not enumerate connected users on domain-joined computers'

oval:org.secpod.oval:def:29181
Removes access to the performance center control panel solutions to performance problems.If you enable this setting, the solutions and issue section within the performance control panel page will not be displayed. The administrative tools will not be affected. If you disable or do not configure this ...

oval:org.secpod.oval:def:29182
System Restore enables users, in the event of a problem, to restore their computers to a previous state without losing personal data files. By default, the Windows Installer automatically creates a System Restore checkpoint each time an application is installed, so that users can restore their compu ...

oval:org.secpod.oval:def:29180
This policy setting turns off Quiet Hours functionality. If you enable this policy setting, toast notifications will not be suppressed and some background tasks will not be deferred during the designated Quiet Hours time window each day. If you disable this policy setting, toast notifi ...

oval:org.secpod.oval:def:29185
It is feasible for a attacker to disguise a Trojan horse program as a printer driver. The program may appear to users as if they must use it to print, but such a program could unleash malicious code on your computer network. To reduce the possibility of such an event, only administrators should be a ...

oval:org.secpod.oval:def:22554
'Configure use of hardware-based encryption for removable data drives' for RDVHardwareEncryption

oval:org.secpod.oval:def:29186
This policy setting allows you to specify whether Remote Desktop Services uses a mandatory profile for all users connecting remotely to the RD Session Host server.If you enable this policy setting, Remote Desktop Services uses the path specified in the Set path for Remote Desktop Services Roaming Us ...

oval:org.secpod.oval:def:29183
This policy setting prevents search queries from being stored in the registry. If you enable this policy setting, search suggestions based on previous searches won?t appear in the search pane. Search suggestions provided by apps or by Windows based on local content will still appear.If you disable o ...

oval:org.secpod.oval:def:29184
This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the global cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstrap ...

oval:org.secpod.oval:def:29189
Removes the Help command from the Start menu.This setting only affects the Start menu. It does not remove the Help menu from Windows Explorer and does not prevent users from running Help.

oval:org.secpod.oval:def:29187
Directs the system to wait for the remote copy of the roaming user profile to load, even when loading is slow. Also, the system waits for the remote copy when the user is notified about a slow connection, but does not respond in the time allowed.This setting and related settings in this folder toget ...

oval:org.secpod.oval:def:29188
This policy setting turns off the location feature for this computer. If you enable this policy setting, the location feature is turned off, and all programs on this computer are prevented from using location information from the location feature. If you disable or do not configure thi ...

oval:org.secpod.oval:def:22615
This policy setting determines whether the virtual memory pagefile is cleared when the system is shut down.

oval:org.secpod.oval:def:22614
Turning off an inactive display supports energy saving initiatives. It may also extend availability on systems running on a battery.

oval:org.secpod.oval:def:22612
This policy setting determines the least number of characters that make up a password for a user account.

oval:org.secpod.oval:def:22610
Enable: 'Turn Off Internet File Association Service'

oval:org.secpod.oval:def:22619
This policy setting allows administrators to enable the more precise auditing capabilities present in Windows Vista. Uses subcategory setting to override audit policy categories.

oval:org.secpod.oval:def:22618
Specify the 'Configure minimum PIN length for startup'

oval:org.secpod.oval:def:22606
The policy setting controls whether to audit users who have accessed the Security Accounts Manager (SAM) object on computers running Windows Vista or later Windows operating systems.

oval:org.secpod.oval:def:22605
The Detailed Tracking audit category determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access. This setting deals with Process Creation.

oval:org.secpod.oval:def:22603
This audit category generates events that record the creation and destruction of logon sessions. This setting targets the IPsec Extended Mode settings.

oval:org.secpod.oval:def:22601
This policy setting audits Account Management events.

oval:org.secpod.oval:def:22609
This setting controls whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy.

oval:org.secpod.oval:def:22608
This policy setting determines whether a computer can be shut down when a user is not logged on.

oval:org.secpod.oval:def:22607
This policy setting determines the number of renewed, unique passwords that have to be associated with a user account before you can reuse an old password.

oval:org.secpod.oval:def:22659
This setting controls whether local administrators are allowed to create local firewall rules that apply with other firewall rules enforced by Group Policy.

oval:org.secpod.oval:def:22655
This option determines if this computer can receive unicast responses to multicast or broadcast messages that it initiates. Unsolicited unicast responses are blocked regardless of this setting.

oval:org.secpod.oval:def:22654
The Account Logon audit category generates events for credential validation. These events occur on the computer that is authoritative for the credentials.

oval:org.secpod.oval:def:22664
When Windows Defender detects software or changes by software not yet classified for risks, you see how other members responded to the alert. In turn, the action you apply help other members choose how to respond. Your actions also help Microsoft choose which software to investigate for potential th ...

oval:org.secpod.oval:def:22662
Specify the 'Network access: Shares that can be accessed anonymously'

oval:org.secpod.oval:def:22661
This setting controls whether local administrators are allowed to create connection security rules that apply with other connection security rules enforced by Group Policy.

oval:org.secpod.oval:def:22647
Root certificates will not be updated automatically from Microsoft

oval:org.secpod.oval:def:22646
Remote Desktop Services is configured to allow an idle session limit no greater than 15 minutes

oval:org.secpod.oval:def:22644
This policy setting makes the Recovery Console SET command available.

oval:org.secpod.oval:def:22643
This policy setting specifies whether Terminal Services always prompts the client computer for a password upon connection.

oval:org.secpod.oval:def:22653
This policy setting determines who is allowed to format and eject removable media.

oval:org.secpod.oval:def:22650
This setting determines the behavior for outbound connections that do not match an outbound firewall rule. If Outbound connections are set to Block and deploy the firewall policy by using a GPO, cannot receive subsequent Group Policy updates.

oval:org.secpod.oval:def:22639
The entry appears as MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) in the SCE.

oval:org.secpod.oval:def:22638
The entry appears as MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning in the SCE.

oval:org.secpod.oval:def:22637
This policy setting audits Distribution Group Management events.

oval:org.secpod.oval:def:22636
Select On to allow Windows Firewall to filter network traffic. Select Off to prevent Windows Firewall from using any firewall rules or connection security rules for this profile.

oval:org.secpod.oval:def:22635
This policy setting prevents users from sharing the local drives on their client computers to Terminal Servers that they access.

oval:org.secpod.oval:def:22634
The Detailed Tracking audit category determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access. This setting deals with the DPAPI Activity.

oval:org.secpod.oval:def:22633
This policy setting in the System audit category determines whether to audit Security System Extension changes on computers that are running Windows Vista or later Windows operating systems.

oval:org.secpod.oval:def:22632
When this policy setting is enabled, a domain controller must authenticate the domain account used to unlock the computer.

oval:org.secpod.oval:def:22642
Disable: 'Turn off Data Execution Prevention for Explorer'

oval:org.secpod.oval:def:22641
Use this option to log when Windows Firewall with Advanced Security allows an inbound connection.

oval:org.secpod.oval:def:22640
Turn Off the "Order Prints" Picture Task

oval:org.secpod.oval:def:22628
Use this option to log when Windows Firewall with Advanced Security discards an inbound packet for any reason.

oval:org.secpod.oval:def:22627
This policy setting in the System audit category determines whether to audit Other System events on computers that are running Windows Vista or later versions of Windows.

oval:org.secpod.oval:def:22626
Disable: 'Restrict Unauthenticated RPC clients'

oval:org.secpod.oval:def:22625
Use this option to log when Windows Firewall with Advanced Security discards an inbound packet for any reason.

oval:org.secpod.oval:def:22624
When this policy setting is enabled, a secure channel can only be established with domain controllers that are capable of encrypting secure channel data with a strong (128-bit) session key.

oval:org.secpod.oval:def:22623
Controls whether computer receives unicast responses to its outgoing multicast or broadcast messages.

oval:org.secpod.oval:def:22621
This policy setting determines which registry paths and sub-paths will be accessible when an application or process references the WinReg key to determine access permissions.

oval:org.secpod.oval:def:22629
This policy setting audits Other Account Management events.

oval:org.secpod.oval:def:22631
This policy setting specifies whether Windows Messenger can collect anonymous information about how the Windows Messenger software and service is used.

oval:org.secpod.oval:def:22630
Enable: 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes'

oval:org.secpod.oval:def:22689
This setting determines whether to audit the event of a user who accesses an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It targets application generated events.

oval:org.secpod.oval:def:22688
This policy setting in the System audit category determines whether to audit System Integrity changes on computers that are running Windows Vista.

oval:org.secpod.oval:def:22687
Network security: Force logoff when logon hours expire

oval:org.secpod.oval:def:22697
Enable: 'Turn Off Handwriting Reconition Error Reporting'

oval:org.secpod.oval:def:22695
Detailed Tracking audit category determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access. This setting deals with Process Termination.

oval:org.secpod.oval:def:22694
Specify the 'Network access: Named Pipes that can be accessed anonymously'

oval:org.secpod.oval:def:22692
This policy setting allows Local System services that use Negotiate to use the computer identity when reverting to NTLM authentication.

oval:org.secpod.oval:def:22678
This policy setting determines the level of data signing that is requested on behalf of clients that issue LDAP BIND requests.

oval:org.secpod.oval:def:22677
Network security: Minimum session security for NTLM SSP based (including secure RPC) server applications.

oval:org.secpod.oval:def:22685
When this setting is configured to Enabled, users are not required to use the CTRL+ALT+DEL key combination to log on to the network.

oval:org.secpod.oval:def:22684
Use this option to specify the path and name of the file in which Windows Firewall will write its log information.

oval:org.secpod.oval:def:22683
This policy setting in the System audit category determines whether to audit IPsec Driver events on computers that are running Windows Vista.

oval:org.secpod.oval:def:22682
The policy setting for this audit category determines whether to audit Authentication Policy changes on computers running Windows Vista or later Windows operating systems.

oval:org.secpod.oval:def:22681
Select this option to have Windows Firewall with Advanced Security display notifications to the user when a program is blocked from receiving inbound connections.

oval:org.secpod.oval:def:22680
Use this option to specify the size limit of the file in which Windows Firewall will write its log information.

oval:org.secpod.oval:def:22667
Verify that the failure audit setting for 'Audit: Audit Policy Change' has been set appropriately.

oval:org.secpod.oval:def:22666
This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console

oval:org.secpod.oval:def:22665
Allow NTLM to fall back to NULL session when used with LocalSystem.

oval:org.secpod.oval:def:22675
Disable the Mapper I/O Driver AllowLLTDIOOnDomain, AllowLLTDIOOnPublicNet, EnableLLTDIO, and ProhibitLLTDIOOnPrivateNet settings

oval:org.secpod.oval:def:22673
This policy setting audits Application Group Management events.

oval:org.secpod.oval:def:22672
MSS: (TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)

oval:org.secpod.oval:def:22670
Enable: 'Configure Solicited Remote Assistance'

oval:org.secpod.oval:def:22379
If this setting is enabled any additional data requests from Microsoft in response to a Windows Error Reporting event will be automatically declined without notice to the user.

oval:org.secpod.oval:def:22386
Specifies whether or not the user is prompted for a password when the system resumes from sleep. If you enable this policy, or if it is not configured, the user is prompted for a password when the system resumes from sleep. If you disable this policy, the user is not prompted for a password when t ...

oval:org.secpod.oval:def:22385
Installation options for applications are typically controlled by administrators. This setting prevents users from changing installation options that may bypass security features.

oval:org.secpod.oval:def:22384
Enable: 'Allow Standby States (S1-S3) When Sleeping (On Battery)'

oval:org.secpod.oval:def:22382
Domain member: Maximum machine account password age

oval:org.secpod.oval:def:22369
This policy setting determines whether to disconnect users who are connected to the local computer outside their user accounts valid logon hours. It affects the SMB component.

oval:org.secpod.oval:def:22370
This policy setting allows you to specify the amount of continuous idle time that must pass in an SMB session before the session is suspended because of inactivity.

oval:org.secpod.oval:def:22377
IPSec exemptions are limited

oval:org.secpod.oval:def:22375
This policy setting controls the ability of anonymous users to enumerate the accounts in the Security Accounts Manager (SAM).

oval:org.secpod.oval:def:22374
This definition tests the maximum allowed size of the setup log is equal to or greater than the supplied value.

oval:org.secpod.oval:def:22373
This is the setting that turns on or off UAC. Disabling this setting effectively disables UAC.

oval:org.secpod.oval:def:22372
Use this option to log when Windows Firewall with Advanced Security allows an inbound connection.

oval:org.secpod.oval:def:22371
The Screen Saver timeout setting should be configured correctly.

oval:org.secpod.oval:def:22358
Enable: 'Require domain users to elevate when setting a network's location'

oval:org.secpod.oval:def:22357
This policy setting determines the amount of time before previously scheduled Automatic Update installations will proceed after system startup.

oval:org.secpod.oval:def:22367
This policy setting determines which registry paths will be accessible after referencing the WinReg key to determine access permissions to the paths.

oval:org.secpod.oval:def:22366
This policy setting in the DS Access audit category enables domain controllers to report detailed information about information that replicates between domain controllers.

oval:org.secpod.oval:def:22365
Use this option to specify the path and name of the file in which Windows Firewall will write its log information.

oval:org.secpod.oval:def:22364
This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user.

oval:org.secpod.oval:def:22363
This policy setting determines whether the Transport Layer Security/Secure Sockets Layer (TLS/SSL) Security Provider supports only the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite.

oval:org.secpod.oval:def:22360
This policy setting determines the number of days that you must use a password before you can change it.

oval:org.secpod.oval:def:22355
Windows Firewall with Advanced Security uses the settings for this profile to filter network traffic.

oval:org.secpod.oval:def:22354
Use this option to log when Windows Firewall with Advanced Security discards an inbound packet for any reason.

oval:org.secpod.oval:def:22353
Turn off shell protocol protected mode

oval:org.secpod.oval:def:22351
Disable: 'Configure Offer Remote Assistance'

oval:org.secpod.oval:def:22392
Specify the 'Account Lockout Threshold'

oval:org.secpod.oval:def:22390
MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure DefaultGateway addresses (could lead to DoS)

oval:org.secpod.oval:def:22399
Enable: 'Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider'

oval:org.secpod.oval:def:22398
This policy setting controls the behavior of the elevation prompt for standard users on computers running Windows 7, Windows Server 2008 R2, and later versions of Windows.

oval:org.secpod.oval:def:22396
This policy setting helps prevent Terminal Services clients from saving passwords on a computer.

oval:org.secpod.oval:def:22393
By default, all administrator accounts are displayed when you attempt to elevate a running application.

oval:org.secpod.oval:def:22489
Use this option to specify the path and name of the file in which Windows Firewall will write its log information.

oval:org.secpod.oval:def:22490
This policy setting allows you to manage whether the Install Updates and Shut Down option is displayed in the Shut Down Windows dialog box.

oval:org.secpod.oval:def:22499
This policy setting allows you to manage configuration of remote access to all supported shells to execute scripts and commands.

oval:org.secpod.oval:def:22498
Hiding the computer from the Browse List removes one method attackers might use to gether information about computers on the network.

oval:org.secpod.oval:def:22497
This policy setting specifies whether Windows will search Windows Update for device drivers when no local drivers for a device are present.

oval:org.secpod.oval:def:22495
This policy setting determines whether the system shuts down if it is unable to log Security events.

oval:org.secpod.oval:def:22493
This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account.

oval:org.secpod.oval:def:22479
This settings determines whether to audit the event of a user who attempts to access an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to Kernal Object access processes.

oval:org.secpod.oval:def:22478
This policy setting controls whether the computer can download print driver packages over HTTP. To set up HTTP printing, printer drivers that are not available in the standard operating system installation might need to be downloaded over HTTP.

oval:org.secpod.oval:def:22480
Enable: 'Prohibit Access of the Windows Connect Now Wizards'

oval:org.secpod.oval:def:22486
This policy setting controls the behavior of the elevation prompt for administrators on computers running Windows 7, Windows Server 2008 R2, and later versions of Windows.

oval:org.secpod.oval:def:22485
Control Event Log behavior when the log file reaches its maximum size (System)

oval:org.secpod.oval:def:22484
The policy setting for this audit category determines whether to audit Filtering Platform Policy changes on computers running Windows Vista or later Windows operating systems.

oval:org.secpod.oval:def:22483
This settings determines whether to audit the event of a user who accesses an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to Other Object Access events.

oval:org.secpod.oval:def:22482
The policy setting for this audit category determines whether to audit Authorization Policy changes on computers running Windows Vista or later Windows operating systems.

oval:org.secpod.oval:def:22469
Autoplay starts to read from a drive as soon as you insert media in the drive, which causes the setup file for programs or audio media to start immediately.

oval:org.secpod.oval:def:22467
Media Player is configured to allow automatic checking for updates

oval:org.secpod.oval:def:22477
Enable: 'Troubleshooting: Allow user to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via Windows Online Troubleshooting Service - WOTS)'

oval:org.secpod.oval:def:22476
This setting determines the behavior for outbound connections that do not match an outbound firewall rule. If Outbound connections are set to Block and deploy the firewall policy by using a GPO, cannot receive subsequent Group Policy updates.

oval:org.secpod.oval:def:22475
This policy setting determines what happens when the smart card for a logged on user is removed from the smart card reader.

oval:org.secpod.oval:def:22472
Specifies whether or not the user is prompted for a password when the system resumes from sleep.

oval:org.secpod.oval:def:22471
This settings determines whether to audit the event of a user who attempts to access an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to File System object access processes.

oval:org.secpod.oval:def:22470
Setting controls whether Windows will download a list of providers for the Web publishing and online ordering wizards.

oval:org.secpod.oval:def:22419
This setting applies to the Non Sensitive Privilege Use subcategory of events. You can use it to audit users exercising user rights.

oval:org.secpod.oval:def:22418
Use this option to log when Windows Firewall with Advanced Security allows an inbound connection.

oval:org.secpod.oval:def:22417
Disable the Responder network protocol driver AllowRspndrOnDomain, AllowRspndrOnPublicNet, EnableRspndr, and ProhibitRspndrOnPrivateNet settings

oval:org.secpod.oval:def:22415
This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop.

oval:org.secpod.oval:def:22414
This audit category generates events that record the creation and destruction of logon sessions. This setting targets the special settings defined in the Windows Vista Security Guide.

oval:org.secpod.oval:def:22413
This setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor.

oval:org.secpod.oval:def:22412
This policy setting determines if the server side SMB service is required to perform SMB packet signing.

oval:org.secpod.oval:def:22422
Turning off an inactive display supports energy saving initiatives. It may also extend availability on systems running on a battery.

oval:org.secpod.oval:def:22421
This setting determines the behavior for inbound connections that do not match an inbound firewall rule. The default behavior is to block connections unless there are firewall rules to allow the connection.

oval:org.secpod.oval:def:22420
The Detailed Tracking audit category determines whether to audit detailed tracking information for events, such as program activation, process exit, handle duplication, and indirect object access. This setting is focused on RPC events.

oval:org.secpod.oval:def:22407
Disable: 'Always Use Classic Logon'

oval:org.secpod.oval:def:22406
Enables desktop screen savers. If you disable this setting, screen savers do not run. Also, this setting disables the Screen Saver section of the Screen Saver dialog in the Personalization or Display Control Panel. As a result, users cannot change the screen saver options. If you do not configure ...

oval:org.secpod.oval:def:22405
If this setting is enabled Windows Error Reporting events will not be logged to the system event log.

oval:org.secpod.oval:def:22404
This policy setting determines how network logons that use local accounts are authenticated.

oval:org.secpod.oval:def:22403
Disable: 'Control Event Log behavior when the log file reaches its maximum size' for Application

oval:org.secpod.oval:def:22402
This policy determines whether to audit the event of a user who attempts to access an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to the certification services processes.

oval:org.secpod.oval:def:22401
Enable: 'Do not send a Windows Error Report when a generic driver is installed on a device'

oval:org.secpod.oval:def:22409
This policy setting specifies whether Search Companion should automatically download content updates during local and Internet searches.

oval:org.secpod.oval:def:22411
Users must be aware of attempted program installations. This setting ensures users are notified if a web-based program attempts to install software.

oval:org.secpod.oval:def:22400
Windows Firewall with Advanced Security uses the settings for this profile to filter network traffic.

oval:org.secpod.oval:def:22459
Setting controls the auto-restart functionality of the operating system

oval:org.secpod.oval:def:22457
The entry appears as MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) in the SCE.

oval:org.secpod.oval:def:22456
Turn off handwriting personalization data sharing

oval:org.secpod.oval:def:22466
Enable: 'Turn Off Internet Connection Wizard if URL Connection is Referring to Microsoft.com'

oval:org.secpod.oval:def:22465
This policy setting controls whether application write failures are redirected to defined registry and file system locations.

oval:org.secpod.oval:def:22464
This subcategory is not used.

oval:org.secpod.oval:def:22462
Always install with elevated privileges

oval:org.secpod.oval:def:22461
This policy setting determines whether a user can log on to a Windows domain using cached account information.

oval:org.secpod.oval:def:22449
This settings determines whether to audit the event of a user who accesses an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to Registry Object access events.

oval:org.secpod.oval:def:22445
This setting controls whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy.

oval:org.secpod.oval:def:22453
Enable: 'Prevent device metadata retrieval from internet'

oval:org.secpod.oval:def:22452
Setting displays notifications to the user when a program is blocked from receiving inbound connections.

oval:org.secpod.oval:def:22451
This is an advanced security setting for the Windows Firewall that you can use to allow unicast responses on computers running Windows Vista or later.

oval:org.secpod.oval:def:22450
Audit the access of global system objects is disabled

oval:org.secpod.oval:def:22438
Enable: 'Network access: Do not allow storage of credentials or .NET Passports for network authentication'

oval:org.secpod.oval:def:22436
Disable: 'Reversible Password Encryption'

oval:org.secpod.oval:def:22435
This policy setting audits Computer Account Management events.

oval:org.secpod.oval:def:22444
The Password protect the screen saver setting should be configured correctly.

oval:org.secpod.oval:def:22442
This policy setting in the DS Access audit category enables reports to result when changes to create, modify, move, or undelete operations are performed on objects in Active Directory Domain Services (AD DS).

oval:org.secpod.oval:def:22441
This policy setting specifies whether the tasks Publish this file to the Web, Publish this folder to the Web, and Publish the selected items to the Web are available from File and Folder Tasks in Windows folders.

oval:org.secpod.oval:def:22440
The system is configured to prevent name-release attacks

oval:org.secpod.oval:def:22429
Disable: 'Do not create system restore point when new device driver installed'

oval:org.secpod.oval:def:22428
Enable: 'Prevent the computer from joining a HomeGroup'

oval:org.secpod.oval:def:22427
This policy setting determines whether the SMB client will attempt to negotiate SMB packet signing.

oval:org.secpod.oval:def:22426
This audit category generates events that record the creation and destruction of logon sessions. This setting targets IPsec Quick Mode settings.

oval:org.secpod.oval:def:22425
This setting determines whether to audit the event of a user who attempts to access an object that has a specified system access control list (SACL), effectively enabling auditing to take place. This setting is targeted to File Share access operations.

oval:org.secpod.oval:def:22423
Remote Desktop Services is not configured to use a common temporary folder for all sessions

oval:org.secpod.oval:def:22431
This policy setting determines how far in advance users are warned that their password will expire.

oval:org.secpod.oval:def:22599
Select this option to have Windows Firewall with Advanced Security display notifications to the user when a program is blocked from receiving inbound connections.

oval:org.secpod.oval:def:22588
This policy will be turned off by default on domain joined machines. This would disallow the online identities to be able to authenticate to the domain joined machine in Windows 7.

oval:org.secpod.oval:def:22590
Verify that the failure audit setting for 'Audit File System' has been set appropriately.

oval:org.secpod.oval:def:22598
This policy setting in the System audit category determines whether to audit Security State changes on computers that are running Windows Vista or later Windows operating systems.

oval:org.secpod.oval:def:22597
Disable: 'Prohibit installation and configuration of Network Bridge on your DNS domain network'

oval:org.secpod.oval:def:22596
Disable: 'Enable RPC Endpoint Mapper Client Authentication'

oval:org.secpod.oval:def:22595
This audit category generates events that record the creation and destruction of logon sessions. This setting targets the Logon-Logoff Account Lockout setting.

oval:org.secpod.oval:def:22593
The Policy Change audit category determines whether to audit every incident of a change to user rights assignment policies, Windows Firewall policies, Trust policies, or changes to the Audit policy itself.

oval:org.secpod.oval:def:22592
Enable: 'Default behavior for AutoRun'

oval:org.secpod.oval:def:22539
Specify the maximum log file size (KB) (System)

oval:org.secpod.oval:def:22538
The 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' setting should be configured correctly.

oval:org.secpod.oval:def:22537
This setting determines the behavior for inbound connections that do not match an inbound firewall rule. The default behavior is to block connections unless there are firewall rules to allow the connection.

oval:org.secpod.oval:def:22536
Enable: 'Turn Off Microsoft Peer-to-Peer Networking Services'

oval:org.secpod.oval:def:22534
Enable: 'Turn Off Registration if URL Connection is Referring to Microsoft.com'

oval:org.secpod.oval:def:22542
This policy setting allows you to disable the client computers ability to print over HTTP, which allows the computer to print to printers on the intranet as well as the Internet.

oval:org.secpod.oval:def:22541
This policy setting determines if the server side SMB service is able to sign SMB packets if it is requested to do so by a client that attempts to establish a connection.

oval:org.secpod.oval:def:22540
This policy setting in the DS Access audit category enables reports to result when Active Directory Domain Services (AD DS) objects are accessed.

oval:org.secpod.oval:def:22529
This settings determines whether to audit the event of a user who attempts to access an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to Handle Manipulation on Windows objects.

oval:org.secpod.oval:def:22526
Use this option to specify the size limit of the file in which Windows Firewall will write its log information.

oval:org.secpod.oval:def:22525
Use this option to specify the size limit of the file in which Windows Firewall will write its log information.

oval:org.secpod.oval:def:22524
This setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor.

oval:org.secpod.oval:def:22523
This policy setting determines what additional permissions are assigned for anonymous connections to the computer

oval:org.secpod.oval:def:22530
This policy setting controls the behavior of application installation detection for the computer.

oval:org.secpod.oval:def:22518
This setting enables the prevention of the execution of unsigned or invalidated applications. Before enabling this setting, it is essential that administrators are certain that all required applications are signed and valid.

oval:org.secpod.oval:def:22517
This policy setting determines whether packet signing is required by the SMB client component.

oval:org.secpod.oval:def:22515
Specify the 'MSS: (KeepAliveTime)How often keep-alive packets are sent in milliseconds'

oval:org.secpod.oval:def:22513
Disable this policy setting to prevent the SMB redirector from sending plaintext passwords during authentication to third-party SMB servers that do not support password encryption.

oval:org.secpod.oval:def:22511
This setting determines the behavior for inbound connections that do not match an inbound firewall rule.

oval:org.secpod.oval:def:22519
This policy setting for the DS Access audit category enables reports to result when replication between two domain controllers starts and ends.

oval:org.secpod.oval:def:22520
This audit category generates events that record the creation and destruction of logon sessions. This setting targets the Logon settings.

oval:org.secpod.oval:def:22507
This audit category generates events that record the creation and destruction of logon sessions. This setting targets the IPsec Main Mode settings.

oval:org.secpod.oval:def:22506
This policy setting determines whether a domain member can periodically change its computer account password.

oval:org.secpod.oval:def:22505
This policy setting audits logon events other than credential validation and Kerberos Ticket Events.

oval:org.secpod.oval:def:22504
Enable: 'Prevent indexing uncached Exchange folders'

oval:org.secpod.oval:def:22503
The registry value entry AutoAdminLogon was added to the template file in the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ registry key

oval:org.secpod.oval:def:22502
Remote Desktop Services is configured to set a time limit for disconnected sessions

oval:org.secpod.oval:def:22501
This setting determines the behavior for outbound connections that do not match an outbound firewall rule.

oval:org.secpod.oval:def:22500
Enable: 'Allow remote access to the PnP interface'

oval:org.secpod.oval:def:22509
This policy setting allows the administrator account to automatically log on to the recovery console when it is invoked during startup.

oval:org.secpod.oval:def:22508
This policy setting audits Security Group Management events.

oval:org.secpod.oval:def:22510
This policy setting determines whether a domain member should attempt to negotiate whether all secure channel traffic that it initiates must be digitally signed.

oval:org.secpod.oval:def:22577
This audit category generates events that record the creation and destruction of logon sessions.

oval:org.secpod.oval:def:22586
The policy setting for this audit category determines whether to audit Other Policy Change events on computers running Windows Vista or later Windows operating systems.

oval:org.secpod.oval:def:22585
Enable: 'Allow Standby States (S1-S3) When Sleeping (Plugged In)'

oval:org.secpod.oval:def:22584
Determines whether case insensitivity is enforced for all subsystems. Example is case insensitivity for other subsystems, such as the Portable Operating System Interface for UNIX (POSIX) which are normally case sensitive.

oval:org.secpod.oval:def:22583
This policy setting determines the strength of the default discretionary access control list (DACL) for objects.

oval:org.secpod.oval:def:22581
Network security: Minimum session security for NTLM SSP based (including secure RPC) client applications.

oval:org.secpod.oval:def:22580
This policy setting allows you to manage whether the Install Updates and Shut Down option is displayed in the Shut Down Windows dialog box.

oval:org.secpod.oval:def:22569
Disable: 'do not process the run once list'

oval:org.secpod.oval:def:22568
When enabled, this policy setting restricts anonymous access to only those shares and pipes that are named in the Network access: Named pipes that can be accessed anonymously and Network access: Shares that can be accessed anonymously settings.

oval:org.secpod.oval:def:22566
This policy setting specifies the type of challenge/response authentication for network logons. LAN Manager (LM) authentication is the least secure method; it allows encrypted passwords to be cracked because they can be easily intercepted on the network.

oval:org.secpod.oval:def:22574
Enable: 'Turn on session logging'

oval:org.secpod.oval:def:22572
Route all traffic through the internal network

oval:org.secpod.oval:def:22570
This setting controls whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy.

oval:org.secpod.oval:def:22557
6to4 State

oval:org.secpod.oval:def:22556
This policy setting controls the ability of anonymous users to enumerate SAM accounts as well as shares.

oval:org.secpod.oval:def:22555
Specify the maximum log file size (KB) (Security)

oval:org.secpod.oval:def:22565
Control Event Log behavior when the log file reaches its maximum size (Security)

oval:org.secpod.oval:def:22564
Specify the maximum log file size (KB) (Application)

oval:org.secpod.oval:def:22563
The policy setting for this audit category determines whether to audit MPSSVC Rule-Level Policy changes on computers running Windows Vista or later Windows operating systems.

oval:org.secpod.oval:def:22562
This setting applies to the Sensitive Privilege Use subcategory of events. You can use it to audit users exercising user rights.

oval:org.secpod.oval:def:22561
The entry appears as MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) in the SCE.

oval:org.secpod.oval:def:22560
This policy setting determines whether the account name of the last user to log on to the client computers in your organization will be displayed in each computer's respective Windows logon screen.

oval:org.secpod.oval:def:22549
This audit category generates events that record the creation and destruction of logon sessions. This setting targets the Logoff event settings.

oval:org.secpod.oval:def:22547
This settings determines whether to audit the event of a user who attempts to access an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to dropped packet events by the Filtering Pl

oval:org.secpod.oval:def:22546
This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system.

oval:org.secpod.oval:def:22545
This policy setting determines whether the LAN Manager (LM) hash value for the new password is stored when the password is changed.

oval:org.secpod.oval:def:22553
The entry appears as MSS: (DisableIPSourceRouting) IPv6 source routing protection level (protects against packet spoofing) in the SCE.

oval:org.secpod.oval:def:22552
This setting determines whether to audit the event of a user who attempts to access an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to connections to the Filtering Platform.

oval:org.secpod.oval:def:22551
Some features may communicate with the vendor, sending system information or downloading data or components for the feature. Turning off this capability will prevent potentially sensitive information from being sent outside the enterprise and uncontrolled updates to the system. This setting will pre ...

oval:org.secpod.oval:def:22550
Password must meet complexity requirements.

oval:org.secpod.oval:def:22544
This security setting determines if the Guest account is enabled or disabled. Default: Disabled. Note: If the Guest account is disabled and the security option Network Access: Sharing and Security Model for local accounts is set to Guest Only, network logons, such as those performed by the Microso ...

oval:org.secpod.oval:def:22359
This security setting determines whether a different account name is associated with the security identifier (SID) for the account "Guest." Renaming the well-known Guest account makes it slightly more difficult for unauthorized persons to guess this user name and password combination. The ...

oval:org.secpod.oval:def:22460
This security setting determines whether a different account name is associated with the security identifier (SID) for the account Administrator. Renaming the well-known Administrator account makes it slightly more difficult for unauthorized persons to guess this privileged user name and password co ...

oval:org.secpod.oval:def:22616
This policy setting determines whether users can increase the base priority class of a process. (It is not a privileged operation to increase relative priority within a priority class.) This user right is not required by administrative tools that are supplied with the operating system but might be r ...

oval:org.secpod.oval:def:22679
This policy setting determines which users can bypass file, directory, registry, and other persistent object permissions when restoring backed up files and directories on computers that run Windows Vista in your environment. This user right also determines which users can set valid security principa ...

oval:org.secpod.oval:def:22362
This policy setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right. Users who can create global objects could affect processes that run under other users& ...

oval:org.secpod.oval:def:22492
This setting determines which users can change the time zone of the computer. This ability holds no great danger for the computer and may be useful for mobile workers. When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Activ ...

oval:org.secpod.oval:def:22439
This policy setting determines which users or groups have the right to log on as a Terminal Services client. Remote desktop users require this user right. If your organization uses Remote Assistance as part of its help desk strategy, create a group and assign it this user right through Group Policy. ...

oval:org.secpod.oval:def:22430
The policy setting allows programs that run on behalf of a user to impersonate that user (or another specified account) so that they can act on behalf of the user. If this user right is required for this kind of impersonation, an unauthorized user will not be able to convince a client to connect for ...

oval:org.secpod.oval:def:22613
This policy setting determines which accounts will not be able to log on to the computer as a batch job. A batch job is not a batch (.bat) file, but rather a batch-queue facility. Accounts that use the Task Scheduler to schedule jobs need this user right. The Deny log on as a batch job user right ov ...

oval:org.secpod.oval:def:22620
This policy setting allows other users on the network to connect to the computer and is required by various network protocols that include Server Message Block (SMB)?based protocols, NetBIOS, Common Internet File System (CIFS), and Component Object Model Plus (COM+). When configuring a user right i ...

oval:org.secpod.oval:def:22600
This policy setting allows users to shut down Windows Vista based computers from remote locations on the network. Anyone who has been assigned this user right can cause a denial of service (DoS) condition, which would make the computer unavailable to service user requests. Therefore, Microsoft recom ...

oval:org.secpod.oval:def:22663
This policy setting allows users to change the Trusted for Delegation setting on a computer object in Active Directory. Abuse of this privilege could allow unauthorized users to impersonate other users on the network. When configuring a user right in the SCM enter a comma delimited list of accounts ...

oval:org.secpod.oval:def:22652
This policy setting allows users to take ownership of files, folders, registry keys, processes, or threads. This user right bypasses any permissions that are in place to protect objects to give ownership to the specified user. When configuring a user right in the SCM enter a comma delimited list of ...

oval:org.secpod.oval:def:22651
This policy setting allows users to dynamically load a new device driver on a system. An attacker could potentially use this capability to install malicious code that appears to be a device driver. This user right is required for users to add local printers or printer drivers in Windows Vista. When ...

oval:org.secpod.oval:def:22690
This policy setting allows users who do not have the Traverse Folder access permission to pass through folders when they browse an object path in the NTFS file system or the registry. This user right does not allow users to list the contents of a folder. When configuring a user right in the SCM ent ...

oval:org.secpod.oval:def:22676
This policy setting allows a process to assume the identity of any user and thus gain access to the resources that the user is authorized to access. When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Active Directory, they c ...

oval:org.secpod.oval:def:22669
This policy setting allows users to circumvent file and directory permissions to back up the system. This user right is enabled only when an application (such as NTBACKUP) attempts to access a file or directory through the NTFS file system backup application programming interface (API). Otherwise, t ...

oval:org.secpod.oval:def:22668
This policy setting determines which users can interactively log on to computers in your environment. Logons that are initiated by pressing the CTRL+ALT+DEL key sequence on the client computer keyboard require this user right. Users who attempt to log on through Terminal Services or IIS also require ...

oval:org.secpod.oval:def:22381
This policy setting allows users to change the size of the pagefile. By making the pagefile extremely large or extremely small, an attacker could easily affect the performance of a compromised computer. When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can ...

oval:org.secpod.oval:def:22387
This policy setting determines whether users can log on as Terminal Services clients. After the baseline member server is joined to a domain environment, there is no need to use local accounts to access the server from the network. Domain accounts can access the server for administration and end-use ...

oval:org.secpod.oval:def:22356
This policy setting determines which users who are logged on locally to the computers in your environment can shut down the operating system with the Shut Down command. Misuse of this user right can result in a denial of service condition. When configuring a user right in the SCM enter a comma deli ...

oval:org.secpod.oval:def:22394
This policy setting allows accounts to log on using the task scheduler service. Because the task scheduler is often used for administrative purposes, it may be needed in enterprise environments. However, its use should be restricted in high security environments to prevent misuse of system resources ...

oval:org.secpod.oval:def:22468
This user right is useful to kernel-mode components that extend the object namespace. However, components that run in kernel mode have this user right inherently. Therefore, it is typically not necessary to specifically assign this user right. When configuring a user right in the SCM enter a comma ...

oval:org.secpod.oval:def:22474
This policy setting determines which users can create symbolic links. In Windows Vista, existing NTFS file system objects, such as files and folders, can be accessed by referring to a new kind of file system object called a symbolic link. A symbolic link is a pointer (much like a shortcut or .lnk fi ...

oval:org.secpod.oval:def:22408
This policy setting determines which users or processes can generate audit records in the Security log. When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Active Directory, they can be groups, users, or computers. Fix: (1 ...

oval:org.secpod.oval:def:22410
This policy setting determines which users can change the auditing options for files and directories and clear the Security log. When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Active Directory, they can be groups, users, ...

oval:org.secpod.oval:def:22446
This policy setting determines which user accounts will have the right to attach a debugger to any process or to the kernel, which provides complete access to sensitive and critical operating system components. Developers who are debugging their own applications do not need to be assigned this user ...

oval:org.secpod.oval:def:22424
This policy setting prohibits users from connecting to a computer from across the network, which would allow users to access and potentially modify data remotely. In high security environments, there should be no need for remote users to access data on a computer. Instead, file sharing should be acc ...

oval:org.secpod.oval:def:22433
This policy setting determines which users can use tools to monitor the performance of non-system processes. Typically, you do not need to configure this user right to use the Microsoft Management Console (MMC) Performance snap-in. However, you do need this user right if System Monitor is configured ...

oval:org.secpod.oval:def:22432
This privilege determines which user accounts can increase or decrease the size of a process's working set. Default: Users The working set of a process is the set of memory pages currently visible to the process in physical RAM memory. These pages are resident and available for an applicatio ...

oval:org.secpod.oval:def:22532
This policy setting allows one process or service to start another service or process with a different security access token, which can be used to modify the security access token of that sub-process and result in the escalation of privileges. When configuring a user right in the SCM enter a comma ...

oval:org.secpod.oval:def:22531
This privilege determines which user accounts can modify the integrity label of objects, such as files, registry keys, or processes owned by other users. Processes running under a user account can modify the label of an object owned by that user to a lower level without this privilege. When configu ...

oval:org.secpod.oval:def:22604
This policy setting allows users to manage the system's volume or disk configuration, which could allow a user to delete a volume and cause data loss as well as a denial-of-service condition. When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be eit ...

oval:org.secpod.oval:def:22657
This security setting allows a security principal to log on as a service. Services can be configured to run under the Local System, Local Service, or Network Service accounts, which have a built in right to log on as a service. Any service that runs under a separate user account must be assigned the ...

oval:org.secpod.oval:def:22645
This policy setting allows users to configure the system-wide environment variables that affect hardware configuration. This information is typically stored in the Last Known Good Configuration. Modification of these values and could lead to a hardware failure that would result in a denial of servic ...

oval:org.secpod.oval:def:22458
This policy setting allows a process to create an access token, which may provide elevated rights to access sensitive data. When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Active Directory, they can be groups, users, or c ...

oval:org.secpod.oval:def:22448
This policy setting allows a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. If this user right is assigned, significant degradation of system performance can occur. When configuring a user right in the SCM enter a comma delimited l ...

oval:org.secpod.oval:def:22447
This policy setting determines which users and groups can change the time and date on the internal clock of the computers in your environment. Users who are assigned this user right can affect the appearance of event logs. When a computer's time setting is changed, logged events reflect the new ...

oval:org.secpod.oval:def:22587
This security setting determines which users are prevented from logging on at the computer. This policy setting supersedes the Allow log on locally policy setting if an account is subject to both policies.Important:If you apply this security policy to the Everyone group, no one will be able to log o ...

oval:org.secpod.oval:def:22573
This policy setting allows a user to adjust the maximum amount of memory that is available to a process. The ability to adjust memory quotas is useful for system tuning, but it can be abused. In the wrong hands, it could be used to launch a denial of service (DoS) attack. When configuring a user ri ...

oval:org.secpod.oval:def:22512
This policy setting determines the length of time that must pass before a locked account is unlocked and a user can try to log on again. The setting does this by specifying the number of minutes a locked out account will remain unavailable. If the value for this policy setting is configured to 0, lo ...

oval:org.secpod.oval:def:22543
This policy setting determines the length of time before the Account lockout threshold resets to zero. The default value for this policy setting is Not Defined. If the Account lockout threshold is defined, this reset time must be less than or equal to the value for the Account lockout duration setti ...

oval:org.secpod.oval:def:22558
This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it. You can set passwords to expire after a number of days between 1 and 999, or you can specify that passwords never expire by setting the number of days to 0. If ...

oval:org.secpod.oval:def:22660
This subcategory reports generated by Kerberos ticket request processes on the domain controller that is authoritative for the domain account. Events for this subcategory include: ? 4769: A Kerberos service ticket was requested. ? 4770: A Kerberos service ticket was renewed. ? 4773: A Kerberos servi ...

CPE    1
cpe:/o:microsoft:windows_8.1
CCE    2071
CCE-33166-0
CCE-34569-4
CCE-34885-4
CCE-33625-5
...
*XCCDF
xccdf_org.secpod_benchmark_general_Windows_8_1

© 2013 SecPod Technologies