This policy setting sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines. Prior to Windows Vista, when media containing an autorun command is inserted, the system will automatically execute the program without user intervention. This creates a major security concern as code may be executed without user's knowledge. The default behavior starting with Windows Vista is to prompt the user whether autorun command is to be run. The autorun command is represented as a handler in the Autoplay dialog. If you enable this policy setting, an Administrator can change the default Windows Vista or later behavior for autorun to: a) Completely disable autorun commands, or b) Revert back to pre-Windows Vista behavior of automatically executing the autorun command. If you disable or not configure this policy setting, Windows Vista or later will prompt the user whether autorun command is to be run. Vulnerability: Disabling or not configuring this setting may compromise security as malware may be executed without the user's approval. Counter Measure: Enable this setting. Potential Impact: Autorun commands will not start automatically. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\AutoPlay Policies\Set the default behavior for AutoRun (2) REG: NO INFO