Restrict Unauthenticated RPC clients

Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS)

Microsoft Support Diagnostic Tool

Microsoft Support Diagnostic Tool: Configure execution level

Microsoft Support Diagnostic Tool: Restrict tool download

Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider

Troubleshooting: Allow users to access recommended troubleshooting for known problems

MSI Corrupted File Recovery

Configure MSI Corrupted File Recovery Behavior

Scheduled Maintenance

Configure Scheduled Maintenance Behavior

Scripted Diagnostics

Configure Security Policy for Scripted Diagnostics

Troubleshooting: Allow users to access and run Troubleshooting Wizards

Windows Boot Performance Diagnostics

Windows Memory Leak Diagnosis

Windows Performance PerfTrack

Enable/Disable PerfTrack

Windows Resource Exhaustion Detection and Resolution

Windows Shutdown Performance Diagnostics

Windows Standby/Resume Performance Diagnostics

Windows System Responsiveness Performance Diagnostics

Choose drive encryption method and cipher strength (Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10 [Version 1507])

Diagnostics: Configure scenario execution level

Diagnostics: Configure scenario retention

Trusted Platform Module Services

Configure the level of TPM owner authorization information available to the operating system

Configure the list of blocked TPM commands

Configure the system to clear the TPM if it is not in a ready state.

Configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0.

Ignore the default list of blocked TPM commands

Ignore the local list of blocked TPM commands

Standard User Individual Lockout Threshold

Standard User Lockout Duration

Standard User Total Lockout Threshold

Turn on TPM backup to Active Directory Domain Services

User Profiles

Add the Administrators security group to roaming user profiles

Control slow network connection timeout for user profiles

Delete cached copies of roaming profiles

Delete user profiles older than a specified number of days on system restart

Disable detection of slow network connections

Do not check for user ownership of Roaming Profile Folders

Do not forcefully unload the users registry at user logoff

Do not log users on with temporary profiles

Download roaming profiles on primary computers only

Establish timeout value for dialog boxes

Leave Windows Installer and Group Policy Software Installation Data

Maximum retries to unload and update user profile

Only allow local user profiles

Prevent Roaming Profile changes from propagating to the server

Prompt user when a slow network connection is detected

Set maximum wait time for the network if a user has a roaming user profile or remote home directory

Set roaming profile path for all users logging onto this computer

Set the schedule for background upload of a roaming user profile's registry file while user is logged on

Set user home folder

Turn off the advertising ID

User management of sharing user name, account picture, and domain information with apps (not desktop apps)

Wait for remote user profile

Windows File Protection

Hide the file scan progress window

Limit Windows File Protection cache size

Set Windows File Protection scanning

Specify Windows File Protection cache location

Windows Time Service

Time Providers

Configure Windows NTP Client

Enable Windows NTP Client

Enable Windows NTP Server

Global Configuration Settings

Activate Shutdown Event Tracker System State Data feature

Allow Distributed Link Tracking clients to use domain resources

Display highly detailed status messages

Display Shutdown Event Tracker

Do not automatically encrypt files moved to encrypted folders

Do not display Manage Your Server page at logon

Do not turn off system power after a Windows system shutdown has occurred.

Download missing COM components

Enable Persistent Time Stamp

Remove Boot / Shutdown / Logon / Logoff status messages

Restrict potentially unsafe HTML Help functions to specified folders

Restrict these programs from being launched from Help

Specify settings for optional component installation and component repair

Specify Windows installation file location

Specify Windows Service Pack installation file location

Turn off Data Execution Prevention for HTML Help Executible

Windows Components

ActiveX Installer Service

ActiveX installation policy for sites in Trusted zones

Approved Installation Sites for ActiveX Controls

Add features to Windows 8.1

Prevent the wizard from running.

Application Compatibility

Prevent access to 16-bit applications

Remove Program Compatibility Property Page

Turn off Application Compatibility Engine

Turn off Application Telemetry

Turn off Inventory Collector

Turn off Program Compatibility Assistant

Turn off Steps Recorder

Turn off SwitchBack Compatibility Engine

App Package Deployment

Allow all trusted apps to install

Allow a Windows app to share application data between users

Allow deployment operations in special profiles

Allows development of Windows Store apps and installing them from an integrated development environment (IDE)

Disable installing Windows apps on non-system volumes

Prevent non-admin users from installing packaged Windows apps

Prevent users' app data from being stored on non-system volumes

App Privacy

Let Windows apps access account information

Let Windows apps access an eye tracker device

Let Windows apps access call history

Let Windows apps access contacts

Let Windows apps access diagnostic information about other apps

Let Windows apps access email

Let Windows apps access location

Let Windows apps access messaging

Let Windows apps access motion

Let Windows apps access notifications

Let Windows apps access Tasks

Let Windows apps access the calendar

Let Windows apps access the camera

Let Windows apps access the microphone

Let Windows apps access trusted devices

Let Windows apps access user movements while running in the background

Let Windows apps activate with voice

Let Windows apps activate with voice while the system is locked

Let Windows apps communicate with unpaired devices

Let Windows apps control radios

Let Windows apps make phone calls

Let Windows apps run in the background

App runtime

Allow Microsoft accounts to be optional

Block launching desktop apps associated with a file.

Block launching desktop apps associated with a URI scheme

Block launching Universal Windows apps with Windows Runtime API access from hosted content.

Turn on dynamic Content URI Rules for Windows store apps

AutoPlay Policies

Default behavior for AutoRun

Don't set the always do this checkbox

Turn off Autoplay for non-volume devices

Turn off Autoplay

Backup

Client

Prevent backing up to local disks

Prevent backing up to network location

Prevent backing up to optical media (CD/DVD)

Prevent the user from running the Backup Status and Configuration program

Turn off restore functionality

Turn off the ability to back up data files

Turn off the ability to create a system image

Server

Allow only system backup

Disallow locally attached storage as backup target

Disallow network as backup target

Disallow optical media as backup target

Disallow run-once backups

Allow domain users to log on using biometrics

Allow the use of biometrics

Allow users to log on using biometrics

Specify timeout for fast user switching events

BitLocker Drive Encryption

Fixed Data Drives

Allow access to BitLocker-protected fixed data drives from earlier versions of Windows

Choose how BitLocker-protected fixed drives can be recovered

Configure use of hardware-based encryption for fixed data drives

Configure use of passwords for fixed data drives

Configure use of smart cards on fixed data drives

Deny write access to fixed drives not protected by BitLocker

Enforce drive encryption type on fixed data drives

Operating System Drives

Allow devices compliant with InstantGo or HSTI to opt out of pre-boot PIN.

Allow enhanced PINs for startup

Allow network unlock at startup

Allow Secure Boot for integrity validation

Choose how BitLocker-protected operating system drives can be recovered

Configure minimum PIN length for startup

Configure pre-boot recovery message and URL

Configure TPM platform validation profile (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2)

Configure TPM platform validation profile for BIOS-based firmware configurations

Configure TPM platform validation profile for native UEFI firmware configurations

Configure use of hardware-based encryption for operating system drives

Configure use of passwords for operating system drives

Disallow standard users from changing the PIN or password

Enable use of BitLocker authentication requiring preboot keyboard input on slates

Enforce drive encryption type on operating system drives

Require additional authentication at startup (Windows Server 2008 and Windows Vista)

Require additional authentication at startup

Reset platform validation data after BitLocker recovery

Use enhanced Boot Configuration Data validation profile

Removable Data Drives

Allow access to BitLocker-protected removable data drives from earlier versions of Windows

Choose how BitLocker-protected removable drives can be recovered

Configure use of hardware-based encryption for removable data drives

Configure use of passwords for removable data drives

Configure use of smart cards on removable data drives

Control use of BitLocker on removable drives

Deny write access to removable drives not protected by BitLocker

Enforce drive encryption type on removable data drives

Choose default folder for recovery password

Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)

Choose drive encryption method and cipher strength (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2)

Choose how users can recover BitLocker-protected drives (Windows Server 2008 and Windows Vista)

Disable new DMA devices when this computer is locked

Prevent memory overwrite on restart

Provide the unique identifiers for your organization

Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista)

Validate smart card certificate usage rule compliance

Camera

Allow Use of Camera

Cloud Content

Do not show Windows tips

Turn off cloud optimized content

Turn off Microsoft consumer experiences

Connect

Don't allow this PC to be projected to

Require pin for pairing

Credential User Interface

Do not display the password reveal button

Enumerate administrator accounts on elevation

Prevent the use of security questions for local accounts

Require trusted path for credential entry

Data Collection and Preview Builds

Allow commercial data pipeline

Allow Desktop Analytics Processing

Allow device name to be sent in Windows diagnostic data

Allow Telemetry

Allow Update Compliance Processing

Allow WUfB Cloud Processing

Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service

Configure collection of browsing data for Desktop Analytics

Configure Connected User Experiences and Telemetry

Configure diagnostic data upload endpoint for Desktop Analytics

Configure telemetry opt-in change notifications.

Configure telemetry opt-in setting user interface.

Configure the Commercial ID

Disable deleting diagnostic data

Disable diagnostic data viewer.

Disable OneSettings Downloads

Disable pre-release features or settings

Do not show feedback notifications

Enable OneSettings Auditing

Limit Enhanced diagnostic data to the minimum required by Windows Analytics

Toggle user control over Insider builds

Delivery Optimization

Absolute Max Cache Size (in GB)

Allow uploads while the device is on battery while under set Battery level (percentage)

Cache Server Hostname

Cache Server Hostname Source

Delay Background download Cache Server fallback (in seconds)

Delay background download from http (in secs)

Delay Foreground download Cache Server fallback (in seconds)

Delay Foreground download from http (in secs)

Download Mode

Enable Peer Caching while the device connects via VPN

Group ID

Max Cache Age (in seconds)

Max Cache Size (percentage)

Maximum Background Download Bandwidth (in KB/s)

Maximum Background Download Bandwidth (percentage)

Maximum Download Bandwidth (in KB/s)

Maximum Download Bandwidth (percentage)

Maximum Foreground Download Bandwidth (in KB/s)

Maximum Foreground Download Bandwidth (percentage)

Max Upload Bandwidth (in KB/s)

Minimum Background QoS (in KB/s)

Minimum disk size allowed to use Peer Caching (in GB)

Minimum Peer Caching Content File Size (in MB)

Minimum RAM capacity (inclusive) required to enable use of Peer Caching (in GB)

Modify Cache Drive

Monthly Upload Data Cap (in GB)

Select a method to restrict Peer Selection

Select the source of Group IDs

Set Business Hours to Limit Background Download Bandwidth

Set Business Hours to Limit Foreground Download Bandwidth

Restrict unpacking and installation of gadgets that are not digitally signed.

Turn off desktop gadgets

Turn Off user-installed desktop gadgets

Desktop Window Manager

Window Frame Coloring

Do not allow color changes

Specify a default color

Do not allow Flip3D invocation

Do not allow window animations

Use solid color for Start background

Device and Driver Compatibility

Device compatibility settings

Driver compatibility settings

Device Registration

Digital Locker

Do not allow Digital Locker to run

Edge UI

Allow edge swipe

Disable help tips

Event Forwarding

Configure the server address, refresh interval, and issuer certificate authority of a target Subscription Manager

ForwarderResourceUsage

Event Logging

Enable Protected Event Logging

Event Log Service

Application

Configure log access

Control Event Log behavior when the log file reaches its maximum size

Security

Configure log access

Control Event Log behavior when the log file reaches its maximum size

Setup

Configure log access

Control Event Log behavior when the log file reaches its maximum size

Turn on logging

System

Configure log access

Control Event Log behavior when the log file reaches its maximum size

Hide previous versions list for local files

Hide previous versions list for remote files

Hide previous versions of files on backup location

Prevent restoring local previous versions

Prevent restoring previous versions from backups

Prevent restoring remote previous versions

Allow the use of remote paths in file shortcut icons

Disable binding directly to IPropertySetStorage without intermediate layers.

Do not reinitialize a pre-existing roamed user profile when it is loaded on a machine for the first time

Do not show the 'new application installed' notification

Location where all default Library definition files for users/machines reside.

Set a default associations configuration file

Set a support web page link

Show hibernate in the power options menu

Show lock in the user tile menu

Show sleep in the power options menu

Start File Explorer with ribbon minimized

Turn off Data Execution Prevention for Explorer

Turn off heap termination on corruption

Turn off numerical sorting in File Explorer

Turn off shell protocol protected mode

Verify old and new Folder Redirection targets point to the same share before redirecting

File History

Turn off File History

Find My Device

Turn On/Off Find My Device

Game Explorer

Turn off downloading of game information

Turn off game updates

Turn off tracking of last play time of games in the Games folder

Handwriting

Handwriting Panel Default Mode Docked

HomeGroup

Prevent the computer from joining a homegroup

Internet Explorer

Accelerators

Add default Accelerators

Add non-default Accelerators

Restrict Accelerators to those deployed through Group Policy

Turn off Accelerators

Application Compatibility

Clipboard access

Bypass prompting for Clipboard access for scripts running in any process

Bypass prompting for Clipboard access for scripts running in the Internet Explorer process

Define applications and processes that can access the Clipboard without prompting

Turn off Print Menu

Turn off the ability to launch report site problems using a menu option

Compatibility View

Include updated website lists from Microsoft

Turn off Compatibility View button

Turn off Compatibility View

Turn on Internet Explorer 7 Standards Mode

Turn on Internet Explorer Standards Mode for local intranet

Use Policy List of Internet Explorer 7 sites

Use Policy List of Quirks Mode sites

Corporate Settings

Code Download

Prevent specifying the code download path for each computer

Allow deleting browsing history on exit

Disable "Configuring History"

Prevent access to Delete Browsing History

Prevent deleting ActiveX Filtering, Tracking Protection, and Do Not Track data

Prevent deleting cookies

Prevent deleting download history

Prevent deleting favorites site data

Prevent deleting form data

Prevent deleting InPrivate Filtering data

Prevent deleting passwords

Prevent deleting temporary Internet files

Prevent deleting websites that the user has visited

Prevent the deletion of temporary Internet files and cookies

Internet Control Panel

Advanced Page

Allow active content from CDs to run on user machines

Allow Install On Demand (except Internet Explorer)

Allow Install On Demand (Internet Explorer)

Allow Internet Explorer to use the HTTP2 network protocol

Allow Internet Explorer to use the SPDY/3 network protocol

Allow software to run or install even if the signature is invalid

Allow third-party browser extensions

Always send Do Not Track header

Automatically check for Internet Explorer updates

Check for server certificate revocation

Check for signatures on downloaded programs

Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled

Do not allow resetting Internet Explorer settings

Do not save encrypted pages to disk

Empty Temporary Internet Files folder when browser is closed

Play animations in web pages

Play sounds in web pages

Play videos in web pages

Turn off ClearType

Turn off encryption support

Turn off loading websites and content in the background to optimize performance

Turn off Profile Assistant

Turn off sending UTF-8 query strings for URLs

Turn off the flip ahead with page prediction feature

Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows

Turn on Caret Browsing support

Turn on Enhanced Protected Mode

Use HTTP 1.1 through proxy connections

Use HTTP 1.1

Content Page

Show Content Advisor on Internet Options

General Page

Browsing History

Allow websites to store application caches on client computers

Allow websites to store indexed databases on client computers

Set application caches expiration time limit for individual domains

Set application cache storage limits for individual domains

Set default storage limits for websites

Set indexed database storage limits for individual domains

Set maximum application cache individual resource size

Set maximum application cache resource list size

Set maximum application caches storage limit for all domains

Set maximum indexed database storage limit for all domains

Start Internet Explorer with tabs from last browsing session

Security Page

Internet Zone

Allow active content over restricted protocols to access my computer

Allow active scripting

Allow cut, copy or paste operations from the clipboard via script

Allow file downloads

Allow font downloads

Allow loading of XPS files

Allow META REFRESH

Allow only approved domains to use ActiveX controls without prompt

Allow only approved domains to use the TDC ActiveX control

Allow previewing and custom thumbnails of OpenSearch query results in File Explorer

Allow script-initiated windows without size or position constraints

Allow scripting of Internet Explorer WebBrowser controls

Allow scriptlets

Allow video and animation on a webpage that uses an older media player

Allow websites to open windows without status bar or Address bar

Allow websites to prompt for information by using scripted windows

Display mixed content

Don't run antimalware programs against ActiveX controls

Do not prompt for client certificate selection when no certificates or only one certificate exists.

Enable dragging of content from different domains across windows

Enable dragging of content from different domains within a window

Enable MIME Sniffing

Include local path when user is uploading files to a server

Initialize and script ActiveX controls not marked as safe

Java permissions

Logon options

Navigate windows and frames across different domains

Render legacy filters

Run .NET Framework-reliant components not signed with Authenticode

Run .NET Framework-reliant components signed with Authenticode

Scripting of Java applets

Turn off first-run prompt

Turn on Protected Mode

Use Pop-up Blocker

Userdata persistence

Web sites in less privileged Web content zones can navigate into this zone

Intranet Zone

Allow active content over restricted protocols to access my computer

Allow active scripting

Allow cut, copy or paste operations from the clipboard via script

Allow file downloads

Allow font downloads

Allow loading of XPS files

Allow META REFRESH

Allow only approved domains to use ActiveX controls without prompt

Allow only approved domains to use the TDC ActiveX control

Allow previewing and custom thumbnails of OpenSearch query results in File Explorer

Allow script-initiated windows without size or position constraints

Allow scripting of Internet Explorer WebBrowser controls

Allow scriptlets

Allow video and animation on a webpage that uses an older media player

Allow websites to open windows without status bar or Address bar

Allow websites to prompt for information by using scripted windows

Display mixed content

Don't run antimalware programs against ActiveX controls

Do not prompt for client certificate selection when no certificates or only one certificate exists.

Enable dragging of content from different domains across windows

Enable dragging of content from different domains within a window

Enable MIME Sniffing

Include local path when user is uploading files to a server

Initialize and script ActiveX controls not marked as safe

Java permissions

Logon options

Navigate windows and frames across different domains

Render legacy filters

Run .NET Framework-reliant components not signed with Authenticode

Run .NET Framework-reliant components signed with Authenticode

Scripting of Java applets

Turn off first-run prompt

Turn on Protected Mode

Use Pop-up Blocker

Userdata persistence

Web sites in less privileged Web content zones can navigate into this zone

Local Machine Zone

Allow active content over restricted protocols to access my computer

Allow active scripting

Allow cut, copy or paste operations from the clipboard via script

Allow file downloads

Allow font downloads

Allow loading of XPS files

Allow META REFRESH

Allow only approved domains to use ActiveX controls without prompt

Allow only approved domains to use the TDC ActiveX control

Allow previewing and custom thumbnails of OpenSearch query results in File Explorer

Allow script-initiated windows without size or position constraints

Allow scripting of Internet Explorer WebBrowser controls

Allow scriptlets

Allow video and animation on a webpage that uses an older media player

Allow websites to open windows without status bar or Address bar

Allow websites to prompt for information by using scripted windows

Display mixed content

Don't run antimalware programs against ActiveX controls

Do not prompt for client certificate selection when no certificates or only one certificate exists.

Enable dragging of content from different domains across windows

Enable dragging of content from different domains within a window

Enable MIME Sniffing

Include local path when user is uploading files to a server

Initialize and script ActiveX controls not marked as safe

Java permissions

Logon options

Navigate windows and frames across different domains

Render legacy filters

Run .NET Framework-reliant components not signed with Authenticode

Run .NET Framework-reliant components signed with Authenticode

Scripting of Java applets

Turn off first-run prompt

Turn on Protected Mode

Use Pop-up Blocker

Userdata persistence

Web sites in less privileged Web content zones can navigate into this zone

Locked-Down Internet Zone

Allow active scripting

Allow cut, copy or paste operations from the clipboard via script

Allow file downloads

Allow font downloads

Allow loading of XPS files

Allow META REFRESH

Allow only approved domains to use ActiveX controls without prompt

Allow only approved domains to use the TDC ActiveX control

Allow previewing and custom thumbnails of OpenSearch query results in File Explorer

Allow script-initiated windows without size or position constraints

Allow scripting of Internet Explorer WebBrowser controls

Allow scriptlets

Allow video and animation on a webpage that uses an older media player

Allow websites to open windows without status bar or Address bar

Allow websites to prompt for information by using scripted windows

Display mixed content

Don't run antimalware programs against ActiveX controls

Do not prompt for client certificate selection when no certificates or only one certificate exists.

Enable dragging of content from different domains across windows

Enable dragging of content from different domains within a window

Enable MIME Sniffing

Include local path when user is uploading files to a server

Initialize and script ActiveX controls not marked as safe

Java permissions

Logon options

Navigate windows and frames across different domains

Render legacy filters

Run .NET Framework-reliant components not signed with Authenticode

Run .NET Framework-reliant components signed with Authenticode

Scripting of Java applets

Turn off first-run prompt

Turn on Protected Mode

Use Pop-up Blocker

Userdata persistence

Web sites in less privileged Web content zones can navigate into this zone

Locked-Down Intranet Zone

Allow active scripting

Allow cut, copy or paste operations from the clipboard via script

Allow file downloads

Allow font downloads

Allow loading of XPS files

Allow META REFRESH

Allow only approved domains to use ActiveX controls without prompt

Allow only approved domains to use the TDC ActiveX control

Allow previewing and custom thumbnails of OpenSearch query results in File Explorer

Allow script-initiated windows without size or position constraints

Allow scripting of Internet Explorer WebBrowser controls

Allow scriptlets

Allow video and animation on a webpage that uses an older media player

Allow websites to open windows without status bar or Address bar

Allow websites to prompt for information by using scripted windows

Display mixed content

Don't run antimalware programs against ActiveX controls

Do not prompt for client certificate selection when no certificates or only one certificate exists.

Enable dragging of content from different domains across windows

Enable dragging of content from different domains within a window

Enable MIME Sniffing

Include local path when user is uploading files to a server

Initialize and script ActiveX controls not marked as safe

Java permissions

Logon options

Navigate windows and frames across different domains

Render legacy filters

Run .NET Framework-reliant components not signed with Authenticode

Run .NET Framework-reliant components signed with Authenticode

Scripting of Java applets

Turn off first-run prompt

Turn on Protected Mode

Use Pop-up Blocker

Userdata persistence

Web sites in less privileged Web content zones can navigate into this zone

Locked-Down Local Machine Zone

Allow active scripting

Allow cut, copy or paste operations from the clipboard via script

Allow file downloads

Allow font downloads

Allow loading of XPS files

Allow META REFRESH

Allow only approved domains to use ActiveX controls without prompt

Allow only approved domains to use the TDC ActiveX control

Allow previewing and custom thumbnails of OpenSearch query results in File Explorer

Allow script-initiated windows without size or position constraints

Allow scripting of Internet Explorer WebBrowser controls

Allow scriptlets

Allow video and animation on a webpage that uses an older media player

Allow websites to open windows without status bar or Address bar

Allow websites to prompt for information by using scripted windows

Display mixed content

Don't run antimalware programs against ActiveX controls

Do not prompt for client certificate selection when no certificates or only one certificate exists.

Enable dragging of content from different domains across windows

Enable dragging of content from different domains within a window

Enable MIME Sniffing

Include local path when user is uploading files to a server

Initialize and script ActiveX controls not marked as safe

Java permissions

Logon options

Navigate windows and frames across different domains

Render legacy filters

Run .NET Framework-reliant components not signed with Authenticode

Run .NET Framework-reliant components signed with Authenticode

Scripting of Java applets

Turn off first-run prompt

Turn on Protected Mode

Use Pop-up Blocker

Userdata persistence

Web sites in less privileged Web content zones can navigate into this zone

Locked-Down Restricted Sites Zone

Allow active scripting

Allow cut, copy or paste operations from the clipboard via script

Allow file downloads

Allow font downloads

Allow loading of XPS files

Allow META REFRESH

Allow only approved domains to use ActiveX controls without prompt

Allow only approved domains to use the TDC ActiveX control

Allow previewing and custom thumbnails of OpenSearch query results in File Explorer

Allow script-initiated windows without size or position constraints

Allow scripting of Internet Explorer WebBrowser controls

Allow scriptlets

Allow video and animation on a webpage that uses an older media player

Allow websites to open windows without status bar or Address bar

Allow websites to prompt for information by using scripted windows

Display mixed content

Don't run antimalware programs against ActiveX controls

Do not prompt for client certificate selection when no certificates or only one certificate exists.

Enable dragging of content from different domains across windows

Enable dragging of content from different domains within a window

Enable MIME Sniffing

Include local path when user is uploading files to a server

Initialize and script ActiveX controls not marked as safe

Java permissions

Logon options

Navigate windows and frames across different domains

Render legacy filters

Run .NET Framework-reliant components not signed with Authenticode

Run .NET Framework-reliant components signed with Authenticode

Scripting of Java applets

Turn off first-run prompt

Turn on Protected Mode

Use Pop-up Blocker

Userdata persistence

Web sites in less privileged Web content zones can navigate into this zone

Locked-Down Trusted Sites Zone

Allow active scripting

Allow cut, copy or paste operations from the clipboard via script

Allow file downloads

Allow font downloads

Allow loading of XPS files

Allow META REFRESH

Allow only approved domains to use ActiveX controls without prompt

Allow only approved domains to use the TDC ActiveX control

Allow previewing and custom thumbnails of OpenSearch query results in File Explorer

Allow script-initiated windows without size or position constraints

Allow scripting of Internet Explorer WebBrowser controls

Allow scriptlets

Allow video and animation on a webpage that uses an older media player

Allow websites to open windows without status bar or Address bar

Allow websites to prompt for information by using scripted windows

Display mixed content

Don't run antimalware programs against ActiveX controls

Do not prompt for client certificate selection when no certificates or only one certificate exists.

Enable dragging of content from different domains across windows

Enable dragging of content from different domains within a window

Enable MIME Sniffing

Include local path when user is uploading files to a server

Initialize and script ActiveX controls not marked as safe

Java permissions

Logon options

Navigate windows and frames across different domains

Render legacy filters

Run .NET Framework-reliant components not signed with Authenticode

Run .NET Framework-reliant components signed with Authenticode

Scripting of Java applets

Turn off first-run prompt

Turn on Protected Mode

Use Pop-up Blocker

Userdata persistence

Web sites in less privileged Web content zones can navigate into this zone

Restricted Sites Zone

Access data sources across domains

Allow active content over restricted protocols to access my computer

Allow active scripting

Allow cut, copy or paste operations from the clipboard via script

Allow file downloads

Allow font downloads

Allow loading of XPS files

Allow META REFRESH

Allow only approved domains to use ActiveX controls without prompt

Allow only approved domains to use the TDC ActiveX control

Allow previewing and custom thumbnails of OpenSearch query results in File Explorer

Allow script-initiated windows without size or position constraints

Allow scripting of Internet Explorer WebBrowser controls

Allow scriptlets

Allow video and animation on a webpage that uses an older media player

Allow websites to open windows without status bar or Address bar

Allow websites to prompt for information by using scripted windows

Display mixed content

Don't run antimalware programs against ActiveX controls

Do not prompt for client certificate selection when no certificates or only one certificate exists.

Enable dragging of content from different domains across windows

Enable dragging of content from different domains within a window

Enable MIME Sniffing

Include local path when user is uploading files to a server

Initialize and script ActiveX controls not marked as safe

Java permissions

Logon options

Navigate windows and frames across different domains

Render legacy filters

Run .NET Framework-reliant components not signed with Authenticode

Run .NET Framework-reliant components signed with Authenticode

Scripting of Java applets

Turn off first-run prompt

Turn on Protected Mode

Use Pop-up Blocker

Userdata persistence

Web sites in less privileged Web content zones can navigate into this zone

Trusted Sites Zone

Allow active content over restricted protocols to access my computer

Allow active scripting

Allow cut, copy or paste operations from the clipboard via script

Allow file downloads

Allow font downloads

Allow loading of XPS files

Allow META REFRESH

Allow only approved domains to use ActiveX controls without prompt

Allow only approved domains to use the TDC ActiveX control

Allow previewing and custom thumbnails of OpenSearch query results in File Explorer

Allow script-initiated windows without size or position constraints

Allow scripting of Internet Explorer WebBrowser controls

Allow scriptlets

Allow video and animation on a webpage that uses an older media player

Allow websites to open windows without status bar or Address bar

Allow websites to prompt for information by using scripted windows

Display mixed content

Don't run antimalware programs against ActiveX controls

Do not prompt for client certificate selection when no certificates or only one certificate exists.

Enable dragging of content from different domains across windows

Enable dragging of content from different domains within a window

Enable MIME Sniffing

Include local path when user is uploading files to a server

Initialize and script ActiveX controls not marked as safe

Java permissions

Logon options

Navigate windows and frames across different domains

Render legacy filters

Run .NET Framework-reliant components not signed with Authenticode

Run .NET Framework-reliant components signed with Authenticode

Scripting of Java applets

Turn off first-run prompt

Turn on Protected Mode

Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects

Use Pop-up Blocker

Userdata persistence

Web sites in less privileged Web content zones can navigate into this zone

Internet Zone Template

Intranet Sites: Include all local (intranet) sites not listed in other zones

Intranet Sites: Include all network paths (UNCs)

Intranet Sites: Include all sites that bypass the proxy server

Intranet Zone Template

Local Machine Zone Template

Locked-Down Internet Zone Template

Locked-Down Intranet Zone Template

Locked-Down Local Machine Zone Template

Locked-Down Restricted Sites Zone Template

Locked-Down Trusted Sites Zone Template

Restricted Sites Zone Template

Site to Zone Assignment List

Trusted Sites Zone Template

Turn on automatic detection of intranet

Turn on certificate address mismatch warning

Turn on Notification bar notification for intranet content

Disable the Advanced page

Disable the Connections page

Disable the Content page

Disable the General page

Disable the Privacy page

Disable the Programs page

Disable the Security page

Prevent ignoring certificate errors

Send internationalized domain names

Use UTF-8 for mailto links

Internet Settings

Advanced settings

Browsing

Go to an intranet site for a one-word entry in the Address bar

Turn off phone number detection

Multimedia

Allow Internet Explorer to play media files that use alternative codecs

Searching

Prevent configuration of search on Address bar

Prevent configuration of top-result search on Address bar

Help Menu > About Internet Explorer

Prevent specifying cipher strength update information URLs

Periodic check for updates to Internet Explorer and Internet Tools

Prevent changing the URL for checking updates to Internet Explorer and Internet Tools

Prevent specifying the update check interval (in days)

Establish InPrivate Filtering threshold

Establish Tracking Protection threshold

Prevent the computer from loading toolbars and Browser Helper Objects when InPrivate Browsing starts

Turn off collection of InPrivate Filtering data

Turn off InPrivate Browsing

Turn off InPrivate Filtering

Turn off Tracking Protection

Security Features

Add-on Management

Add-on List

All Processes

Deny all add-ons unless specifically allowed in the Add-on List

Process List

Remove "Run this time" button for outdated ActiveX controls in Internet Explorer

Turn off blocking of outdated ActiveX controls for Internet Explorer

Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains

Turn on ActiveX control logging in Internet Explorer

Allow native XMLHTTP support

Change the maximum number of connections per host (HTTP 1.1)

Maximum number of connections per server (HTTP 1.0)

Set the maximum number of WebSocket connections per server

Turn off cross-document messaging

Turn off the WebSocket Object

Turn off the XDomainRequest object

Binary Behavior Security Restriction

Admin-approved behaviors

All Processes

Install binaries signed by MD2 and MD4 signing technologies

Process List

Consistent Mime Handling

All Processes

Process List

Local Machine Zone Lockdown Security

All Processes

Process List

Mime Sniffing Safety Feature

All Processes

Process List

MK Protocol Security Restriction

All Processes

Process List

Network Protocol Lockdown

Restricted Protocols Per Security Zone

Internet Zone Restricted Protocols

Intranet Zone Restricted Protocols

Local Machine Zone Restricted Protocols

Restricted Sites Zone Restricted Protocols

Trusted Sites Zone Restricted Protocols

All Processes

Process List

Notification bar

All Processes

Process List

Object Caching Protection

All Processes

Process List

Protection From Zone Elevation

All Processes

Process List

Restrict ActiveX Install

All Processes

Process List

Restrict File Download

All Processes

Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed

Process List

Scripted Window Security Restrictions

All Processes

Internet Explorer Processes

Process List

Allow fallback to SSL 3.0 (Internet Explorer)

Do not display the reveal password button

Turn off Data Execution Prevention

Turn off Data URI support

Customize command labels

Display tabs on a separate row

Hide the Command bar

Hide the status bar

Lock all toolbars

Lock location of Stop and Refresh buttons

Turn off Developer Tools

Turn off toolbar upgrade tool

Use large icons for command buttons

Add a specific list of search providers to the user's list of search providers

Allow "Save Target As" in Internet Explorer mode

Allow Internet Explorer 8 shutdown behavior

Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar

Automatically activate newly installed add-ons

Configure which channel of Microsoft Edge to use for opening redirected sites

Customize user agent string

Disable Automatic Install of Internet Explorer components

Disable changing Automatic Configuration settings

Disable changing connection settings

Disable changing secondary home page settings

Disable Import/Export Settings wizard

Disable Internet Explorer 11 as a standalone browser

Disable Periodic Check for Internet Explorer software updates

Disable showing the splash screen

Disable software update shell notifications on program launch

Do not allow users to enable or disable add-ons

Enable extended hot keys in Internet Explorer mode

Enable global window list in Internet Explorer mode

Enforce full-screen mode

Hide Internet Explorer 11 retirement notification

Install new versions of Internet Explorer automatically

Keep all intranet sites in Internet Explorer

Let users turn on and use Enterprise Mode from the Tools menu

Limit Site Discovery output by Domain

Limit Site Discovery output by Zone

Make proxy settings per-machine (rather than per-user)

Pop-up allow list

Prevent "Fix settings" functionality

Prevent access to Internet Explorer Help

Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet

Prevent bypassing SmartScreen Filter warnings

Prevent changing pop-up filter level

Prevent changing proxy settings

Prevent changing the default search provider

Prevent configuration of how windows open

Prevent configuration of new tab creation

Prevent Internet Explorer Search box from appearing

Prevent managing pop-up exception list

Prevent managing SmartScreen Filter

Prevent managing the phishing filter

Prevent participation in the Customer Experience Improvement Program

Prevent per-user installation of ActiveX controls

Prevent running First Run wizard

Reset zoom to default for HTML dialogs in Internet Explorer mode

Restrict search providers to a specific list

Security Zones: Do not allow users to add/delete sites

Security Zones: Do not allow users to change policies

Security Zones: Use only machine settings

Send all sites not included in the Enterprise Mode Site List to Microsoft Edge.

Set tab process growth

Show message when opening sites in Microsoft Edge using Enterprise Mode

Specify default behavior for a new tab

Specify use of ActiveX Installer Service for installation of ActiveX controls

Turn off ability to pin sites in Internet Explorer on the desktop

Turn off ActiveX Opt-In prompt

Turn off add-on performance notifications

Turn off Automatic Crash Recovery

Turn off browser geolocation

Turn off configuration of pop-up windows in tabbed browsing

Turn off Crash Detection

Turn off Favorites bar

Turn off Managing SmartScreen Filter for Internet Explorer 8

Turn off page-zooming functionality

Turn off pop-up management

Turn off Quick Tabs functionality

Turn off Reopen Last Browsing Session

Turn off suggestions for all user-installed providers

Turn off tabbed browsing

Turn off the auto-complete feature for web addresses

Turn off the quick pick menu

Turn off the Security Settings Check feature

Turn on ActiveX Filtering

Turn on compatibility logging

Turn on menu bar by default

Turn on Site Discovery WMI output

Turn on Site Discovery XML output

Turn on Suggested Sites

Use the Enterprise Mode IE website list

Internet Information Services

Prevent IIS installation

Location and Sensors

Windows Location Provider

Turn off Windows Location Provider

Turn off location

Turn off location scripting

Turn off sensors

Maintenance Scheduler

Automatic Maintenance Activation Boundary

Automatic Maintenance Random Delay

Automatic Maintenance WakeUp Policy

Turn off Automatic Download and Update of Map Data

Turn off unsolicited network traffic on the Offline Maps settings page

Disable MDM Enrollment

Enable automatic MDM enrollment using default Azure AD credentials

Messaging

Allow Message Service Cloud Sync

Microsoft account

Block all consumer Microsoft account user authentication

Microsoft Defender Antivirus

Client Interface

Display additional text to clients when they need to perform an action

Enable headless UI mode

Suppress all notifications

Suppresses reboot notifications

Device Control

Define device control policy groups

Define device control policy rules

Exclusions

Extension Exclusions

Path Exclusions

Process Exclusions

Turn off Auto Exclusions

Configure local setting override for reporting to Microsoft MAPS

Configure the 'Block at First Sight' feature

Join Microsoft MAPS

Send file samples when further analysis is required

Microsoft Defender Exploit Guard

Attack Surface Reduction

Configure Attack Surface Reduction rules

Exclude files and paths from Attack Surface Reduction Rules

Controlled Folder Access

Configure allowed applications

Configure Controlled folder access

Configure protected folders

Network Protection

Prevent users and apps from accessing dangerous websites

Configure extended cloud check

Enable file hash computation feature

Select cloud protection level

Network Inspection System

Exclusions

IP address range Exclusions

Port number Exclusions

Process Exclusions for outbound traffic

Threat ID Exclusions

Define the rate of detection events for logging

Specify additional definition sets for network traffic inspection

Turn on definition retirement

Turn on protocol recognition

Quarantine

Configure local setting override for the removal of items from Quarantine folder

Configure removal of items from Quarantine folder

Real-time Protection

Configure local setting override for monitoring file and program activity on your computer

Configure local setting override for monitoring for incoming and outgoing file activity

Configure local setting override for scanning all downloaded files and attachments

Configure local setting override for turn on behavior monitoring

Configure local setting override to turn off Intrusion Prevention System

Configure local setting override to turn on real-time protection

Configure monitoring for incoming and outgoing file and program activity

Define the maximum size of downloaded files and attachments to be scanned

Monitor file and program activity on your computer

Scan all downloaded files and attachments

Turn off real-time protection

Turn on behavior monitoring

Turn on Information Protection Control

Turn on network protection against exploits of known vulnerabilities

Turn on process scanning whenever real-time protection is enabled

Turn on raw volume write notifications

Remediation

Configure local setting override for the time of day to run a scheduled full scan to complete remediation

Specify the day of the week to run a scheduled full scan to complete remediation

Specify the time of day to run a scheduled full scan to complete remediation

Reporting

Configure time out for detections in critically failed state

Configure time out for detections in non-critical failed state

Configure time out for detections in recently remediated state

Configure time out for detections requiring additional action

Configure Watson events

Configure Windows software trace preprocessor components

Configure WPP tracing level

Turn off enhanced notifications

Allow users to pause scan

Check for the latest virus and spyware security intelligence before running a scheduled scan

Configure local setting override for maximum percentage of CPU utilization

Configure local setting override for scheduled quick scan time

Configure local setting override for scheduled scan time

Configure local setting override for schedule scan day

Configure local setting override for the scan type to use for a scheduled scan

Configure low CPU priority for scheduled scans

Create a system restore point

Define the number of days after which a catch-up scan is forced

Run full scan on mapped network drives

Scan archive files

Scan network files

Scan packed executables

Scan removable drives

Specify the day of the week to run a scheduled scan

Specify the interval to run quick scans per day

Specify the maximum depth to scan archive files

Specify the maximum percentage of CPU utilization during a scan

Specify the maximum size of archive files to be scanned

Specify the scan type to use for a scheduled scan

Specify the time for a daily quick scan

Specify the time of day to run a scheduled scan

Start the scheduled scan only when computer is on but not in use

Turn on catch-up full scan

Turn on catch-up quick scan

Turn on e-mail scanning

Turn on heuristics

Turn on removal of items from scan history folder

Turn on reparse point scanning

Security Intelligence Updates

Allow notifications to disable security intelligence based reports to Microsoft MAPS

Allow real-time security intelligence updates based on reports to Microsoft MAPS

Allow security intelligence updates from Microsoft Update

Allow security intelligence updates when running on battery power

Check for the latest virus and spyware security intelligence on startup

Define file shares for downloading security intelligence updates

Define security intelligence location for VDI clients.

Define the number of days after which a catch-up security intelligence update is required

Define the number of days before spyware security intelligence is considered out of date

Define the number of days before virus security intelligence is considered out of date

Define the order of sources for downloading security intelligence updates

Initiate security intelligence update on startup

Specify the day of the week to check for security intelligence updates

Specify the interval to check for security intelligence updates

Specify the time to check for security intelligence updates

Turn on scan after security intelligence update

Threats

Specify threat alert levels at which default action should not be taken when detected

Specify threats upon which default action should not be taken when detected

Allow antimalware service to remain running always

Allow antimalware service to startup with normal priority

Configure detection for potentially unwanted applications

Configure local administrator merge behavior for lists

Define addresses to bypass proxy server

Define proxy auto-config (.pac) for connecting to the network

Define proxy server for connecting to the network

Randomize scheduled task times

Turn off Microsoft Defender Antivirus

Turn off routine remediation

Microsoft Defender Application Guard

Allow auditing events in Microsoft Defender Application Guard

Allow camera and microphone access in Microsoft Defender Application Guard

Allow data persistence for Microsoft Defender Application Guard

Allow files to download and save to the host operating system from Microsoft Defender Application Guard

Allow hardware-accelerated rendering for Microsoft Defender Application Guard

Allow Microsoft Defender Application Guard to use Root Certificate Authorities from the user's device

Allow users to trust files that open in Windows Defender Application Guard

Configure additional sources for untrusted files in Windows Defender Application Guard.

Configure Microsoft Defender Application Guard clipboard settings

Configure Microsoft Defender Application Guard print settings

Prevent enterprise websites from loading non-enterprise content in Microsoft Edge and Internet Explorer

Turn on Microsoft Defender Application Guard in Managed Mode

Microsoft Defender Exploit Guard

Exploit Protection

Use a common set of exploit protection settings

Allow a shared Books folder

Allow clearing browsing data on exit

Allow configuration updates for the Books Library

Allow Developer Tools

Allow extended telemetry for the Books tab

Allow Extensions

Allow FullScreen Mode

Allow InPrivate browsing

Allow Microsoft Compatibility List

Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed

Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed

Allow printing

Allow Saving History

Allow search engine customization

Allow Sideloading of extension

Allow web content on New Tab page

Always show the Books Library in Microsoft Edge

Configure additional search engines

Configure Autofill

Configure cookies

Configure Do Not Track

Configure Favorites Bar

Configure Favorites

Configure Home Button

Configure kiosk mode

Configure kiosk reset after idle timeout

Configure Open Microsoft Edge With

Configure Password Manager

Configure Pop-up Blocker

Configure search suggestions in Address bar

Configure Start pages

Configure the Adobe Flash Click-to-Run setting

Configure the Enterprise Mode Site List

Configure Windows Defender SmartScreen

Disable lockdown of Start pages

For PDF files that have both landscape and portrait pages, print each in its own orientation.

Keep favorites in sync between Internet Explorer and Microsoft Edge

Prevent access to the about:flags page in Microsoft Edge

Prevent bypassing Windows Defender SmartScreen prompts for files

Prevent bypassing Windows Defender SmartScreen prompts for sites

Prevent certificate error overrides

Prevent changes to Favorites on Microsoft Edge

Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start

Prevent the First Run webpage from opening on Microsoft Edge

Prevent turning off required extensions

Prevent using Localhost IP address for WebRTC

Provision Favorites

Send all intranet sites to Internet Explorer 11

Set default search engine

Set Home Button URL

Set New Tab page URL

Show message when opening sites in Internet Explorer

Suppress the display of Edge Deprecation Notification

Unlock Home Button

Microsoft FIDO Authentication

Enable usage of FIDO devices to sign on

Microsoft Secondary Authentication Factor

Allow companion device for secondary authentication

Microsoft User Experience Virtualization

Applications

Access 2013 backup only

Access 2016 backup only

Calculator

Common 2013 backup only

Common 2016 backup only

Excel 2013 backup only

Excel 2016 backup only

InfoPath 2013 backup only

Internet Explorer 8

Internet Explorer 9

Internet Explorer 10

Internet Explorer 11

Internet Explorer Common Settings

Lync 2013 backup only

Lync 2016 backup only

Microsoft Access 2010

Microsoft Access 2013

Microsoft Access 2016

Microsoft Excel 2010

Microsoft Excel 2013

Microsoft Excel 2016

Microsoft InfoPath 2010

Microsoft InfoPath 2013

Microsoft Lync 2010

Microsoft Lync 2013

Microsoft Lync 2016

Microsoft Office 365 Access 2013

Microsoft Office 365 Access 2016

Microsoft Office 365 Common 2013

Microsoft Office 365 Common 2016

Microsoft Office 365 Excel 2013

Microsoft Office 365 Excel 2016

Microsoft Office 365 InfoPath 2013

Microsoft Office 365 Lync 2013

Microsoft Office 365 Lync 2016

Microsoft Office 365 OneNote 2013

Microsoft Office 365 OneNote 2016

Microsoft Office 365 Outlook 2013

Microsoft Office 365 Outlook 2016

Microsoft Office 365 PowerPoint 2013

Microsoft Office 365 PowerPoint 2016

Microsoft Office 365 Project 2013

Microsoft Office 365 Project 2016

Microsoft Office 365 Publisher 2013

Microsoft Office 365 Publisher 2016

Microsoft Office 365 SharePoint Designer 2013

Microsoft Office 365 Visio 2013

Microsoft Office 365 Visio 2016

Microsoft Office 365 Word 2013

Microsoft Office 365 Word 2016

Microsoft Office 2010 Common Settings

Microsoft Office 2013 Common Settings

Microsoft Office 2013 Upload Center

Microsoft Office 2016 Common Settings

Microsoft Office 2016 Upload Center

Microsoft OneDrive for Business 2013

Microsoft OneDrive for Business 2016

Microsoft OneNote 2010

Microsoft OneNote 2013

Microsoft OneNote 2016

Microsoft Outlook 2010

Microsoft Outlook 2013

Microsoft Outlook 2016

Microsoft PowerPoint 2010

Microsoft PowerPoint 2013

Microsoft PowerPoint 2016

Microsoft Project 2010

Microsoft Project 2013

Microsoft Project 2016

Microsoft Publisher 2010

Microsoft Publisher 2013

Microsoft Publisher 2016

Microsoft SharePoint Designer 2010

Microsoft SharePoint Designer 2013

Microsoft SharePoint Workspace 2010

Microsoft Visio 2010

Microsoft Visio 2013

Microsoft Visio 2016

Microsoft Word 2010

Microsoft Word 2013

Microsoft Word 2016

Notepad

OneNote 2013 backup only

OneNote 2016 backup only

Outlook 2013 backup only

Outlook 2016 backup only

PowerPoint 2013 backup only

PowerPoint 2016 backup only

Project 2013 backup only

Project 2016 backup only

Publisher 2013 backup only

Publisher 2016 backup only

SharePoint Designer 2013 backup only

Visio 2013 backup only

Visio 2016 backup only

Word 2013 backup only

Word 2016 backup only

WordPad

Windows Apps

Finance

Games

Music

Reader

Sports

Travel

Video

Weather

Configure Sync Method

Contact IT Link Text

Contact IT URL

Do not synchronize Windows Apps

Enable UEV

First Use Notification

Ping the settings storage location before sync

Settings package size warning threshold

Settings storage path

Settings template catalog path

Synchronization timeout

Synchronize Windows settings

Sync settings over metered connections even when roaming

Sync settings over metered connections

Sync Unlisted Windows Apps

Tray Icon

Use User Experience Virtualization (UE-V)

VDI Configuration

NetMeeting

Disable remote Desktop Sharing

News and interests

Enable news and interests on the taskbar

OneDrive

Prevent OneDrive files from syncing over metered connections

Prevent OneDrive from generating network traffic until the user signs in to OneDrive

Prevent the usage of OneDrive for file storage

Prevent the usage of OneDrive for file storage on Windows 8.1

Save documents to OneDrive by default

Online Assistance

Turn off Active Help

Don't launch privacy settings experience on user logon

Parental Controls

Make Parental Controls control panel visible on a Domain

Portable Operating System

Allow hibernate (S4) when starting from a Windows To Go workspace

Disallow standby sleep states (S1-S3) when starting from a Windows to Go workspace

Windows To Go Default Startup Options

Presentation Settings

Turn off Windows presentation settings

Push To Install

Turn off Push To Install service

Remote Desktop Services

RD Licensing

License server security group

Prevent license upgrade

Remote Desktop Connection Client

RemoteFX USB Device Redirection

Allow RDP redirection of other supported RemoteFX USB devices from this computer

Allow .rdp files from unknown publishers

Allow .rdp files from valid publishers and user's default .rdp settings

Configure server authentication for client

Do not allow hardware accelerated decoding

Do not allow passwords to be saved

Prompt for credentials on the client computer

Specify SHA1 thumbprints of certificates representing trusted .rdp publishers

Turn Off UDP On Client

Remote Desktop Session Host

Application Compatibility

Do not use Remote Desktop Session Host server IP address when virtual IP address is not available

Select the network adapter to be used for Remote Desktop IP Virtualization

Turn off Windows Installer RDS Compatibility

Turn on Remote Desktop IP Virtualization

Connections

Allow remote start of unlisted programs

Allow users to connect remotely by using Remote Desktop Services

Automatic reconnection

Configure keep-alive connection interval

Deny logoff of an administrator logged in to the console session

Limit number of connections

Restrict Remote Desktop Services users to a single Remote Desktop Services session

Select network detection on the server

Select RDP transport protocols

Set rules for remote control of Remote Desktop Services user sessions

Suspend user sign-in to complete app registration

Turn off Fair Share CPU Scheduling

Device and Resource Redirection

Allow audio and video playback redirection

Allow audio recording redirection

Allow time zone redirection

Do not allow Clipboard redirection

Do not allow COM port redirection

Do not allow drive redirection

Do not allow LPT port redirection

Do not allow smart card device redirection

Do not allow supported Plug and Play device redirection

Do not allow video capture redirection

Limit audio playback quality

Licensing

Set the Remote Desktop licensing mode

Use the specified Remote Desktop license servers

Printer Redirection

Do not allow client printer redirection

Do not set default client printer to be default printer in a session

Redirect only the default client printer

Specify RD Session Host server fallback printer driver behavior

Use Remote Desktop Easy Print printer driver first

Profiles

Limit the size of the entire roaming user profile cache

Set path for Remote Desktop Services Roaming User Profile

Set Remote Desktop Services User Home Directory

Use mandatory profiles on the RD Session Host server

RD Connection Broker

Configure RD Connection Broker farm name

Configure RD Connection Broker server name

Join RD Connection Broker

Use IP Address Redirection

Use RD Connection Broker load balancing

Remote Session Environment

RemoteFX for Windows Server 2008 R2

Configure RemoteFX

Optimize visual experience for Remote Desktop Service Sessions

Optimize visual experience when using RemoteFX

Allow desktop composition for remote desktop sessions

Always show desktop on connection

Configure compression for RemoteFX data

Configure H.264/AVC hardware encoding for Remote Desktop Connections

Configure image quality for RemoteFX Adaptive Graphics

Configure RemoteFX Adaptive Graphics

Do not allow font smoothing

Enable RemoteFX encoding for RemoteFX clients designed for Windows Server 2008 R2 SP1

Enforce Removal of Remote Desktop Wallpaper

Limit maximum color depth

Limit maximum display resolution

Limit number of monitors

Prioritize H.264/AVC 444 graphics mode for Remote Desktop Connections

Remove "Disconnect" option from Shut Down dialog

Remove Windows Security item from Start menu

Start a program on connection

Use advanced RemoteFX graphics for RemoteApp

Use hardware graphics adapters for all Remote Desktop Services sessions

Use the hardware default graphics adapter for all Remote Desktop Services sessions

Use WDDM graphics display driver for Remote Desktop Connections

Security

Always prompt for password upon connection

Do not allow local administrators to customize permissions

Require secure RPC communication

Require use of specific security layer for remote (RDP) connections

Require user authentication for remote connections by using Network Level Authentication

Server authentication certificate template

Set client connection encryption level

Session Time Limits

End session when time limits are reached

Set time limit for active but idle Remote Desktop Services sessions

Set time limit for active Remote Desktop Services sessions

Set time limit for disconnected sessions

Set time limit for logoff of RemoteApp sessions

Temporary folders

Do not delete temp folders upon exit

Do not use temporary folders per session

Prevent access to feed list

Prevent automatic discovery of feeds and Web Slices

Prevent downloading of enclosures

Prevent subscribing to or deleting a feed or a Web Slice

Turn off background synchronization for feeds and Web Slices

Turn on Basic feed authentication over HTTP

Force TIFF IFilter to perform OCR for every page in a TIFF document

Select OCR language from a code page

Select OCR language

Add primary intranet search location

Add secondary intranet search locations

Allow Cloud Search

Allow Cortana above lock screen

Allow Cortana

Allow Cortana Page in OOBE on an AAD account

Allow indexing of encrypted files

Allow search and Cortana to use location

Allow search highlights

Allow use of diacritics

Always use automatic language detection when indexing content and properties

Control rich previews for attachments

Default excluded paths

Default indexed paths

Disable indexer backoff

Don't search the web or display web results in Search

Don't search the web or display web results in Search over metered connections

Do not allow locations on removable drives to be added to libraries

Do not allow web search

Enable indexing of online delegate mailboxes

Enable indexing uncached Exchange folders

Enable throttling for online mail indexing

Indexer data location

Prevent adding UNC locations to index from Control Panel

Prevent adding user-specified locations to the All Locations menu

Prevent automatically adding shared folders to the Windows Search index

Prevent clients from querying the index remotely

Prevent customization of indexed locations in Control Panel

Prevent indexing certain paths

Prevent indexing e-mail attachments

Prevent indexing files in offline files cache

Prevent indexing Microsoft Office Outlook

Prevent indexing of certain file types

Prevent indexing public folders

Prevent indexing when running on battery power to conserve energy

Prevent the display of advanced indexing options for Windows Search in the Control Panel

Prevent unwanted iFilters and protocol handlers

Preview pane location

Set large or small icon view in desktop search results

Set the SafeSearch setting for Search

Set what information is shared in Search

Stop indexing in the event of limited hard drive space

Security Center

Turn on Security Center (Domain PCs only)

Shutdown Options

Timeout for hung logon sessions during shutdown

Turn off legacy remote shutdown interface

Smart Card

Allow certificates with no extended key usage certificate attribute

Allow ECC certificates to be used for logon and authentication

Allow Integrated Unblock screen to be displayed at the time of logon

Allow signature keys valid for Logon

Allow time invalid certificates

Allow user name hint

Configure root certificate clean up

Display string when smart card is blocked

Filter duplicate logon certificates

Force the reading of all certificates from the smart card

Notify user of successful smart card driver installation

Prevent plaintext PINs from being returned by Credential Manager

Reverse the subject name stored in a certificate when displaying

Turn on certificate propagation from smart card

Turn on root certificate propagation from smart card

Turn on Smart Card Plug and Play service

Software Protection Platform

Control Device Reactivation for Retail devices

Turn off KMS Client Online AVS Validation

Sound Recorder

Do not allow Sound Recorder to run

Speech

Allow Automatic Update of Speech Data

Store

Disable all apps from Microsoft Store

Only display the private store within the Microsoft Store

Turn off Automatic Download and Install of updates

Turn off Automatic Download of updates on Win8 machines

Turn off the offer to update to the latest version of Windows

Turn off the Store application

Sync your settings

Do not sync app settings

Do not sync Apps

Do not sync browser settings

Do not sync desktop personalization

Do not sync

Do not sync on metered connections

Do not sync other Windows settings

Do not sync passwords

Do not sync personalize

Do not sync start settings

Tablet PC

Accessories

Do not allow Inkball to run

Do not allow printing to Journal Note Writer

Do not allow Snipping Tool to run

Do not allow Windows Journal to be run

Cursors

Turn off pen feedback

Hardware Buttons

Prevent Back-ESC mapping

Prevent launch an application

Prevent press and hold

Turn off hardware buttons

Input Panel

Disable text prediction

For tablet pen input, don't show the Input Panel icon

For touch input, don't show the Input Panel icon

Include rarely used Chinese, Kanji, or Hanja characters

Prevent Input Panel tab from appearing

Turn off AutoComplete integration with Input Panel

Turn off password security in Input Panel

Turn off tolerant and Z-shaped scratch-out gestures

Pen Flicks Learning

Prevent Flicks Learning Mode

Pen UX Behaviors

Prevent flicks

Tablet PC Pen Training

Turn off Tablet PC Pen Training

Touch Input

Turn off Tablet PC touch input

Turn off Touch Panning

Hide Advanced Properties Checkbox in Add Scheduled Task Wizard

Hide Property Pages

Prevent Task Run or End

Prohibit Browse

Prohibit Drag-and-Drop

Prohibit New Task Creation

Prohibit Task Deletion

Tenant Restrictions

Cloud Policy Details

Text Input

Allow uninstallation of language features when a language is uninstalled

Improve inking and typing recognition

Windows Calendar

Turn off Windows Calendar

Windows Color System

Prohibit installing or uninstalling color profiles

Windows Customer Experience Improvement Program

Allow Corporate redirection of Customer Experience Improvement uploads

Tag Windows Customer Experience Improvement data with Study Identifier

Windows Defender SmartScreen

Explorer

Configure App Install Control

Microsoft Edge

Prevent users from replacing the Command Prompt with Windows PowerShell in the menu they see when they right-click the lower-left corner or press the Windows logo key+X

Prevent bypassing Windows Defender SmartScreen prompts for files

Prevent bypassing Windows Defender SmartScreen prompts for sites

Configure Corporate Windows Error Reporting

Configure Report Archive

Configure Report Queue

Default application reporting settings

List of applications to always report errors for

List of applications to be excluded

List of applications to never report errors for

Report operating system errors

Report unplanned shutdown events

Consent

Configure Default consent

Customize consent settings

Ignore custom consent settings

Automatically send memory dumps for OS-generated error reports

Configure Error Reporting

Disable logging

Disable Windows Error Reporting

Display Error Notification

Do not send additional data

Do not throttle additional data

Prevent display of the user interface for critical errors

Send additional data when on battery power

Send data when on connected to a restricted/costed network

Windows Game Recording and Broadcasting

Enables or disables Windows Game Recording and Broadcasting

Windows Hello for Business

Phone Sign-in

Use phone sign-in

PIN Complexity

Expiration

History

Maximum PIN length

Minimum PIN length

Require digits

Require lowercase letters

Require special characters

Require uppercase letters

Allow enumeration of emulated smart card for all users

Configure device unlock factors

Configure dynamic lock factors

Turn off smart card emulation

Use a hardware security device

Use biometrics

Use certificate for on-premises authentication

Use cloud trust for on-premises authentication

Use PIN Recovery

Use Windows Hello for Business certificates as smart card certificates

Use Windows Hello for Business

Windows Ink Workspace

Allow Windows Ink Workspace

Windows Installer

Allow user control over installs

Allow users to browse for source while elevated

Allow users to patch elevated products

Allow users to use media source while elevated

Always install with elevated privileges

Control maximum size of baseline file cache

Enforce upgrade component rules

Prevent embedded UI

Prevent Internet Explorer security prompt for Windows Installer scripts

Prevent users from using Windows Installer to install updates and upgrades

Prohibit flyweight patching

Prohibit non-administrators from applying vendor signed updates

Prohibit removal of updates

Prohibit rollback

Prohibit use of Restart Manager

Prohibit User Installs

Remove browse dialog box for new source

Save copies of transform files in a secure location on workstation

Specify the types of events Windows Installer records in its transaction log

Turn off creation of System Restore checkpoints

Turn off logging via package settings

Turn off shared components

Turn off Windows Installer

Windows Logon Options

Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot

Disable or enable software Secure Attention Sequence

Display information about previous logons during user logon

Report when logon server was not available during user logon

Sign-in and lock last interactive user automatically after a restart

Windows Mail

Turn off the communities features

Turn off Windows Mail application

Windows Media Center

Do not allow Windows Media Center to run

Windows Media Digital Rights Management

Prevent Windows Media DRM Internet Access

Windows Media Player

Do Not Show First Use Dialog Boxes

Prevent Automatic Updates

Prevent Desktop Shortcut Creation

Prevent Media Sharing

Prevent Quick Launch Toolbar Shortcut Creation

Prevent Video Smoothing

Windows Messenger

Do not allow Windows Messenger to be run

Do not automatically start Windows Messenger initially

Windows Mobility Center

Turn off Windows Mobility Center

Windows PowerShell

Set the default source path for Update-Help

Turn on Module Logging

Turn on PowerShell Script Block Logging

Turn on PowerShell Transcription

Turn on Script Execution

Windows Reliability Analysis

Configure Reliability WMI Providers

Windows Remote Management (WinRM)

WinRM Client

Allow Basic authentication

Allow CredSSP authentication

Allow unencrypted traffic

Disallow Digest authentication

Disallow Kerberos authentication

Disallow Negotiate authentication

Trusted Hosts

WinRM Service

Allow Basic authentication

Allow CredSSP authentication

Allow remote server management through WinRM

Allow unencrypted traffic

Disallow Kerberos authentication

Disallow Negotiate authentication

Disallow WinRM from storing RunAs credentials

Specify channel binding token hardening level

Turn On Compatibility HTTP Listener

Turn On Compatibility HTTPS Listener

Specify idle Timeout

Specify maximum amount of memory in MB per Shell

Specify maximum number of processes per Shell

Specify maximum number of remote shells per user

Specify Shell Timeout

Windows Security

Account protection

Hide the Account protection area

App and browser protection

Hide the App and browser protection area

Prevent users from modifying settings

Device performance and health

Hide the Device performance and health area

Device security

Disable the Clear TPM button

Hide the Device security area

Hide the Secure boot area

Hide the Security processor (TPM) troubleshooter page

Hide the TPM Firmware Update recommendation.

Enterprise Customization

Configure customized contact information

Configure customized notifications

Specify contact company name

Specify contact email address or Email ID

Specify contact phone number or Skype ID

Specify contact website

Family options

Hide the Family options area

Firewall and network protection

Hide the Firewall and network protection area

Notifications

Hide all notifications

Hide non-critical notifications

Systray

Hide Windows Security Systray

Virus and threat protection

Hide the Ransomware data recovery area

Hide the Virus and threat protection area

Disable safeguards for Feature Updates

Manage preview builds

Select the target Feature Update version

Select when Preview Builds and Feature Updates are received

Select when Quality Updates are received

Allow Automatic Updates immediate installation

Allow non-administrators to receive update notifications

Allow signed updates from an intranet Microsoft update service location

Allow updates to be downloaded automatically over metered connections

Always automatically restart at the scheduled time

Automatic Updates detection frequency

Configure auto-restart reminder notifications for updates

Configure auto-restart required notification for updates

Configure auto-restart warning notifications schedule for updates

Configure Automatic Updates

Defer Upgrades and Updates

Delay Restart for scheduled installations

Display options for update notifications

Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box

Do not allow update deferral policies to cause scans against Windows Update

Do not connect to any Windows Update Internet locations

Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box

Do not include drivers with Windows Updates

Enable client-side targeting

Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates

No auto-restart with logged on users for scheduled automatic updates installations

Re-prompt for restart with scheduled installations

Remove access to "Pause updates" feature

Remove access to use all Windows Update features

Reschedule Automatic Updates scheduled installations

Specify active hours range for auto-restarts

Specify deadline before auto-restart for update installation

Specify deadlines for automatic updates and restarts

Specify Engaged restart transition and notification schedule for updates

Specify intranet Microsoft update service location

Specify source service for specific classes of Windows Updates

Turn off auto-restart for updates during active hours

Turn off auto-restart notifications for update installations

Turn on Software Notifications

Update Power Policy for Cart Restarts

Work Folders

Force automatic setup for all users

Go directly to Components Wizard

Hide Add/Remove Windows Components page

Hide Add New Programs page

Hide Change or Remove Programs page

Hide the "Add a program from CD-ROM or floppy disk" option

Hide the "Add programs from Microsoft" option

Hide the "Add programs from your network" option

Hide the Set Program Access and Defaults page

Remove Add or Remove Programs

Remove Support Information

Specify default category for Add New Programs

Display

Disable the Display Control Panel

Hide Settings tab

Personalization

Enable screen saver

Force a specific visual style file or force Windows Classic

Force specific screen saver

Load a specific theme

Password protect the screen saver

Prevent changing color and appearance

Prevent changing color scheme

Prevent changing desktop background

Prevent changing desktop icons

Prevent changing mouse pointers

Prevent changing screen saver

Prevent changing sounds

Prevent changing theme

Prevent changing visual style for windows and buttons

Prohibit selection of visual style font size

Screen saver timeout

Printers

Browse a common web site to find printers

Browse the network to find printers

Default Active Directory path when searching for printers

Enable Device Control Printing Restrictions

List of Approved USB-connected print devices

Only use Package Point and print

Package Point and print - Approved servers

Point and Print Restrictions

Prevent addition of printers

Prevent deletion of printers

Turn off Windows default printer management

Programs

Hide "Get Programs" page

Hide "Installed Updates" page

Hide "Programs and Features" page

Hide "Set Program Access and Computer Defaults" page

Hide "Windows Features"

Hide "Windows Marketplace"

Hide the Programs Control Panel

Regional and Language Options

Handwriting personalization

Turn off automatic learning

Hide Regional and Language Options administrative options

Hide the geographic location option

Hide the select language group options

Hide user locale selection and customization options

Restrict selection of Windows menus and dialogs language

Restricts the UI languages Windows should use for the selected user

Turn off autocorrect misspelled words

Turn off highlight misspelled words

Turn off insert a space after selecting a text prediction

Turn off offer text predictions as I type

Always open All Control Panel Items when opening Control Panel

Hide specified Control Panel items

Prohibit access to Control Panel and PC settings

Settings Page Visibility

Show only specified Control Panel items

Desktop

Active Directory

Enable filter in Find dialog box

Hide Active Directory folder

Maximum size of Active Directory searches

Desktop

Add/Delete items

Allow only bitmapped wallpaper

Desktop Wallpaper

Disable Active Desktop

Disable all items

Enable Active Desktop

Prohibit adding items

Prohibit changes

Prohibit closing items

Prohibit deleting items

Prohibit editing items

Don't save settings at exit

Do not add shares of recently opened documents to Network Locations

Hide and disable all items on the desktop

Hide Internet Explorer icon on desktop

Hide Network Locations icon on desktop

Prevent adding, dragging, dropping and closing the Taskbar's toolbars

Prohibit adjusting desktop toolbars

Prohibit User from manually redirecting Profile Folders

Remove Computer icon on the desktop

Remove My Documents icon on the desktop

Remove Properties from the Computer icon context menu

Remove Properties from the Documents icon context menu

Remove Properties from the Recycle Bin context menu

Remove Recycle Bin icon from desktop

Remove the Desktop Cleanup Wizard

Turn off Aero Shake window minimizing mouse gesture

Network

Network Connections

Ability to change properties of an all user remote access connection

Ability to delete all user remote access connections

Ability to Enable/Disable a LAN connection

Ability to rename all user remote access connections

Ability to rename LAN connections

Ability to rename LAN connections or remote access connections available to all users

Enable Windows 2000 Network Connections settings for Administrators

Prohibit access to properties of a LAN connection

Prohibit access to properties of components of a LAN connection

Prohibit access to properties of components of a remote access connection

Prohibit access to the Advanced Settings item on the Advanced menu

Prohibit access to the New Connection Wizard

Prohibit access to the Remote Access Preferences item on the Advanced menu

Prohibit adding and removing components for a LAN or remote access connection

Prohibit changing properties of a private remote access connection

Prohibit connecting and disconnecting a remote access connection

Prohibit deletion of remote access connections

Prohibit Enabling/Disabling components of a LAN connection

Prohibit renaming private remote access connections

Prohibit TCP/IP advanced configuration

Prohibit viewing of status for an active connection

Turn off notifications when a connection has only limited or no connectivity

Offline Files

Action on server disconnect

Event logging level

Initial reminder balloon lifetime

Non-default server disconnect actions

Prevent use of Offline Files folder

Prohibit user configuration of Offline Files

Reminder balloon frequency

Reminder balloon lifetime

Remove "Make Available Offline" command

Remove "Make Available Offline" for these files and folders

Remove "Work offline" command

Specify administratively assigned Offline Files

Synchronize all offline files before logging off

Synchronize all offline files when logging on

Synchronize offline files before suspend

Turn off reminder balloons

Windows Connect Now

Prohibit access of the Windows Connect Now wizards

Set the time Quiet Hours begins each day

Set the time Quiet Hours ends each day

Turn off calls during Quiet Hours

Turn off notification mirroring

Turn off notifications network usage

Turn off Quiet Hours

Turn off tile notifications

Turn off toast notifications

Turn off toast notifications on the lock screen

Turn on multiple expanded toast notifications in action center

Add "Run in Separate Memory Space" check box to Run dialog box

Add Logoff to the Start Menu

Add Search Internet link to Start Menu

Add the Run command to the Start Menu

Change Start Menu power button

Clear history of recently opened documents on exit

Clear the recent programs list for new users

Clear tile notifications during log on

Disable context menus in the Start Menu

Disable showing balloon notifications as toasts.

Do not allow pinning items in Jump Lists

Do not allow pinning programs to the Taskbar

Do not allow pinning Store app to the Taskbar

Do not allow taskbars on more than one display

Do not display any custom toolbars in the taskbar

Do not display or track items in Jump Lists from remote locations

Do not keep history of recently opened documents

Do not search communications

Do not search for files

Do not search Internet

Do not search programs and Control Panel items

Do not use the search-based method when resolving shell shortcuts

Do not use the tracking-based method when resolving shell shortcuts

Force classic Start Menu

Force Start to be either full screen size or menu size

Go to the desktop instead of Start when signing in

Gray unavailable Windows Installer programs Start Menu shortcuts

Hide the notification area

List desktop apps first in the Apps view

Lock all taskbar settings

Lock the Taskbar

Pin Apps to Start when installed

Prevent changes to Taskbar and Start Menu Settings

Prevent grouping of taskbar items

Prevent users from adding or removing toolbars

Prevent users from customizing their Start Screen

Prevent users from moving taskbar to another screen dock location

Prevent users from rearranging toolbars

Prevent users from resizing the taskbar

Prevent users from uninstalling applications from Start

Remove access to the context menus for the taskbar

Remove All Programs list from the Start menu

Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands

Remove Balloon Tips on Start Menu items

Remove Clock from the system notification area

Remove common program groups from Start Menu

Remove Default Programs link from the Start menu.

Remove Documents icon from Start Menu

Remove Downloads link from Start Menu

Remove Favorites menu from Start Menu

Remove frequent programs list from the Start Menu

Remove Games link from Start Menu

Remove Help menu from Start Menu

Remove Homegroup link from Start Menu

Remove links and access to Windows Update

Remove Logoff on the Start Menu

Remove Music icon from Start Menu

Remove Network Connections from Start Menu

Remove Network icon from Start Menu

Remove Notifications and Action Center

Remove Pictures icon from Start Menu

Remove pinned programs from the Taskbar

Remove pinned programs list from the Start Menu

Remove programs on Settings menu

Remove Recent Items menu from Start Menu

Remove Recorded TV link from Start Menu

Remove Run menu from Start Menu

Remove Search Computer link

Remove Search link from Start Menu

Remove See More Results / Search Everywhere link

Remove the "Undock PC" button from the Start Menu

Remove the battery meter

Remove the Meet Now icon

Remove the networking icon

Remove the People Bar from the taskbar

Remove the Security and Maintenance icon

Remove the volume control icon

Remove user's folders from the Start Menu

Remove user folder link from Start Menu

Remove user name from Start Menu

Remove Videos link from Start Menu

Search just apps from the Apps view

Show "Run as different user" command on Start

Show additional calendar

Show or hide "Most used" list from Start menu

Show QuickLaunch on Taskbar

Show Start on the display the user is using when they press the Windows logo key

Show the Apps view automatically when the user goes to Start

Show Windows Store apps on the taskbar

Start Layout

Turn off all balloon notifications

Turn off automatic promotion of notification icons to the taskbar

Turn off feature advertisement balloon notifications

Turn off notification area cleanup

Turn off personalized menus

Turn off taskbar thumbnails

Turn off user tracking

System

Ctrl+Alt+Del Options

Remove Change Password

Remove Lock Computer

Remove Logoff

Remove Task Manager

Display

Configure Per-Process System DPI settings

Driver Installation

Code signing for driver packages

Configure driver search locations

Turn off Windows Update device driver search prompt

Folder Redirection

Do not automatically make all redirected folders available offline

Do not automatically make specific redirected folders available offline

Enable optimized move of contents in Offline Files cache on Folder Redirection server path change

Redirect folders on primary computers only

Use localized subfolder names when redirecting Start Menu and My Documents

Group Policy

Configure Group Policy domain controller selection

Configure Group Policy slow link detection

Create new Group Policy Object links disabled by default

Determine if interactive users can generate Resultant Set of Policy data

Enforce Show Policies Only

Set default name for new Group Policy objects

Set Group Policy refresh interval for users

Turn off automatic update of ADM files

Internet Communication Management

Internet Communication settings

Turn off access to the Store

Turn off downloading of print drivers over HTTP

Turn off handwriting personalization data sharing

Turn off handwriting recognition error reporting

Turn off Help Experience Improvement Program

Turn off Help Ratings

Turn off Internet download for Web publishing and online ordering wizards

Turn off Internet File Association service

Turn off printing over HTTP

Turn off the "Order Prints" picture task

Turn off the "Publish to Web" task for files and folders

Turn off the Windows Messenger Customer Experience Improvement Program

Turn off Windows Online

Restrict Internet communication

Locale Services

Disallow changing of geographic location

Disallow selection of Custom Locales

Disallow user override of locale settings

Restrict user locales

Logon

Do not process the legacy run list

Do not process the run once list

Run these programs at user logon

Mitigation Options

Process Mitigation Options

Power Management

Prompt for password on resume from hibernate/suspend

Removable Storage Access

All Removable Storage classes: Deny all access

CD and DVD: Deny read access

CD and DVD: Deny write access

Custom Classes: Deny read access

Custom Classes: Deny write access

Floppy Drives: Deny read access

Floppy Drives: Deny write access

Removable Disks: Deny read access

Removable Disks: Deny write access

Tape Drives: Deny read access

Tape Drives: Deny write access

Time (in seconds) to force reboot

WPD Devices: Deny read access

WPD Devices: Deny write access

Scripts

Run legacy logon scripts hidden

Run logoff scripts visible

Run logon scripts synchronously

Run logon scripts visible

Run Windows PowerShell scripts first at user logon, logoff

User Profiles

Connect home directory to root of the share

Exclude directories in roaming profile

Limit profile size

Specify network directories to sync at logon/logoff time only

Century interpretation for Year 2000

Custom User Interface

Don't run specified Windows applications

Do not display the Getting Started welcome screen at logon

Download missing COM components

Prevent access to registry editing tools

Prevent access to the command prompt

Restrict these programs from being launched from Help

Run only specified Windows applications

Windows Automatic Updates

Windows Components

Add features to Windows 8.1

Prevent the wizard from running.

Application Compatibility

Turn off Program Compatibility Assistant

App runtime

Block launching desktop apps associated with a file.

Block launching desktop apps associated with a URI scheme

Attachment Manager

Default risk level for file attachments

Do not preserve zone information in file attachments

Hide mechanisms to remove zone information

Inclusion list for high risk file types

Inclusion list for low file types

Inclusion list for moderate risk file types

Notify antivirus programs when opening attachments

Trust logic for file attachments

AutoPlay Policies

Default behavior for AutoRun

Don't set the always do this checkbox

Turn off Autoplay for non-volume devices

Turn off Autoplay

Backup

Client

Prevent backing up to local disks

Prevent backing up to network location

Prevent backing up to optical media (CD/DVD)

Prevent the user from running the Backup Status and Configuration program

Turn off restore functionality

Turn off the ability to back up data files

Turn off the ability to create a system image

Configure Windows spotlight on lock screen

Do not suggest third-party content in Windows spotlight

Do not use diagnostic data for tailored experiences

Turn off all Windows spotlight features

Turn off the Windows Welcome Experience

Turn off Windows Spotlight on Action Center

Turn off Windows Spotlight on Settings

Credential User Interface

Do not display the password reveal button

Data Collection and Preview Builds

Allow Telemetry

Configure collection of browsing data for Desktop Analytics

Restrict unpacking and installation of gadgets that are not digitally signed.

Turn off desktop gadgets

Turn Off user-installed desktop gadgets

Desktop Window Manager

Window Frame Coloring

Do not allow color changes

Specify a default color

Do not allow Flip3D invocation

Do not allow window animations

Digital Locker

Do not allow Digital Locker to run

Edge UI

Allow edge swipe

Disable help tips

Do not show recent apps when the mouse is pointing to the upper-left corner of the screen

Search, Share, Start, Devices, and Settings don't appear when the mouse is pointing to the upper-right corner of the screen

Turn off switching between recent apps

Turn off tracking of app usage

File Explorer

Common Open File Dialog

Hide the common dialog back button

Hide the common dialog places bar

Hide the dropdown list of recent files

Items displayed in Places Bar

Explorer Frame Pane

Turn off Preview Pane

Turn on or off details pane

Previous Versions

Hide previous versions list for local files

Hide previous versions list for remote files

Hide previous versions of files on backup location

Prevent restoring local previous versions

Prevent restoring previous versions from backups

Prevent restoring remote previous versions

Allow only per user or approved shell extensions

Disable binding directly to IPropertySetStorage without intermediate layers.

Disable Known Folders

Display confirmation dialog when deleting files

Display the menu bar in File Explorer

Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon

Do not display the Welcome Center at user logon

Do not move deleted files to the Recycle Bin

Do not request alternate credentials

Do not track Shell shortcuts during roaming

Hides the Manage item on the File Explorer context menu

Hide these specified drives in My Computer

Location where all default Library definition files for users/machines reside.

Maximum allowed Recycle Bin size

Maximum number of recent documents

No Computers Near Me in Network Locations

No Entire Network in Network Locations

Pin Internet search sites to the "Search again" links and the Start menu

Pin Libraries or Search Connectors to the "Search again" links and the Start menu

Prevent access to drives from My Computer

Prevent users from adding files to the root of their Users Files folder.

Remove "Map Network Drive" and "Disconnect Network Drive"

Remove CD Burning features

Remove DFS tab

Remove File Explorer's default context menu

Remove File menu from File Explorer

Remove Hardware tab

Remove Search button from File Explorer

Remove Security tab

Remove Shared Documents from My Computer

Remove the Search the Internet "Search again" link

Remove UI to change keyboard navigation indicator setting

Remove UI to change menu animation setting

Request credentials for network installations

Start File Explorer with ribbon minimized

Turn off caching of thumbnail pictures

Turn off common control and window animations

Turn off display of recent search entries in the File Explorer search box

Turn off numerical sorting in File Explorer

Turn off shell protocol protected mode

Turn off the caching of thumbnails in hidden thumbs.db files

Turn off the display of snippets in Content view mode

Turn off the display of thumbnails and only display icons.

Turn off the display of thumbnails and only display icons on network folders

Turn off Windows Key hotkeys

Turn off Windows Libraries features that rely on indexed file data

Turn on Classic Shell

File Revocation

Allow Windows Runtime apps to revoke enterprise data

Configure Japanese IME version

Configure Simplified Chinese IME version

Configure Traditional Chinese IME version

Do not include Non-Publishing Standard Glyph in the candidate list

Restrict character code range of conversion

Turn off custom dictionary

Turn off history-based predictive input

Turn off Internet search integration

Turn off Open Extended Dictionary

Turn off saving auto-tuning data to file

Turn on cloud candidate for CHS

Turn on cloud candidate

Turn on lexicon update

Turn on Live Sticker

Turn on misconversion logging for misconversion report

Instant Search

Custom Instant Search Internet search provider

Internet Explorer

Accelerators

Add default Accelerators

Add non-default Accelerators

Restrict Accelerators to those deployed through Group Policy

Turn off Accelerators

Administrator Approved Controls

Audio/Video Player

Carpoint

DHTML Edit Control

Investor

Menu Controls

Microsoft Agent

Microsoft Chat

Microsoft Scriptlet Component

Microsoft Survey Control

MSNBC

NetShow File Transfer Control

Shockwave Flash

Application Compatibility

Clipboard access

Bypass prompting for Clipboard access for scripts running in any process

Bypass prompting for Clipboard access for scripts running in the Internet Explorer process

Define applications and processes that can access the Clipboard without prompting

Disable Open in New Window menu option

Disable Save this program to disk option

File menu: Disable closing the browser and Explorer windows

File menu: Disable New menu option

File menu: Disable Open menu option

File menu: Disable Save As... menu option

File menu: Disable Save As Web Page Complete

Help menu: Remove 'For Netscape Users' menu option

Help menu: Remove 'Send Feedback' menu option

Help menu: Remove 'Tip of the Day' menu option

Help menu: Remove 'Tour' menu option

Hide Favorites menu

Tools menu: Disable Internet Options... menu option

Turn off Print Menu

Turn off Shortcut Menu

Turn off the ability to launch report site problems using a menu option

View menu: Disable Full Screen menu option

View menu: Disable Source menu option

Compatibility View

Include updated website lists from Microsoft

Turn off Compatibility View button

Turn off Compatibility View

Turn on Internet Explorer 7 Standards Mode

Turn on Internet Explorer Standards Mode for local intranet

Use Policy List of Internet Explorer 7 sites

Use Policy List of Quirks Mode sites

Delete Browsing History

Allow deleting browsing history on exit

Disable "Configuring History"

Prevent access to Delete Browsing History

Prevent deleting ActiveX Filtering, Tracking Protection, and Do Not Track data

Prevent deleting cookies

Prevent deleting download history

Prevent deleting favorites site data

Prevent deleting form data

Prevent deleting InPrivate Filtering data

Prevent deleting passwords

Prevent deleting temporary Internet files

Prevent deleting websites that the user has visited

Prevent the deletion of temporary Internet files and cookies

Internet Control Panel

Advanced Page

Allow active content from CDs to run on user machines

Allow Install On Demand (except Internet Explorer)

Allow Install On Demand (Internet Explorer)

Allow Internet Explorer to use the HTTP2 network protocol

Allow Internet Explorer to use the SPDY/3 network protocol

Allow software to run or install even if the signature is invalid

Allow third-party browser extensions

Always send Do Not Track header

Automatically check for Internet Explorer updates

Check for server certificate revocation

Check for signatures on downloaded programs

Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled

Do not allow resetting Internet Explorer settings

Do not save encrypted pages to disk

Empty Temporary Internet Files folder when browser is closed

Play animations in web pages

Play sounds in web pages

Play videos in web pages

Turn off ClearType

Turn off encryption support

Turn off loading websites and content in the background to optimize performance

Turn off Profile Assistant

Turn off sending UTF-8 query strings for URLs

Turn off the flip ahead with page prediction feature

Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows

Turn on Caret Browsing support

Turn on Enhanced Protected Mode

Use HTTP 1.1 through proxy connections

Use HTTP 1.1

Content Page

Show Content Advisor on Internet Options

General Page

Browsing History

Allow websites to store application caches on client computers

Allow websites to store indexed databases on client computers

Set application caches expiration time limit for individual domains

Set application cache storage limits for individual domains

Set default storage limits for websites

Set indexed database storage limits for individual domains

Set maximum application cache individual resource size

Set maximum application cache resource list size

Set maximum application caches storage limit for all domains

Set maximum indexed database storage limit for all domains

Start Internet Explorer with tabs from last browsing session

Security Page

Internet Zone

Allow active content over restricted protocols to access my computer

Allow active scripting

Allow cut, copy or paste operations from the clipboard via script

Allow file downloads

Allow font downloads

Allow loading of XPS files

Allow META REFRESH

Allow only approved domains to use ActiveX controls without prompt

Allow only approved domains to use the TDC ActiveX control

Allow previewing and custom thumbnails of OpenSearch query results in File Explorer

Allow script-initiated windows without size or position constraints

Allow scripting of Internet Explorer WebBrowser controls

Allow scriptlets

Allow video and animation on a webpage that uses an older media player

Allow websites to open windows without status bar or Address bar

Allow websites to prompt for information by using scripted windows

Display mixed content

Don't run antimalware programs against ActiveX controls

Do not prompt for client certificate selection when no certificates or only one certificate exists.

Enable dragging of content from different domains across windows

Enable dragging of content from different domains within a window

Enable MIME Sniffing

Include local path when user is uploading files to a server

Initialize and script ActiveX controls not marked as safe

Java permissions

Logon options

Navigate windows and frames across different domains

Render legacy filters

Run .NET Framework-reliant components not signed with Authenticode

Run .NET Framework-reliant components signed with Authenticode

Scripting of Java applets

Turn off first-run prompt

Turn on Protected Mode

Use Pop-up Blocker

Userdata persistence

Web sites in less privileged Web content zones can navigate into this zone

Intranet Zone

Allow active content over restricted protocols to access my computer

Allow active scripting

Allow cut, copy or paste operations from the clipboard via script

Allow file downloads

Allow font downloads

Allow loading of XPS files

Allow META REFRESH

Allow only approved domains to use ActiveX controls without prompt

Allow only approved domains to use the TDC ActiveX control

Allow previewing and custom thumbnails of OpenSearch query results in File Explorer

Allow script-initiated windows without size or position constraints

Allow scripting of Internet Explorer WebBrowser controls

Allow scriptlets

Allow video and animation on a webpage that uses an older media player

Allow websites to open windows without status bar or Address bar

Allow websites to prompt for information by using scripted windows

Display mixed content

Don't run antimalware programs against ActiveX controls

Do not prompt for client certificate selection when no certificates or only one certificate exists.

Enable dragging of content from different domains across windows

Enable dragging of content from different domains within a window

Enable MIME Sniffing

Include local path when user is uploading files to a server

Initialize and script ActiveX controls not marked as safe

Java permissions

Logon options

Navigate windows and frames across different domains

Render legacy filters

Run .NET Framework-reliant components not signed with Authenticode

Run .NET Framework-reliant components signed with Authenticode

Scripting of Java applets

Turn off first-run prompt

Turn on Protected Mode

Use Pop-up Blocker

Userdata persistence

Web sites in less privileged Web content zones can navigate into this zone

Local Machine Zone

Allow active content over restricted protocols to access my computer

Allow active scripting

Allow cut, copy or paste operations from the clipboard via script

Allow file downloads

Allow font downloads

Allow loading of XPS files

Allow META REFRESH

Allow only approved domains to use ActiveX controls without prompt

Allow only approved domains to use the TDC ActiveX control

Allow OpenSearch queries in File Explorer

Allow previewing and custom thumbnails of OpenSearch query results in File Explorer

Allow script-initiated windows without size or position constraints

Allow scripting of Internet Explorer WebBrowser controls

Allow scriptlets

Allow video and animation on a webpage that uses an older media player

Allow websites to open windows without status bar or Address bar

Allow websites to prompt for information by using scripted windows

Display mixed content

Don't run antimalware programs against ActiveX controls

Do not prompt for client certificate selection when no certificates or only one certificate exists.

Enable dragging of content from different domains across windows

Enable dragging of content from different domains within a window

Enable MIME Sniffing

Include local path when user is uploading files to a server

Initialize and script ActiveX controls not marked as safe

Java permissions

Logon options

Navigate windows and frames across different domains

Render legacy filters

Run .NET Framework-reliant components not signed with Authenticode

Run .NET Framework-reliant components signed with Authenticode

Scripting of Java applets

Turn off first-run prompt

Turn on Protected Mode

Use Pop-up Blocker

Userdata persistence

Web sites in less privileged Web content zones can navigate into this zone

Locked-Down Internet Zone

Allow active scripting

Allow cut, copy or paste operations from the clipboard via script

Allow file downloads

Allow font downloads

Allow loading of XPS files

Allow META REFRESH

Allow only approved domains to use ActiveX controls without prompt

Allow only approved domains to use the TDC ActiveX control

Allow previewing and custom thumbnails of OpenSearch query results in File Explorer

Allow script-initiated windows without size or position constraints

Allow scripting of Internet Explorer WebBrowser controls

Allow scriptlets

Allow video and animation on a webpage that uses an older media player

Allow websites to open windows without status bar or Address bar

Allow websites to prompt for information by using scripted windows

Display mixed content

Don't run antimalware programs against ActiveX controls

Do not prompt for client certificate selection when no certificates or only one certificate exists.

Enable dragging of content from different domains across windows

Enable dragging of content from different domains within a window

Enable MIME Sniffing

Include local path when user is uploading files to a server

Initialize and script ActiveX controls not marked as safe

Java permissions

Logon options

Navigate windows and frames across different domains

Render legacy filters

Run .NET Framework-reliant components not signed with Authenticode

Run .NET Framework-reliant components signed with Authenticode

Scripting of Java applets

Turn off first-run prompt

Turn on Protected Mode

Use Pop-up Blocker

Userdata persistence

Web sites in less privileged Web content zones can navigate into this zone

Locked-Down Intranet Zone

Allow active scripting

Allow cut, copy or paste operations from the clipboard via script

Allow file downloads

Allow font downloads

Allow loading of XAML Browser Applications

Allow loading of XPS files

Allow META REFRESH

Allow only approved domains to use ActiveX controls without prompt

Allow only approved domains to use the TDC ActiveX control

Allow previewing and custom thumbnails of OpenSearch query results in File Explorer

Allow script-initiated windows without size or position constraints

Allow scripting of Internet Explorer WebBrowser controls

Allow scriptlets

Allow video and animation on a webpage that uses an older media player

Allow websites to open windows without status bar or Address bar

Allow websites to prompt for information by using scripted windows

Display mixed content

Don't run antimalware programs against ActiveX controls

Do not prompt for client certificate selection when no certificates or only one certificate exists.

Enable dragging of content from different domains across windows

Enable dragging of content from different domains within a window

Enable MIME Sniffing

Include local path when user is uploading files to a server

Initialize and script ActiveX controls not marked as safe

Java permissions

Logon options

Navigate windows and frames across different domains

Render legacy filters

Run .NET Framework-reliant components not signed with Authenticode

Run .NET Framework-reliant components signed with Authenticode

Scripting of Java applets

Turn off first-run prompt

Turn on Protected Mode

Use Pop-up Blocker

Userdata persistence

Web sites in less privileged Web content zones can navigate into this zone

Locked-Down Local Machine Zone

Allow active scripting

Allow cut, copy or paste operations from the clipboard via script

Allow file downloads

Allow font downloads

Allow loading of XPS files

Allow META REFRESH

Allow only approved domains to use ActiveX controls without prompt

Allow only approved domains to use the TDC ActiveX control

Allow previewing and custom thumbnails of OpenSearch query results in File Explorer

Allow script-initiated windows without size or position constraints

Allow scripting of Internet Explorer WebBrowser controls

Allow scriptlets

Allow video and animation on a webpage that uses an older media player

Allow websites to open windows without status bar or Address bar

Allow websites to prompt for information by using scripted windows

Display mixed content

Don't run antimalware programs against ActiveX controls

Do not prompt for client certificate selection when no certificates or only one certificate exists.

Enable dragging of content from different domains across windows

Enable dragging of content from different domains within a window

Enable MIME Sniffing

Include local path when user is uploading files to a server

Initialize and script ActiveX controls not marked as safe

Java permissions

Logon options

Navigate windows and frames across different domains

Render legacy filters

Run .NET Framework-reliant components not signed with Authenticode

Run .NET Framework-reliant components signed with Authenticode

Scripting of Java applets

Turn off first-run prompt

Turn on Protected Mode

Use Pop-up Blocker

Userdata persistence

Web sites in less privileged Web content zones can navigate into this zone

Locked-Down Restricted Sites Zone

Allow active scripting

Allow cut, copy or paste operations from the clipboard via script

Allow file downloads

Allow font downloads

Allow loading of XPS files

Allow META REFRESH

Allow only approved domains to use ActiveX controls without prompt

Allow only approved domains to use the TDC ActiveX control

Allow previewing and custom thumbnails of OpenSearch query results in File Explorer

Allow script-initiated windows without size or position constraints

Allow scripting of Internet Explorer WebBrowser controls

Allow scriptlets

Allow video and animation on a webpage that uses an older media player

Allow websites to open windows without status bar or Address bar

Allow websites to prompt for information by using scripted windows

Display mixed content

Don't run antimalware programs against ActiveX controls

Do not prompt for client certificate selection when no certificates or only one certificate exists.

Enable dragging of content from different domains across windows

Enable dragging of content from different domains within a window

Enable MIME Sniffing

Include local path when user is uploading files to a server

Initialize and script ActiveX controls not marked as safe

Java permissions

Logon options

Navigate windows and frames across different domains

Render legacy filters

Run .NET Framework-reliant components not signed with Authenticode

Run .NET Framework-reliant components signed with Authenticode

Scripting of Java applets

Turn off first-run prompt

Turn on Protected Mode

Use Pop-up Blocker

Userdata persistence

Web sites in less privileged Web content zones can navigate into this zone

Locked-Down Trusted Sites Zone

Allow active scripting

Allow cut, copy or paste operations from the clipboard via script

Allow file downloads

Allow font downloads

Allow loading of XPS files

Allow META REFRESH

Allow only approved domains to use ActiveX controls without prompt

Allow only approved domains to use the TDC ActiveX control

Allow previewing and custom thumbnails of OpenSearch query results in File Explorer

Allow script-initiated windows without size or position constraints

Allow scripting of Internet Explorer WebBrowser controls

Allow scriptlets

Allow video and animation on a webpage that uses an older media player

Allow websites to open windows without status bar or Address bar

Allow websites to prompt for information by using scripted windows

Display mixed content

Don't run antimalware programs against ActiveX controls

Do not prompt for client certificate selection when no certificates or only one certificate exists.

Enable dragging of content from different domains across windows

Enable dragging of content from different domains within a window

Enable MIME Sniffing

Include local path when user is uploading files to a server

Initialize and script ActiveX controls not marked as safe

Java permissions

Logon options

Navigate windows and frames across different domains

Render legacy filters

Run .NET Framework-reliant components not signed with Authenticode

Run .NET Framework-reliant components signed with Authenticode

Scripting of Java applets

Turn off first-run prompt

Turn on Protected Mode

Use Pop-up Blocker

Userdata persistence

Web sites in less privileged Web content zones can navigate into this zone

Restricted Sites Zone

Allow active content over restricted protocols to access my computer

Allow active scripting

Allow cut, copy or paste operations from the clipboard via script

Allow file downloads

Allow font downloads

Allow loading of XPS files

Allow META REFRESH

Allow only approved domains to use ActiveX controls without prompt

Allow only approved domains to use the TDC ActiveX control

Allow previewing and custom thumbnails of OpenSearch query results in File Explorer

Allow script-initiated windows without size or position constraints

Allow scripting of Internet Explorer WebBrowser controls

Allow scriptlets

Allow video and animation on a webpage that uses an older media player

Allow websites to open windows without status bar or Address bar

Allow websites to prompt for information by using scripted windows

Display mixed content

Don't run antimalware programs against ActiveX controls

Do not prompt for client certificate selection when no certificates or only one certificate exists.

Enable dragging of content from different domains across windows

Enable dragging of content from different domains within a window

Enable MIME Sniffing

Include local path when user is uploading files to a server

Initialize and script ActiveX controls not marked as safe

Java permissions

Logon options

Navigate windows and frames across different domains

Render legacy filters

Run .NET Framework-reliant components not signed with Authenticode

Run .NET Framework-reliant components signed with Authenticode

Scripting of Java applets

Submit non-encrypted form data

Turn off first-run prompt

Turn on Protected Mode

Use Pop-up Blocker

Userdata persistence

Web sites in less privileged Web content zones can navigate into this zone

Trusted Sites Zone

Allow active content over restricted protocols to access my computer

Allow active scripting

Allow cut, copy or paste operations from the clipboard via script

Allow file downloads

Allow font downloads

Allow loading of XPS files

Allow META REFRESH

Allow only approved domains to use ActiveX controls without prompt

Allow only approved domains to use the TDC ActiveX control

Allow previewing and custom thumbnails of OpenSearch query results in File Explorer

Allow script-initiated windows without size or position constraints

Allow scripting of Internet Explorer WebBrowser controls

Allow scriptlets

Allow video and animation on a webpage that uses an older media player

Allow websites to open windows without status bar or Address bar

Allow websites to prompt for information by using scripted windows

Display mixed content

Don't run antimalware programs against ActiveX controls

Do not prompt for client certificate selection when no certificates or only one certificate exists.

Enable dragging of content from different domains across windows

Enable dragging of content from different domains within a window

Enable MIME Sniffing

Include local path when user is uploading files to a server

Initialize and script ActiveX controls not marked as safe

Java permissions

Logon options

Navigate windows and frames across different domains

Render legacy filters

Run .NET Framework-reliant components not signed with Authenticode

Run .NET Framework-reliant components signed with Authenticode

Scripting of Java applets

Turn off first-run prompt

Turn on Protected Mode

Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects

Use Pop-up Blocker

Userdata persistence

Web sites in less privileged Web content zones can navigate into this zone

Internet Zone Template

Intranet Sites: Include all local (intranet) sites not listed in other zones

Intranet Sites: Include all network paths (UNCs)

Intranet Sites: Include all sites that bypass the proxy server

Intranet Zone Template

Local Machine Zone Template

Locked-Down Internet Zone Template

Locked-Down Intranet Zone Template

Locked-Down Local Machine Zone Template

Locked-Down Restricted Sites Zone Template

Locked-Down Trusted Sites Zone Template

Restricted Sites Zone Template

Site to Zone Assignment List

Trusted Sites Zone Template

Turn on automatic detection of intranet

Turn on certificate address mismatch warning

Turn on Notification bar notification for intranet content

Disable the Advanced page

Disable the Connections page

Disable the Content page

Disable the General page

Disable the Privacy page

Disable the Programs page

Disable the Security page

Prevent ignoring certificate errors

Send internationalized domain names

Use UTF-8 for mailto links

Internet Settings

Advanced settings

Browsing

Go to an intranet site for a one-word entry in the Address bar

Hide the button (next to the New Tab button) that opens Microsoft Edge

Turn off configuring underline links

Turn off details in messages about Internet connection problems

Turn off page transitions

Turn off phone number detection

Turn off smooth scrolling

Turn on script debugging

Turn on the display of script errors

Internet Connection Wizard Settings

Start the Internet Connection Wizard automatically

Multimedia

Allow Internet Explorer to play media files that use alternative codecs

Allow the display of image download placeholders

Turn off automatic image resizing

Turn off image display

Turn off smart image dithering

Printing

Turn on printing of background colors and images

Searching

Prevent configuration of search on Address bar

Prevent configuration of top-result search on Address bar

Signup Settings

Turn on automatic signup

Turn off inline AutoComplete in File Explorer

Turn off URL Suggestions

Turn off Windows Search AutoComplete

Turn on inline AutoComplete

Display settings

General Colors

Prevent specifying background color

Prevent specifying text color

Prevent the use of Windows colors

Link Colors

Prevent specifying the color of links that have already been clicked

Prevent specifying the color of links that have not yet been clicked

Prevent specifying the hover color

Turn on the hover color option

Prevent choosing default text size

URL Encoding

Turn off sending URL path as UTF-8

Open Internet Explorer tiles on the desktop

Set how links are opened in Internet Explorer

Offline Pages

Disable adding channels

Disable adding schedules for offline pages

Disable all scheduled offline pages

Disable channel user interface completely

Disable downloading of site subscription content

Disable editing and creating of schedule groups

Disable editing schedules for offline pages

Disable offline page hit logging

Disable removing channels

Disable removing schedules for offline pages

Subscription Limits

Persistence Behavior

File size limits for Internet zone

File size limits for Intranet zone

File size limits for Local Machine zone

File size limits for Restricted Sites zone

File size limits for Trusted Sites zone

Privacy

Establish InPrivate Filtering threshold

Establish Tracking Protection threshold

Prevent the computer from loading toolbars and Browser Helper Objects when InPrivate Browsing starts

Turn off collection of InPrivate Filtering data

Turn off InPrivate Browsing

Turn off InPrivate Filtering

Turn off Tracking Protection

Security Features

Add-on Management

Add-on List

All Processes

Deny all add-ons unless specifically allowed in the Add-on List

Process List

Remove "Run this time" button for outdated ActiveX controls in Internet Explorer

Turn off automatic download of the ActiveX VersionList

Turn off blocking of outdated ActiveX controls for Internet Explorer

Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains

Turn on ActiveX control logging in Internet Explorer

Allow native XMLHTTP support

Change the maximum number of connections per host (HTTP 1.1)

Maximum number of connections per server (HTTP 1.0)

Set the maximum number of WebSocket connections per server

Turn off cross-document messaging

Turn off the WebSocket Object

Turn off the XDomainRequest object

Binary Behavior Security Restriction

Admin-approved behaviors

All Processes

Install binaries signed by MD2 and MD4 signing technologies

Process List

Consistent Mime Handling

All Processes

Process List

Local Machine Zone Lockdown Security

All Processes

Process List

Mime Sniffing Safety Feature

All Processes

Process List

MK Protocol Security Restriction

All Processes

Process List

Network Protocol Lockdown

Restricted Protocols Per Security Zone

Internet Zone Restricted Protocols

Intranet Zone Restricted Protocols

Local Machine Zone Restricted Protocols

Restricted Sites Zone Restricted Protocols

Trusted Sites Zone Restricted Protocols

All Processes

Process List

Notification bar

All Processes

Process List

Object Caching Protection

All Processes

Process List

Protection From Zone Elevation

All Processes

Process List

Restrict ActiveX Install

All Processes

Process List

Restrict File Download

All Processes

Process List

Scripted Window Security Restrictions

All Processes

Process List

Do not display the reveal password button

Turn off Data URI support

Configure Toolbar Buttons

Customize command labels

Disable customizing browser toolbar buttons

Disable customizing browser toolbars

Display tabs on a separate row

Hide the Command bar

Hide the status bar

Lock all toolbars

Lock location of Stop and Refresh buttons

Turn off Developer Tools

Turn off toolbar upgrade tool

Use large icons for command buttons

Add a specific list of search providers to the user's list of search providers

Allow "Save Target As" in Internet Explorer mode

Allow Internet Explorer 8 shutdown behavior

Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar

Automatically activate newly installed add-ons

Configure Media Explorer Bar

Configure Outlook Express

Configure which channel of Microsoft Edge to use for opening redirected sites

Customize user agent string

Disable AutoComplete for forms

Disable caching of Auto-Proxy scripts

Disable changing accessibility settings

Disable changing Advanced page settings

Disable changing Automatic Configuration settings

Disable changing Calendar and Contact settings

Disable changing certificate settings

Disable changing color settings

Disable changing connection settings

Disable changing default browser check

Disable changing font settings

Disable changing home page settings

Disable changing language settings

Disable changing link color settings

Disable changing Messaging settings

Disable changing Profile Assistant settings

Disable changing ratings settings

Disable changing secondary home page settings

Disable changing Temporary Internet files settings

Disable external branding of Internet Explorer

Disable Import/Export Settings wizard

Disable Internet Connection wizard

Disable Internet Explorer 11 as a standalone browser

Disable the Reset Web Settings feature

Display error message on proxy script download failure

Do not allow users to enable or disable add-ons

Enable extended hot keys in Internet Explorer mode

Enable global window list in Internet Explorer mode

Enforce full-screen mode

Hide Internet Explorer 11 retirement notification

Identity Manager: Prevent users from using Identities

Keep all intranet sites in Internet Explorer

Let users turn on and use Enterprise Mode from the Tools menu

Limit Site Discovery output by Domain

Limit Site Discovery output by Zone

Notify users if Internet Explorer is not the default web browser

Pop-up allow list

Position the menu bar above the navigation bar

Prevent "Fix settings" functionality

Prevent access to Internet Explorer Help

Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet

Prevent bypassing SmartScreen Filter warnings

Prevent changing pop-up filter level

Prevent changing proxy settings

Prevent changing the default search provider

Prevent configuration of how windows open

Prevent configuration of new tab creation

Prevent Internet Explorer Search box from appearing

Prevent managing pop-up exception list

Prevent managing SmartScreen Filter

Prevent managing the phishing filter

Prevent participation in the Customer Experience Improvement Program

Prevent per-user installation of ActiveX controls

Prevent running First Run wizard

Reset zoom to default for HTML dialogs in Internet Explorer mode

Restrict search providers to a specific list

Search: Disable Find Files via F3 within the browser

Search: Disable Search Customization

Send all sites not included in the Enterprise Mode Site List to Microsoft Edge.

Set tab process growth

Show message when opening sites in Microsoft Edge using Enterprise Mode

Specify default behavior for a new tab

Specify use of ActiveX Installer Service for installation of ActiveX controls

Turn off ability to pin sites in Internet Explorer on the desktop

Turn off ActiveX Opt-In prompt

Turn off add-on performance notifications

Turn off Automatic Crash Recovery

Turn off browser geolocation

Turn off configuration of pop-up windows in tabbed browsing

Turn off Crash Detection

Turn off Favorites bar

Turn off Managing SmartScreen Filter for Internet Explorer 8

Turn off page-zooming functionality

Turn off pop-up management

Turn off Quick Tabs functionality

Turn off Reopen Last Browsing Session

Turn off suggestions for all user-installed providers

Turn off tabbed browsing

Turn off Tab Grouping

Turn off the auto-complete feature for web addresses

Turn off the quick pick menu

Turn off the Security Settings Check feature

Turn on ActiveX Filtering

Turn on compatibility logging

Turn on menu bar by default

Turn on Site Discovery WMI output

Turn on Site Discovery XML output

Turn on Suggested Sites

Turn on the auto-complete feature for user names and passwords on forms

Use Automatic Detection for dial-up connections

Use the Enterprise Mode IE website list

Location and Sensors

Turn off location

Turn off location scripting

Turn off sensors

Microsoft Edge

Allow Address bar drop-down list suggestions

Allow Adobe Flash

Allow a shared Books folder

Allow clearing browsing data on exit

Allow configuration updates for the Books Library

Allow Developer Tools

Allow extended telemetry for the Books tab

Allow Extensions

Allow FullScreen Mode

Allow InPrivate browsing

Allow Microsoft Compatibility List

Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed

Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed

Allow printing

Allow Saving History

Allow search engine customization

Allow Sideloading of extension

Allow web content on New Tab page

Always show the Books Library in Microsoft Edge

Configure additional search engines

Configure Autofill

Configure cookies

Configure Do Not Track

Configure Favorites Bar

Configure Favorites

Configure Home Button

Configure kiosk mode

Configure kiosk reset after idle timeout

Configure Open Microsoft Edge With

Configure Password Manager

Configure Pop-up Blocker

Configure search suggestions in Address bar

Configure Start pages

Configure the Adobe Flash Click-to-Run setting

Configure the Enterprise Mode Site List

Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed

Disable lockdown of Start pages

For PDF files that have both landscape and portrait pages, print each in its own orientation.

Keep favorites in sync between Internet Explorer and Microsoft Edge

Prevent access to the about:flags page in Microsoft Edge

Prevent bypassing Windows Defender SmartScreen prompts for files

Prevent bypassing Windows Defender SmartScreen prompts for sites

Prevent certificate error overrides

Prevent changes to Favorites on Microsoft Edge

Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start

Prevent the First Run webpage from opening on Microsoft Edge

Prevent turning off required extensions

Prevent using Localhost IP address for WebRTC

Provision Favorites

Send all intranet sites to Internet Explorer 11

Set default search engine

Set Home Button URL

Set New Tab page URL

Show message when opening sites in Internet Explorer

Suppress the display of Edge Deprecation Notification

Unlock Home Button

Microsoft Management Console

Restricted/Permitted snap-ins

Extension snap-ins

AppleTalk Routing

Authorization Manager

Certification Authority Policy Settings

Connection Sharing (NAT)

DCOM Configuration Extension

Device Manager

DFS Management Extension

DHCP Relay Management

Disk Management Extension

Event Viewer (Windows Vista)

Event Viewer

Extended View (Web View)

File Server Resource Manager Extension

IAS Logging

IGMP Routing

IP Routing

IPX RIP Routing

IPX Routing

IPX SAP Routing

Logical and Mapped Drives

OSPF Routing

Public Key Policies

RAS Dialin - User Node

Remote Access

Removable Storage

RIP Routing

Routing

Send Console Message

Service Dependencies

Share and Storage Management Extension

Shared Folders Ext

SMTP Protocol

Storage Manager for SANS Extension

System Properties

Group Policy

Group Policy snap-in extensions

Administrative Templates (Computers)

Administrative Templates (Users)

Folder Redirection

Internet Explorer Maintenance

IP Security Policy Management

NAP Client Configuration

Remote Installation Services

Scripts (Logon/Logoff)

Scripts (Startup/Shutdown)

Security Settings

Software Installation (Computers)

Software Installation (Users)

Windows Firewall with Advanced Security

Wired Network (IEEE 802.3) Policies

Wireless Network (IEEE 802.11) Policies

Preference snap-in extensions

Permit use of Application snap-ins

Permit use of Applications preference extension

Permit use of Control Panel Settings (Computers)

Permit use of Control Panel Settings (Users)

Permit use of Data Sources preference extension

Permit use of Devices preference extension

Permit use of Drive Maps preference extension

Permit use of Environment preference extension

Permit use of Files preference extension

Permit use of Folder Options preference extension

Permit use of Folders preference extension

Permit use of Ini Files preference extension

Permit use of Internet Settings preference extension

Permit use of Local Users and Groups preference extension

Permit use of Network Options preference extension

Permit use of Network Shares preference extension

Permit use of Power Options preference extension

Permit use of Preferences tab

Permit use of Printers preference extension

Permit use of Regional Options preference extension

Permit use of Registry preference extension

Permit use of Scheduled Tasks preference extension

Permit use of Services preference extension

Permit use of Shortcuts preference extension

Permit use of Start Menu preference extension

Resultant Set of Policy snap-in extensions

Administrative Templates (Computers)

Administrative Templates (Users)

Folder Redirection

Internet Explorer Maintenance

Scripts (Logon/Logoff)

Scripts (Startup/Shutdown)

Security Settings

Software Installation (Computers)

Software Installation (Users)

Group Policy Management Editor

Group Policy Management

Group Policy Object Editor

Group Policy Starter GPO Editor

Group Policy tab for Active Directory Tools

Resultant Set of Policy snap-in

.Net Framework Configuration

Active Directory Domains and Trusts

Active Directory Sites and Services

Active Directory Users and Computers

ActiveX Control

ADSI Edit

Certificates

Certificate Templates

Certification Authority

Component Services

Computer Management

Device Manager

DFS Management

Disk Defragmenter

Disk Management

Distributed File System

Enterprise PKI

Event Viewer (Windows Vista)

Event Viewer

Failover Clusters Manager

FAX Service

File Server Resource Manager

FrontPage Server Extensions

Health Registration Authority (HRA)

Indexing Service

Internet Authentication Service (IAS)

Internet Information Services

IP Security Monitor

IP Security Policy Management

Link to Web Address

Local Users and Groups

NAP Client Configuration

Network Policy Server (NPS)

Online Responder

Performance Logs and Alerts

QoS Admission Control

Remote Desktop Services Configuration

Remote Desktops

Removable Storage Management

Routing and Remote Access

Security Configuration and Analysis

Security Templates

Server Manager

Services

Share and Storage Management

Shared Folders

Storage Manager for SANs

System Information

Telephony

TPM Management

Windows Firewall with Advanced Security

Wireless Monitor

WMI Control

Restrict the user from entering author mode

Restrict users to the explicitly permitted list of snap-ins

Microsoft User Experience Virtualization

Applications

Access 2013 backup only

Access 2016 backup only

Calculator

Common 2013 backup only

Common 2016 backup only

Excel 2013 backup only

Excel 2016 backup only

InfoPath 2013 backup only

Internet Explorer 8

Internet Explorer 9

Internet Explorer 10

Internet Explorer 11

Internet Explorer Common Settings

Lync 2013 backup only

Lync 2016 backup only

Microsoft Access 2010

Microsoft Access 2013

Microsoft Access 2016

Microsoft Excel 2010

Microsoft Excel 2013

Microsoft Excel 2016

Microsoft InfoPath 2010

Microsoft InfoPath 2013

Microsoft Lync 2010

Microsoft Lync 2013

Microsoft Lync 2016

Microsoft Office 365 Access 2013

Microsoft Office 365 Access 2016

Microsoft Office 365 Common 2013

Microsoft Office 365 Common 2016

Microsoft Office 365 Excel 2013

Microsoft Office 365 Excel 2016

Microsoft Office 365 InfoPath 2013

Microsoft Office 365 Lync 2013

Microsoft Office 365 Lync 2016

Microsoft Office 365 OneNote 2013

Microsoft Office 365 OneNote 2016

Microsoft Office 365 Outlook 2013

Microsoft Office 365 Outlook 2016

Microsoft Office 365 PowerPoint 2013

Microsoft Office 365 PowerPoint 2016

Microsoft Office 365 Project 2013

Microsoft Office 365 Project 2016

Microsoft Office 365 Publisher 2013

Microsoft Office 365 Publisher 2016

Microsoft Office 365 SharePoint Designer 2013

Microsoft Office 365 Visio 2013

Microsoft Office 365 Visio 2016

Microsoft Office 365 Word 2013

Microsoft Office 365 Word 2016

Microsoft Office 2010 Common Settings

Microsoft Office 2013 Common Settings

Microsoft Office 2013 Upload Center

Microsoft Office 2016 Common Settings

Microsoft Office 2016 Upload Center

Microsoft OneDrive for Business 2013

Microsoft OneDrive for Business 2016

Microsoft OneNote 2010

Microsoft OneNote 2013

Microsoft OneNote 2016

Microsoft Outlook 2010

Microsoft Outlook 2013

Microsoft Outlook 2016

Microsoft PowerPoint 2010

Microsoft PowerPoint 2013

Microsoft PowerPoint 2016

Microsoft Project 2010

Microsoft Project 2013

Microsoft Project 2016

Microsoft Publisher 2010

Microsoft Publisher 2013

Microsoft Publisher 2016

Microsoft SharePoint Designer 2010

Microsoft SharePoint Designer 2013

Microsoft SharePoint Workspace 2010

Microsoft Visio 2010

Microsoft Visio 2013

Microsoft Visio 2016

Microsoft Word 2010

Microsoft Word 2013

Microsoft Word 2016

Notepad

OneNote 2013 backup only

OneNote 2016 backup only

Outlook 2013 backup only

Outlook 2016 backup only

PowerPoint 2013 backup only

PowerPoint 2016 backup only

Project 2013 backup only

Project 2016 backup only

Publisher 2013 backup only

Publisher 2016 backup only

SharePoint Designer 2013 backup only

Visio 2013 backup only

Visio 2016 backup only

Word 2013 backup only

Word 2016 backup only

WordPad

Windows Apps

Finance

Games

Music

Reader

Sports

Travel

Video

Weather

Configure Sync Method

Do not synchronize Windows Apps

Ping the settings storage location before sync

Settings package size warning threshold

Settings storage path

Synchronization timeout

Synchronize Windows settings

Sync settings over metered connections even when roaming

Sync settings over metered connections

Use User Experience Virtualization (UE-V)

VDI Configuration

Multitasking

Configure the inclusion of Microsoft Edge tabs into Alt-Tab

NetMeeting

Application Sharing

Disable application Sharing

Prevent Application Sharing in true color

Prevent Control

Prevent Desktop Sharing

Prevent Sharing Command Prompts

Prevent Sharing Explorer windows

Prevent Sharing

Audio & Video

Disable Audio

Disable full duplex Audio

Limit the bandwidth of Audio and Video

Prevent changing DirectSound Audio setting

Prevent receiving Video

Prevent sending Video

Options Page

Disable the Advanced Calling button

Hide the Audio page

Hide the General page

Hide the Security page

Hide the Video page

Allow persisting automatic acceptance of Calls

Disable Chat

Disable Directory services

Disable NetMeeting 2.x Whiteboard

Disable Whiteboard

Enable Automatic Configuration

Limit the size of sent files

Prevent adding Directory servers

Prevent automatic acceptance of Calls

Prevent changing Call placement method

Prevent receiving files

Prevent sending files

Prevent viewing Web directory

Set Call Security options

Set the intranet support Web page

Network Sharing

Prevent users from sharing files within their profile.

Don't launch privacy settings experience on user logon

Presentation Settings

Turn off Windows presentation settings

Remote Desktop Services

RD Gateway

Enable connection through RD Gateway

Set RD Gateway authentication method

Set RD Gateway server address

RemoteApp and Desktop Connections

Specify default connection URL

Remote Desktop Connection Client

Allow .rdp files from unknown publishers

Allow .rdp files from valid publishers and user's default .rdp settings

Do not allow passwords to be saved

Specify SHA1 thumbprints of certificates representing trusted .rdp publishers

Remote Desktop Session Host

Connections

Set rules for remote control of Remote Desktop Services user sessions

Device and Resource Redirection

Allow time zone redirection

Do not allow Clipboard redirection

Printer Redirection

Redirect only the default client printer

Use Remote Desktop Easy Print printer driver first

Remote Session Environment

Always show desktop on connection

Remove remote desktop wallpaper

Start a program on connection

Session Time Limits

End session when time limits are reached

Set time limit for active but idle Remote Desktop Services sessions

Set time limit for active Remote Desktop Services sessions

Set time limit for disconnected sessions

Set time limit for logoff of RemoteApp sessions

Prevent access to feed list

Prevent automatic discovery of feeds and Web Slices

Prevent downloading of enclosures

Prevent subscribing to or deleting a feed or a Web Slice

Turn off background synchronization for feeds and Web Slices

Turn on Basic feed authentication over HTTP

Default excluded paths

Default indexed paths

Prevent adding UNC locations to index from Control Panel

Prevent customization of indexed locations in Control Panel

Prevent indexing certain paths

Turn off storage and display of search history

Sound Recorder

Do not allow Sound Recorder to run

Store

Only display the private store within the Microsoft Store

Turn off the offer to update to the latest version of Windows

Turn off the Store application

Tablet PC

Accessories

Do not allow Inkball to run

Do not allow printing to Journal Note Writer

Do not allow Snipping Tool to run

Do not allow Windows Journal to be run

Cursors

Turn off pen feedback

Hardware Buttons

Prevent Back-ESC mapping

Prevent launch an application

Prevent press and hold

Turn off hardware buttons

Input Panel

Disable text prediction

For tablet pen input, don't show the Input Panel icon

For touch input, don't show the Input Panel icon

Include rarely used Chinese, Kanji, or Hanja characters

Prevent Input Panel tab from appearing

Turn off AutoComplete integration with Input Panel

Turn off password security in Input Panel

Turn off tolerant and Z-shaped scratch-out gestures

Pen Flicks Learning

Prevent Flicks Learning Mode

Pen UX Behaviors

Prevent flicks

Tablet PC Pen Training

Turn off Tablet PC Pen Training

Touch Input

Turn off Tablet PC touch input

Turn off Touch Panning

Hide Advanced Properties Checkbox in Add Scheduled Task Wizard

Hide Property Pages

Prevent Task Run or End

Prohibit Browse

Prohibit Drag-and-Drop

Prohibit New Task Creation

Prohibit Task Deletion

Windows Calendar

Turn off Windows Calendar

Windows Color System

Prohibit installing or uninstalling color profiles

Windows Defender SmartScreen

Microsoft Edge