Administrative Vorlagen in Intune – inkl. Liste

Intune ADM Template

Listen der Gerätebezogenen Policies

Da ich ja Listen versprochen habe, hier sind diese, sortiert nach Themen.

App-V

Setting Name Path
Enable App-V Client\System\App-V
Enable Migration Mode\System\App-V\Client Coexistence
Integration Root Global\System\App-V\Integration
Integration Root User\System\App-V\Integration
Roaming File Exclusions\System\App-V\Integration
Roaming Registry Exclusions\System\App-V\Integration
Enable automatic cleanup of unused appv packages\System\App-V\PackageManagement
Enable Publishing Refresh UX\System\App-V\Publishing
Publishing Server 1 Settings\System\App-V\Publishing
Publishing Server 2 Settings\System\App-V\Publishing
Publishing Server 3 Settings\System\App-V\Publishing
Publishing Server 4 Settings\System\App-V\Publishing
Publishing Server 5 Settings\System\App-V\Publishing
Reporting Server\System\App-V\Reporting
Enable Package Scripts\System\App-V\Scripting
Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection\System\App-V\Streaming
Certificate Filter For Client SSL\System\App-V\Streaming
Enable Support for BranchCache\System\App-V\Streaming
Location Provider\System\App-V\Streaming
Package Installation Root\System\App-V\Streaming
Package Source Root\System\App-V\Streaming
Reestablishment Interval\System\App-V\Streaming
Reestablishment Retries\System\App-V\Streaming
Shared Content Store (SCS) mode\System\App-V\Streaming
Specify what to load in background (aka AutoLoad)\System\App-V\Streaming
Verify certificate revocation list\System\App-V\Streaming
Enable Dynamic Virtualization\System\App-V\Virtualization
Virtual Component Process Allow List\System\App-V\Virtualization

Edge

Setting Name Path
Ads setting for sites with intrusive ads\Microsoft Edge
Allow download restrictions\Microsoft Edge
Allow file selection dialogs\Microsoft Edge
Allow full screen mode\Microsoft Edge
Allow Google Cast to connect to Cast devices on all IP addresses\Microsoft Edge
Allow importing of autofill form data\Microsoft Edge
Allow importing of browser settings\Microsoft Edge
Allow importing of browsing history\Microsoft Edge
Allow importing of favorites\Microsoft Edge
Allow importing of home page settings\Microsoft Edge
Allow importing of payment info\Microsoft Edge
Allow importing of saved passwords\Microsoft Edge
Allow importing of search engine settings\Microsoft Edge
Allow managed extensions to use the Enterprise Hardware Platform API\Microsoft Edge
Allow media autoplay for websites\Microsoft Edge
Allow or block audio capture\Microsoft Edge
Allow or block video capture\Microsoft Edge
Allow queries to a Browser Network Time service\Microsoft Edge
Allow QUIC protocol\Microsoft Edge
Allow or block video capture\Microsoft Edge
Allow queries to a Browser Network Time service\Microsoft Edge
Allow QUIC protocol\Microsoft Edge
Allow user feedback\Microsoft Edge
Allow users to open files using the ClickOnce protocol\Microsoft Edge
Allow users to open files using the DirectInvoke protocol\Microsoft Edge
Allow users to proceed from the SSL warning page\Microsoft Edge
Allow WebDriver to Override Incompatible Policies\Microsoft Edge
Allows a page to show popups during its unloading\Microsoft Edge
Allows users to edit favorites\Microsoft Edge
Always open PDF files externally\Microsoft Edge
Ask where to save downloaded files\Microsoft Edge
Automatically import another browser’s data and settings at first run\Microsoft Edge
Block access to a list of URLs\Microsoft Edge
Block third party cookies\Microsoft Edge
Block tracking of users‘ web-browsing activity\Microsoft Edge
Browser sign-in settings\Microsoft Edge
Clear browsing data when Microsoft Edge closes\Microsoft Edge
Configure Do Not Track\Microsoft Edge
Configure favorites\Microsoft Edge
Configure InPrivate mode availability\Microsoft Edge
Configure Internet Explorer integration\Microsoft Edge
Configure Online Text To Speech\Microsoft Edge
Configure tab lifecycles\Microsoft Edge
Configure the Enterprise Mode Site List\Microsoft Edge
Configure tracking prevention exceptions for specific sites\Microsoft Edge
Continue running background apps after Microsoft Edge closes\Microsoft Edge
Control communication with the Experimentation and Configuration Service\Microsoft Edge
Control where developer tools can be used\Microsoft Edge
Control where security restrictions on insecure origins apply\Microsoft Edge
Define a list of allowed URLs\Microsoft Edge
Disable Certificate Transparency enforcement for a list of legacy certificate authorities\Microsoft Edge
Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes\Microsoft Edge
Disable Certificate Transparency enforcement for specific URLs\Microsoft Edge
Disable saving browser history\Microsoft Edge
Disable support for 3D graphics APIs\Microsoft Edge
Disable synchronization of data using Microsoft sync services\Microsoft Edge
Disable taking screenshots\Microsoft Edge
Enable a non-removable default sign-in profile\Microsoft Edge
Enable AutoFill for addresses\Microsoft Edge
Enable AutoFill for credit cards\Microsoft Edge
Enable component updates in Microsoft Edge\Microsoft Edge
Enable deleting browser and download history\Microsoft Edge
Enable Domain Actions Download from Microsoft\Microsoft Edge
Enable ending processes in the Browser task manager\Microsoft Edge
Enable favorites bar\Microsoft Edge
Enable full-tab promotional content\Microsoft Edge
Enable guest mode\Microsoft Edge
Enable network prediction\Microsoft Edge
Enable online OCSP/CRL checks\Microsoft Edge
Enable Proactive Authentication\Microsoft Edge
Enable profile creation from the Identity flyout menu or the Settings page\Microsoft Edge
Enable renderer code integrity\Microsoft Edge
Enable resolution of navigation errors using a web service\Microsoft Edge
Enable search suggestions\Microsoft Edge
Enable security warnings for command-line flags\Microsoft Edge
Enable Signed HTTP Exchange (SXG) support\Microsoft Edge
Enable site isolation for every site\Microsoft Edge
Enable site isolation for specific origins\Microsoft Edge
Enable specific spellcheck languages\Microsoft Edge
Enable spellcheck\Microsoft Edge
Enable the Collections feature\Microsoft Edge
Enable Translate\Microsoft Edge
Enable usage and crash-related data reporting\Microsoft Edge
Enable use of ephemeral profiles\Microsoft Edge
Enforce Bing SafeSearch\Microsoft Edge
Enforce Google SafeSearch\Microsoft Edge
Extend Adobe Flash content setting to all content\Microsoft Edge
Force disable spellcheck languages\Microsoft Edge
Force minimum YouTube Restricted Mode\Microsoft Edge
Force networking code to run in the browser process\Microsoft Edge
Forces direct intranet site navigation instead of searching on single word entries in the Address Bar.\Microsoft Edge
Manage Search Engines\Microsoft Edge
Maximum number of concurrent connections to the proxy server\Microsoft Edge
Minimum SSL version enabled\Microsoft Edge
Notify a user that a browser restart is recommended or required for pending updates\Microsoft Edge
Re-enable deprecated web platform features for a limited time\Microsoft Edge
Restrict exposure of localhost IP address by WebRTC\Microsoft Edge
Restrict the range of local UDP ports used by WebRTC\Microsoft Edge
Restrict which accounts can be used as Microsoft Edge primary accounts\Microsoft Edge
Send all intranet sites to Internet Explorer\Microsoft Edge
Send site information to improve Microsoft services\Microsoft Edge
Set application locale\Microsoft Edge
Set disk cache directory\Microsoft Edge
Set disk cache size, in bytes\Microsoft Edge
Set download directory\Microsoft Edge
Set Microsoft Edge as default browser\Microsoft Edge
Set the time period for update notifications\Microsoft Edge
Set the user data directory\Microsoft Edge
Set WPAD optimization\Microsoft Edge
Show Microsoft Office shortcut in favorites bar\Microsoft Edge
Sites that can access audio capture devices without requesting permission\Microsoft Edge
Sites that can access video capture devices without requesting permission\Microsoft Edge
Specify if online OCSP/CRL checks are required for local trust anchors\Microsoft Edge
Suppress the unsupported OS warning\Microsoft Edge
Use built-in DNS client\Microsoft Edge
Use hardware acceleration when available\Microsoft Edge
Websites or domains that don’t need permission to use direct Security Key attestation\Microsoft Edge
Allow download restrictions\Microsoft Edge – Default Settings (users can override)
Allow importing of autofill form data\Microsoft Edge – Default Settings (users can override)
Allow importing of browser settings\Microsoft Edge – Default Settings (users can override)
Allow importing of browsing history\Microsoft Edge – Default Settings (users can override)
Allow importing of favorites\Microsoft Edge – Default Settings (users can override)
Allow importing of payment info\Microsoft Edge – Default Settings (users can override)
Allow importing of saved passwords\Microsoft Edge – Default Settings (users can override)
Allow importing of search engine settings\Microsoft Edge – Default Settings (users can override)
Block third party cookies\Microsoft Edge – Default Settings (users can override)
Clear browsing data when Microsoft Edge closes\Microsoft Edge – Default Settings (users can override)
Continue running background apps after Microsoft Edge closes\Microsoft Edge – Default Settings (users can override)
Disable synchronization of data using Microsoft sync services\Microsoft Edge – Default Settings (users can override)
Enable AutoFill for addresses\Microsoft Edge – Default Settings (users can override)
Enable AutoFill for credit cards\Microsoft Edge – Default Settings (users can override)
Enable favorites bar\Microsoft Edge – Default Settings (users can override)
Enable network prediction\Microsoft Edge – Default Settings (users can override)
Enable resolution of navigation errors using a web service\Microsoft Edge – Default Settings (users can override)
Enable search suggestions\Microsoft Edge – Default Settings (users can override)
Enable Translate\Microsoft Edge – Default Settings (users can override)
Set application locale\Microsoft Edge – Default Settings (users can override)
Set download directory\Microsoft Edge – Default Settings (users can override)
Register protocol handlers\Microsoft Edge – Default Settings (users can override)\Content settings
Enable saving passwords to the password manager\Microsoft Edge – Default Settings (users can override)\Password manager and protection
Print headers and footers\Microsoft Edge – Default Settings (users can override)\Printing
Set the system default printer as the default printer\Microsoft Edge – Default Settings (users can override)\Printing
Configure Microsoft Defender SmartScreen\Microsoft Edge – Default Settings (users can override)\SmartScreen settings
Configure Microsoft Defender SmartScreen for trusted downloads\Microsoft Edge – Default Settings (users can override)\SmartScreen settings
Action to take on startup\Microsoft Edge – Default Settings (users can override)\Startup, home page and new tab page
Configure the home page URL\Microsoft Edge – Default Settings (users can override)\Startup, home page and new tab page
Configure the new tab page URL\Microsoft Edge – Default Settings (users can override)\Startup, home page and new tab page
Set the new tab page as the home page\Microsoft Edge – Default Settings (users can override)\Startup, home page and new tab page
Show Home button on toolbar\Microsoft Edge – Default Settings (users can override)\Startup, home page and new tab page
Sites to open when the browser starts\Microsoft Edge – Default Settings (users can override)\Startup, home page and new tab page
Allow installation default\Microsoft Edge Update\Microsoft Edge Update\Applications
Allow Microsoft Edge Side by Side browser experience\Microsoft Edge Update\Microsoft Edge Update\Applications
Update policy override default\Microsoft Edge Update\Microsoft Edge Update\Applications
Allow installation\Microsoft Edge Update\Microsoft Edge Update\Applications\Microsoft Edge
Update policy override\Microsoft Edge Update\Microsoft Edge Update\Applications\Microsoft Edge
Allow installation\Microsoft Edge Update\Microsoft Edge Update\Applications\Microsoft Edge Beta
Update policy override\Microsoft Edge Update\Microsoft Edge Update\Applications\Microsoft Edge Beta
Allow installation\Microsoft Edge Update\Microsoft Edge Update\Applications\Microsoft Edge Canary
Update policy override\Microsoft Edge Update\Microsoft Edge Update\Applications\Microsoft Edge Canary
Allow installation\Microsoft Edge Update\Microsoft Edge Update\Applications\Microsoft Edge Dev
Update policy override\Microsoft Edge Update\Microsoft Edge Update\Applications\Microsoft Edge Dev
Auto-update check period override\Microsoft Edge Update\Microsoft Edge Update\Preferences
Time period in each day to suppress auto-update check\Microsoft Edge Update\Microsoft Edge Update\Preferences
Address or URL of proxy server\Microsoft Edge Update\Microsoft Edge Update\Proxy Server
Choose how to specify proxy server settings\Microsoft Edge Update\Microsoft Edge Update\Proxy Server
URL to a proxy .pac file\Microsoft Edge Update\Microsoft Edge Update\Proxy Server
Enable Google Cast\Microsoft Edge\Cast
Show the cast icon in the toolbar\Microsoft Edge\Cast
Allow cookies on specific sites\Microsoft Edge\Content settings
Allow images on these sites\Microsoft Edge\Content settings
Allow JavaScript on specific sites\Microsoft Edge\Content settings
Allow notifications on specific sites\Microsoft Edge\Content settings
Allow pop-up windows on specific sites\Microsoft Edge\Content settings
Allow pop-up windows on specific sites\Microsoft Edge\Content settings
Allow the Adobe Flash plug-in on specific sites\Microsoft Edge\Content settings
Allow WebUSB on specific sites\Microsoft Edge\Content settings
Automatically select client certificates for these sites\Microsoft Edge\Content settings
Block cookies on specific sites\Microsoft Edge\Content settings
Block images on specific sites\Microsoft Edge\Content settings
Block JavaScript on specific sites\Microsoft Edge\Content settings
Block notifications on specific sites\Microsoft Edge\Content settings
Block pop-up windows on specific sites\Microsoft Edge\Content settings
Block the Adobe Flash plug-in on specific sites\Microsoft Edge\Content settings
Block WebUSB on specific sites\Microsoft Edge\Content settings
Configure cookies\Microsoft Edge\Content settings
Control use of the Web Bluetooth API\Microsoft Edge\Content settings
Control use of the WebUSB API\Microsoft Edge\Content settings
Default Adobe Flash setting\Microsoft Edge\Content settings
Default geolocation setting\Microsoft Edge\Content settings
Default images setting\Microsoft Edge\Content settings
Default JavaScript setting\Microsoft Edge\Content settings
Default notification setting\Microsoft Edge\Content settings
Default pop-up window setting\Microsoft Edge\Content settings
Grant access to specific sites to connect to specific USB devices\Microsoft Edge\Content settings
Limit cookies from specific websites to the current session\Microsoft Edge\Content settings
Default search provider encodings\Microsoft Edge\Default search provider
Default search provider keyword\Microsoft Edge\Default search provider
Default search provider name\Microsoft Edge\Default search provider
Default search provider search URL\Microsoft Edge\Default search provider
Default search provider URL for suggestions\Microsoft Edge\Default search provider
Enable the default search provider\Microsoft Edge\Default search provider
Parameters for an image URL that uses POST\Microsoft Edge\Default search provider
Specifies the search-by-image feature for the default search provider\Microsoft Edge\Default search provider
Allow specific extensions to be installed\Microsoft Edge\Extensions
Configure allowed extension types\Microsoft Edge\Extensions
Configure extension and user script install sources\Microsoft Edge\Extensions
Configure extension management settings\Microsoft Edge\Extensions
Control which extensions are installed silently\Microsoft Edge\Extensions
Control which extensions cannot be installed\Microsoft Edge\Extensions
Allow cross-origin HTTP Basic Auth prompts\Microsoft Edge\HTTP authentication
Configure list of allowed authentication servers\Microsoft Edge\HTTP authentication
Disable CNAME lookup when negotiating Kerberos authentication\Microsoft Edge\HTTP authentication
Include non-standard port in Kerberos SPN\Microsoft Edge\HTTP authentication
Specifies a list of servers that Microsoft Edge can delegate user credentials to\Microsoft Edge\HTTP authentication
Supported authentication schemes\Microsoft Edge\HTTP authentication
Allow user-level native messaging hosts (installed without admin permissions)\Microsoft Edge\Native Messaging
Configure native messaging block list\Microsoft Edge\Native Messaging
Control which native messaging hosts users can use\Microsoft Edge\Native Messaging
Configure password protection warning trigger\Microsoft Edge\Password manager and protection
Configure the change password URL\Microsoft Edge\Password manager and protection
Configure the list of enterprise login URLs where password protection service should capture fingerprint of password\Microsoft Edge\Password manager and protection
Enable saving passwords to the password manager\Microsoft Edge\Password manager and protection
Default printer selection rules\Microsoft Edge\Printing
Enable printing\Microsoft Edge\Printing
Print headers and footers\Microsoft Edge\Printing
Print using system print dialog\Microsoft Edge\Printing
Set the system default printer as the default printer\Microsoft Edge\Printing
Configure address or URL of proxy server\Microsoft Edge\Proxy server
Configure proxy bypass rules\Microsoft Edge\Proxy server
Configure proxy server settings\Microsoft Edge\Proxy server
Proxy settings\Microsoft Edge\Proxy server
Set the proxy .pac file URL\Microsoft Edge\Proxy server
Configure Microsoft Defender SmartScreen\Microsoft Edge\SmartScreen settings
Configure Microsoft Defender SmartScreen for trusted downloads\Microsoft Edge\SmartScreen settings
Configure the list of domains for which SmartScreen won’t trigger warnings\Microsoft Edge\SmartScreen settings
Prevent bypassing Microsoft Defender SmartScreen prompts for sites\Microsoft Edge\SmartScreen settings
Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads\Microsoft Edge\SmartScreen settings
Action to take on startup\Microsoft Edge\Startup, home page and new tab page
Configure the home page URL\Microsoft Edge\Startup, home page and new tab page
Configure the new tab page URL\Microsoft Edge\Startup, home page and new tab page
Hide the default top sites from the new tab page\Microsoft Edge\Startup, home page and new tab page
Set the new tab page as the home page\Microsoft Edge\Startup, home page and new tab page
Show Home button on toolbar\Microsoft Edge\Startup, home page and new tab page
Sites to open when the browser starts\Microsoft Edge\Startup, home page and new tab page

Error Reporting

Setting NamePath
Disable Windows Error Reporting\Windows Components\Windows Error Reporting
Display Error Notification\Windows Components\Windows Error Reporting
Do not send additional data\Windows Components\Windows Error Reporting
Prevent display of the user interface for critical errors\Windows Components\Windows Error Reporting
Customize consent settings\Windows Components\Windows Error Reporting\Consent

Internet Explorer

Setting NamePath
Add a specific list of search providers to the user’s list of search providers\Windows Components\Internet Explorer
Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar\Windows Components\Internet Explorer
Disable changing secondary home page settings\Windows Components\Internet Explorer
Disable Periodic Check for Internet Explorer software updates\Windows Components\Internet Explorer
Let users turn on and use Enterprise Mode from the Tools menu\Windows Components\Internet Explorer
Prevent bypassing SmartScreen Filter warnings\Windows Components\Internet Explorer
Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet\Windows Components\Internet Explorer
Prevent changing proxy settings\Windows Components\Internet Explorer
Prevent changing the default search provider\Windows Components\Internet Explorer
Prevent managing SmartScreen Filter\Windows Components\Internet Explorer
Prevent participation in the Customer Experience Improvement Program\Windows Components\Internet Explorer
Prevent per-user installation of ActiveX controls\Windows Components\Internet Explorer
Prevent running First Run wizard\Windows Components\Internet Explorer
Restrict search providers to a specific list\Windows Components\Internet Explorer
Security Zones: Do not allow users to add/delete sites\Windows Components\Internet Explorer
Security Zones: Do not allow users to change policies\Windows Components\Internet Explorer
Security Zones: Use only machine settings\Windows Components\Internet Explorer
Specify default behavior for a new tab\Windows Components\Internet Explorer
Specify use of ActiveX Installer Service for installation of ActiveX controls\Windows Components\Internet Explorer
Turn off browser geolocation\Windows Components\Internet Explorer
Turn off Crash Detection\Windows Components\Internet Explorer
Turn off the auto-complete feature for web addresses\Windows Components\Internet Explorer
Turn off the Security Settings Check feature\Windows Components\Internet Explorer
Turn on ActiveX Filtering\Windows Components\Internet Explorer
Turn on Suggested Sites\Windows Components\Internet Explorer
Use the Enterprise Mode IE website list\Windows Components\Internet Explorer
Turn off Compatibility View\Windows Components\Internet Explorer\Compatibility View
Turn on Internet Explorer Standards Mode for local intranet\Windows Components\Internet Explorer\Compatibility View
Use Policy List of Internet Explorer 7 sites\Windows Components\Internet Explorer\Compatibility View
Allow deleting browsing history on exit\Windows Components\Internet Explorer\Delete Browsing History
Disable „Configuring History“\Windows Components\Internet Explorer\Delete Browsing History
Prevent deleting websites that the user has visited\Windows Components\Internet Explorer\Delete Browsing History
Prevent ignoring certificate errors\Windows Components\Internet Explorer\Internet Control Panel
Allow software to run or install even if the signature is invalid\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Check for server certificate revocation\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Check for signatures on downloaded programs\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Turn off encryption support\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Turn off the flip ahead with page prediction feature\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Turn on Enhanced Protected Mode\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Internet Zone Template\Windows Components\Internet Explorer\Internet Control Panel\Security Page
Intranet Sites: Include all local (intranet) sites not listed in other zones\Windows Components\Internet Explorer\Internet Control Panel\Security Page
Intranet Sites: Include all network paths (UNCs)\Windows Components\Internet Explorer\Internet Control Panel\Security Page
Intranet Zone Template\Windows Components\Internet Explorer\Internet Control Panel\Security Page
Local Machine Zone Template\Windows Components\Internet Explorer\Internet Control Panel\Security Page
Locked-Down Internet Zone Template\Windows Components\Internet Explorer\Internet Control Panel\Security Page
Locked-Down Intranet Zone Template\Windows Components\Internet Explorer\Internet Control Panel\Security Page
Locked-Down Local Machine Zone Template\Windows Components\Internet Explorer\Internet Control Panel\Security Page
Locked-Down Restricted Sites Zone Template\Windows Components\Internet Explorer\Internet Control Panel\Security Page
Locked-Down Trusted Sites Zone Template\Windows Components\Internet Explorer\Internet Control Panel\Security Page
Restricted Sites Zone Template\Windows Components\Internet Explorer\Internet Control Panel\Security Page
Site to Zone Assignment List\Windows Components\Internet Explorer\Internet Control Panel\Security Page
Trusted Sites Zone Template\Windows Components\Internet Explorer\Internet Control Panel\Security Page
Turn on certificate address mismatch warning\Windows Components\Internet Explorer\Internet Control Panel\Security Page
Access data sources across domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Allow cut, copy or paste operations from the clipboard via script\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Allow drag and drop or copy and paste files\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Allow font downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Allow loading of XAML files\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Allow only approved domains to use ActiveX controls without prompt\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Allow only approved domains to use the TDC ActiveX control\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Allow script-initiated windows without size or position constraints\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Allow scripting of Internet Explorer WebBrowser controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Allow script-initiated windows without size or position constraints\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Allow scripting of Internet Explorer WebBrowser controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Allow scriptlets\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Allow updates to status bar via script\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Allow VBScript to run in Internet Explorer\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Automatic prompting for ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Automatic prompting for file downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Don’t run antimalware programs against ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Download signed ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Download unsigned ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Enable dragging of content from different domains across windows\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Enable dragging of content from different domains within a window\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Enable MIME Sniffing\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Include local path when user is uploading files to a server\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Initialize and script ActiveX controls not marked as safe\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Java permissions\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Launching applications and files in an IFRAME\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Logon options\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Navigate windows and frames across different domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Run .NET Framework-reliant components not signed with Authenticode\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Run .NET Framework-reliant components signed with Authenticode\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Show security warning for potentially unsafe files\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Turn on Cross-Site Scripting Filter\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Turn on Protected Mode\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Turn on SmartScreen Filter scan\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Use Pop-up Blocker\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Userdata persistence\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Web sites in less privileged Web content zones can navigate into this zone\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Access data sources across domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Allow font downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Allow scriptlets\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Allow scriptlets\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Automatic prompting for ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Automatic prompting for file downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Don’t run antimalware programs against ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Initialize and script ActiveX controls not marked as safe\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Java permissions\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Navigate windows and frames across different domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Run .NET Framework-reliant components not signed with Authenticode\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Turn on SmartScreen Filter scan\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Userdata persistence\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Web sites in less privileged Web content zones can navigate into this zone\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Access data sources across domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Allow font downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Allow scriptlets\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Allow scriptlets\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Automatic prompting for ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Automatic prompting for file downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Don’t run antimalware programs against ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Initialize and script ActiveX controls not marked as safe\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Java permissions\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Navigate windows and frames across different domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Run .NET Framework-reliant components not signed with Authenticode\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Turn on SmartScreen Filter scan\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Userdata persistence\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Web sites in less privileged Web content zones can navigate into this zone\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Access data sources across domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Allow font downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Allow scriptlets\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Allow scriptlets\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Automatic prompting for ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Automatic prompting for file downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Initialize and script ActiveX controls not marked as safe\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Java permissions\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Navigate windows and frames across different domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Run .NET Framework-reliant components not signed with Authenticode\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Turn on SmartScreen Filter scan\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Userdata persistence\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Web sites in less privileged Web content zones can navigate into this zone\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Access data sources across domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Allow font downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Allow scriptlets\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Allow scriptlets\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Automatic prompting for ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Automatic prompting for file downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Initialize and script ActiveX controls not marked as safe\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Java permissions\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Navigate windows and frames across different domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Run .NET Framework-reliant components not signed with Authenticode\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Turn on SmartScreen Filter scan\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Userdata persistence\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Web sites in less privileged Web content zones can navigate into this zone\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Access data sources across domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Allow font downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Allow scriptlets\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Allow scriptlets\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Automatic prompting for ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Automatic prompting for file downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Initialize and script ActiveX controls not marked as safe\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Java permissions\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Navigate windows and frames across different domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Run .NET Framework-reliant components not signed with Authenticode\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Turn on SmartScreen Filter scan\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Userdata persistence\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Web sites in less privileged Web content zones can navigate into this zone\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Access data sources across domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Allow font downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Allow scriptlets\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Allow scriptlets\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Automatic prompting for ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Automatic prompting for file downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Initialize and script ActiveX controls not marked as safe\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Java permissions\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Navigate windows and frames across different domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Run .NET Framework-reliant components not signed with Authenticode\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Turn on SmartScreen Filter scan\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Userdata persistence\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Web sites in less privileged Web content zones can navigate into this zone\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Access data sources across domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Allow font downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Allow scriptlets\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Allow scriptlets\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Automatic prompting for ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Automatic prompting for file downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Initialize and script ActiveX controls not marked as safe\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Java permissions\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Navigate windows and frames across different domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Run .NET Framework-reliant components not signed with Authenticode\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Turn on SmartScreen Filter scan\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Userdata persistence\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Web sites in less privileged Web content zones can navigate into this zone\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Access data sources across domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow active scripting\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow binary and script behaviors\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow cut, copy or paste operations from the clipboard via script\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow drag and drop or copy and paste files\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow file downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow font downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow loading of XAML files\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow META REFRESH\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow only approved domains to use ActiveX controls without prompt\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow only approved domains to use the TDC ActiveX control\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow script-initiated windows without size or position constraints\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow scripting of Internet Explorer WebBrowser controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow scriptlets\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow script-initiated windows without size or position constraints\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow scripting of Internet Explorer WebBrowser controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow scriptlets\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow updates to status bar via script\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Allow VBScript to run in Internet Explorer\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Automatic prompting for ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Automatic prompting for file downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Don’t run antimalware programs against ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Download signed ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Download unsigned ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Enable dragging of content from different domains across windows\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Enable dragging of content from different domains within a window\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Enable MIME Sniffing\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Include local path when user is uploading files to a server\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Initialize and script ActiveX controls not marked as safe\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Java permissions\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Launching applications and files in an IFRAME\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Logon options\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Navigate windows and frames across different domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Run .NET Framework-reliant components not signed with Authenticode\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Run .NET Framework-reliant components signed with Authenticode\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Run ActiveX controls and plugins\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Script ActiveX controls marked safe for scripting\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Scripting of Java applets\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Show security warning for potentially unsafe files\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Turn on Cross-Site Scripting Filter\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Turn on Protected Mode\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Turn on SmartScreen Filter scan\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Use Pop-up Blocker\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Userdata persistence\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Web sites in less privileged Web content zones can navigate into this zone\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Access data sources across domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Allow font downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Allow scriptlets\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Automatic prompting for ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Automatic prompting for file downloads\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Don’t run antimalware programs against ActiveX controls\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Initialize and script ActiveX controls not marked as safe\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Java permissions\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Navigate windows and frames across different domains\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Run .NET Framework-reliant components not signed with Authenticode\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Turn on SmartScreen Filter scan\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Userdata persistence\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Web sites in less privileged Web content zones can navigate into this zone\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Go to an intranet site for a one-word entry in the Address bar\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing
Turn off InPrivate Browsing\Windows Components\Internet Explorer\Privacy
Allow fallback to SSL 3.0 (Internet Explorer)\Windows Components\Internet Explorer\Security Features
Add-on List\Windows Components\Internet Explorer\Security Features\Add-on Management
Remove „Run this time“ button for outdated ActiveX controls in Internet Explorer\Windows Components\Internet Explorer\Security Features\Add-on Management
Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects\Windows Components\Internet Explorer\Security Features\Add-on Management
Turn off automatic download of the ActiveX VersionList\Windows Components\Internet Explorer\Security Features\Add-on Management
Turn off blocking of outdated ActiveX controls for Internet Explorer\Windows Components\Internet Explorer\Security Features\Add-on Management
Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains\Windows Components\Internet Explorer\Security Features\Add-on Management
Internet Explorer Processes\Windows Components\Internet Explorer\Security Features\Consistent Mime Handling
Internet Explorer Processes\Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature
Internet Explorer Processes\Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction
Internet Explorer Processes\Windows Components\Internet Explorer\Security Features\Notification bar
Internet Explorer Processes\Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation
Internet Explorer Processes\Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install
Internet Explorer Processes\Windows Components\Internet Explorer\Security Features\Restrict File Download
Internet Explorer Processes\Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions

Network

Setting NamePath
MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)\MSS (Legacy)
MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)\MSS (Legacy)
MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes\MSS (Legacy)
MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers\MSS (Legacy)
Prohibit installation and configuration of Network Bridge on your DNS domain network\Network\Network Connections
Hardened UNC Paths\Network\Network Provider
Prohibit connection to non-domain networks when connected to domain authenticated network\Network\Windows Connection Manager
Set 3G Cost\Network\WWAN Service\WWAN Media Cost
Set 4G Cost\Network\WWAN Service\WWAN Media Cost
Set Per-App Cellular Access UI Visibility\Network\WWAN Service\WWAN UI Settings

Office

Setting NamePath
Enable EDU Org ID Sign In in Office from Windows Store\Microsoft Office 2016 (Machine)\Licensing Settings
Specify the location to save the licensing token used by shared computer activation\Microsoft Office 2016 (Machine)\Licensing Settings
Use shared computer activation\Microsoft Office 2016 (Machine)\Licensing Settings
Age out documents older than n days\Microsoft Office 2016 (Machine)\Miscellaneous
Age out the locally cached copies of server document versions that are more than n days old.\Microsoft Office 2016 (Machine)\Miscellaneous
File Previewing\Microsoft Office 2016 (Machine)\Miscellaneous
Open Directly in Office Client Application\Microsoft Office 2016 (Machine)\Miscellaneous
Prevent document inspectors from running\Microsoft Office 2016 (Machine)\Miscellaneous
Set the max size of the Office Document Cache\Microsoft Office 2016 (Machine)\Miscellaneous
Disable Package Repair\Microsoft Office 2016 (Machine)\Security Settings
Disable Password Caching\Microsoft Office 2016 (Machine)\Security Settings
Disable VBA for Office applications\Microsoft Office 2016 (Machine)\Security Settings
Graphics filter import\Microsoft Office 2016 (Machine)\Security Settings
Add-on Management\Microsoft Office 2016 (Machine)\Security Settings\IE Security
Bind to object\Microsoft Office 2016 (Machine)\Security Settings\IE Security
Block popups\Microsoft Office 2016 (Machine)\Security Settings\IE Security
Consistent Mime Handling\Microsoft Office 2016 (Machine)\Security Settings\IE Security
Disable user name and password\Microsoft Office 2016 (Machine)\Security Settings\IE Security
Information Bar\Microsoft Office 2016 (Machine)\Security Settings\IE Security
Local Machine Zone Lockdown Security\Microsoft Office 2016 (Machine)\Security Settings\IE Security
Mime Sniffing Safety Feature\Microsoft Office 2016 (Machine)\Security Settings\IE Security
Navigate URL\Microsoft Office 2016 (Machine)\Security Settings\IE Security
Object Caching Protection\Microsoft Office 2016 (Machine)\Security Settings\IE Security
Protection From Zone Elevation\Microsoft Office 2016 (Machine)\Security Settings\IE Security
Restrict ActiveX Install\Microsoft Office 2016 (Machine)\Security Settings\IE Security
Restrict File Download\Microsoft Office 2016 (Machine)\Security Settings\IE Security
Saved from URL\Microsoft Office 2016 (Machine)\Security Settings\IE Security
Scripted Window Security Restrictions\Microsoft Office 2016 (Machine)\Security Settings\IE Security
Enable Automatic Updates\Microsoft Office 2016 (Machine)\Updates
Hide option to enable or disable updates\Microsoft Office 2016 (Machine)\Updates
Hide Update Notifications\Microsoft Office 2016 (Machine)\Updates
Office 365 Client Management\Microsoft Office 2016 (Machine)\Updates
Online Repair\Microsoft Office 2016 (Machine)\Updates
Prevent Office from being updated to a specific version\Microsoft Office 2016 (Machine)\Updates
Prioritize BITS\Microsoft Office 2016 (Machine)\Updates
Target Version\Microsoft Office 2016 (Machine)\Updates
Update Channel\Microsoft Office 2016 (Machine)\Updates
Update Deadline\Microsoft Office 2016 (Machine)\Updates
Update Path\Microsoft Office 2016 (Machine)\Updates
Upgrade Office 2019 to Office 365 ProPlus\Microsoft Office 2016 (Machine)\Updates
Prevent Token Activation dialog from closing\Microsoft Office 2016 (Machine)\Volume Activation
Use only Token Activation\Microsoft Office 2016 (Machine)\Volume Activation
Turn on an external converter as the default for a file extension\Microsoft PowerPoint 2016 (Machine)\Converters
Additional server versions supported\Skype for Business 2016\Microsoft Lync Feature Policies
Allow storage of user passwords\Skype for Business 2016\Microsoft Lync Feature Policies
Configure SIP compression mode\Skype for Business 2016\Microsoft Lync Feature Policies
Configure SIP security mode\Skype for Business 2016\Microsoft Lync Feature Policies
Disable automatic upload of sign-in failure logs\Skype for Business 2016\Microsoft Lync Feature Policies
Disable HTTP fallback for SIP connection\Skype for Business 2016\Microsoft Lync Feature Policies
Disable server version check\Skype for Business 2016\Microsoft Lync Feature Policies
Enable using BITS to download Address Book Service files\Skype for Business 2016\Microsoft Lync Feature Policies
Global Address Book Download Initial Delay\Skype for Business 2016\Microsoft Lync Feature Policies
Prevent users from running Microsoft Lync\Skype for Business 2016\Microsoft Lync Feature Policies
Require logon credentials\Skype for Business 2016\Microsoft Lync Feature Policies
Specify server\Skype for Business 2016\Microsoft Lync Feature Policies
Trusted Domain List\Skype for Business 2016\Microsoft Lync Feature Policies

OneDrive

Setting NamePath
Allow syncing OneDrive accounts for only specific organizations\OneDrive
Block syncing OneDrive accounts for specific organizations\OneDrive
Configure team site libraries to sync automatically\OneDrive
Convert synced team site files to online-only files\OneDrive
Limit the sync client upload rate to a percentage of throughput\OneDrive
Prevent the sync client from generating network traffic until users sign in\OneDrive
Prevent users from fetching files remotely\OneDrive
Prevent users from moving their Windows known folders to OneDrive\OneDrive
Prevent users from redirecting their Windows known folders to their PC\OneDrive
Prevent users from syncing libraries and folders shared from other organizations\OneDrive
Prompt users to move Windows known folders to OneDrive\OneDrive
Require users to confirm large delete operations\OneDrive
Set the maximum size of a user’s OneDrive that can download automatically\OneDrive
Set the sync client update ring\OneDrive
Silently move Windows known folders to OneDrive\OneDrive
Silently sign in users to the OneDrive sync client with their Windows credentials\OneDrive
Specify SharePoint Server URL and organization name\OneDrive
Specify the OneDrive location in a hybrid environment\OneDrive
Use OneDrive Files On-Demand\OneDrive

Power Management

Setting NamePath
Allow standby states (S1-S3) when sleeping (on battery)\System\Power Management\Sleep Settings
Allow standby states (S1-S3) when sleeping (plugged in)\System\Power Management\Sleep Settings
Require a password when a computer wakes (on battery)\System\Power Management\Sleep Settings
Require a password when a computer wakes (plugged in)\System\Power Management\Sleep Settings
Specify the system hibernate timeout (on battery)\System\Power Management\Sleep Settings
Specify the system hibernate timeout (plugged in)\System\Power Management\Sleep Settings
Specify the system sleep timeout (on battery)\System\Power Management\Sleep Settings
Specify the system sleep timeout (plugged in)\System\Power Management\Sleep Settings
Turn off the display (on battery)\System\Power Management\Video and Display Settings
Turn off the display (plugged in)\System\Power Management\Video and Display Settings

Remote Desktop Service

Setting NamePath
Do not allow passwords to be saved\Windows Components\Remote Desktop Services\Remote Desktop Connection Client
Allow users to connect remotely by using Remote Desktop Services\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections
Do not allow drive redirection\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection
Always prompt for password upon connection\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security
Require secure RPC communication\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security
Set client connection encryption level\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security

Remote Assistance

Setting NamePath
Configure Offer Remote Assistance\System\Remote Assistance
Configure Solicited Remote Assistance\System\Remote Assistance
Customize warning messages\System\Remote Assistance
Turn on session logging\System\Remote Assistance

Remote Management

Setting NamePath
Allow Basic authentication\Windows Components\Windows Remote Management (WinRM)\WinRM Client
Allow CredSSP authentication\Windows Components\Windows Remote Management (WinRM)\WinRM Client
Allow unencrypted traffic\Windows Components\Windows Remote Management (WinRM)\WinRM Client
Disallow Digest authentication\Windows Components\Windows Remote Management (WinRM)\WinRM Client
Disallow Negotiate authentication\Windows Components\Windows Remote Management (WinRM)\WinRM Client
Trusted Hosts\Windows Components\Windows Remote Management (WinRM)\WinRM Client
Allow Basic authentication\Windows Components\Windows Remote Management (WinRM)\WinRM Service
Allow CredSSP authentication\Windows Components\Windows Remote Management (WinRM)\WinRM Service
Allow remote server management through WinRM\Windows Components\Windows Remote Management (WinRM)\WinRM Service
Allow remote server management through WinRM\Windows Components\Windows Remote Management (WinRM)\WinRM Service
Allow unencrypted traffic\Windows Components\Windows Remote Management (WinRM)\WinRM Service
Disallow Negotiate authentication\Windows Components\Windows Remote Management (WinRM)\WinRM Service
Disallow WinRM from storing RunAs credentials\Windows Components\Windows Remote Management (WinRM)\WinRM Service
Specify channel binding token hardening level\Windows Components\Windows Remote Management (WinRM)\WinRM Service
Turn On Compatibility HTTP Listener\Windows Components\Windows Remote Management (WinRM)\WinRM Service
Turn On Compatibility HTTPS Listener\Windows Components\Windows Remote Management (WinRM)\WinRM Service
Allow Remote Shell Access\Windows Components\Windows Remote Shell
Allow Remote Shell Access\Windows Components\Windows Remote Shell
MaxConcurrentUsers\Windows Components\Windows Remote Shell
Specify idle Timeout\Windows Components\Windows Remote Shell
Specify maximum amount of memory in MB per Shell\Windows Components\Windows Remote Shell
Specify maximum number of processes per Shell\Windows Components\Windows Remote Shell
Specify maximum number of remote shells per user\Windows Components\Windows Remote Shell
Specify Shell Timeout\Windows Components\Windows Remote Shell

RSS

Setting NamePath
Prevent downloading of enclosures\Windows Components\RSS Feeds
Turn off background synchronization for feeds and Web Slices\Windows Components\RSS Feeds

Security

Setting NamePath
Prevent enabling lock screen camera\Control Panel\Personalization
Prevent enabling lock screen slide show\Control Panel\Personalization
Apply UAC restrictions to local accounts on network logons\MS Security Guide
Configure SMB v1 client driver\MS Security Guide
Configure SMB v1 server\MS Security Guide
Enable Structured Exception Handling Overwrite Protection (SEHOP)\MS Security Guide
Turn on Windows Defender protection against Potentially Unwanted Applications (DEPRECATED)\MS Security Guide
WDigest Authentication (disabling may require KB2871997)\MS Security Guide
Allow printers to be published\Printers
Allow printers to be published\Printers
Point and Print Restrictions\Printers
Remote host allows delegation of non-exportable credentials\System\Credentials Delegation
Prevent device metadata retrieval from the Internet\System\Device Installation
Allow installation of devices that match any of these device IDs\System\Device Installation\Device Installation Restrictions
Allow installation of devices using drivers that match these device setup classes\System\Device Installation\Device Installation Restrictions
Prevent installation of devices not described by other policy settings\System\Device Installation\Device Installation Restrictions
Prevent installation of devices that match any of these device IDs\System\Device Installation\Device Installation Restrictions
Prevent installation of devices using drivers that match these device setup classes\System\Device Installation\Device Installation Restrictions
Boot-Start Driver Initialization Policy\System\Early Launch Antimalware
Do not allow Windows to activate Enhanced Storage devices\System\Enhanced Storage Access
Turn off downloading of print drivers over HTTP\System\Internet Communication Management\Internet Communication settings
Turn off Internet download for Web publishing and online ordering wizards\System\Internet Communication Management\Internet Communication settings
Turn off printing over HTTP\System\Internet Communication Management\Internet Communication settings
Fail authentication requests when Kerberos armoring is not available\System\Kerberos
Kerberos client support for claims, compound authentication and Kerberos armoring\System\Kerberos
Require strict KDC validation\System\Kerberos
Set maximum Kerberos SSPI context token buffer size\System\Kerberos
Use forest search order\System\Kerberos
Do not display network selection UI\System\Logon
Enumerate local users on domain-joined computers\System\Logon
Turn off app notifications on the lock screen\System\Logon
Turn off picture password sign-in\System\Logon
Turn on convenience PIN sign-in\System\Logon
Enable RPC Endpoint Mapper Client Authentication\System\Remote Procedure Call
Restrict Unauthenticated RPC clients\System\Remote Procedure Call
Enable svchost.exe mitigation options\System\Service Control Manager Settings\Security Settings
Turn off System Restore\System\System Restore
Approved Installation Sites for ActiveX Controls\Windows Components\ActiveX Installer Service
Allow Microsoft accounts to be optional\Windows Components\App runtime
Disallow Autoplay for non-volume devices\Windows Components\AutoPlay Policies
Set the default behavior for AutoRun\Windows Components\AutoPlay Policies
Turn off Autoplay\Windows Components\AutoPlay Policies
Do not display the password reveal button\Windows Components\Credential User Interface
Enumerate administrator accounts on elevation\Windows Components\Credential User Interface
Control Event Log behavior when the log file reaches its maximum size\Windows Components\Event Log Service\Application
Specify the maximum log file size (KB)\Windows Components\Event Log Service\Application
Specify the maximum log file size (KB)\Windows Components\Event Log Service\Security
Specify the maximum log file size (KB)\Windows Components\Event Log Service\System
Turn off Data Execution Prevention for Explorer\Windows Components\File Explorer
Turn off heap termination on corruption\Windows Components\File Explorer
Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot\Windows Components\Windows Logon Options
Sign-in and lock last interactive user automatically after a restart\Windows Components\Windows Logon Options
Turn on PowerShell Script Block Logging\Windows Components\Windows PowerShell

Autor: Fabian Niesen

Fabian Niesen ist seit Jahren beruflich als IT-Consultant unterwegs. Hier schreibt er privat und unabhängig von seinem Arbeitgeber. Unter anderem ist er Zertifiziert als MCSA Windows Server 2008 / 2012, MCSA Office 365, MCSA Windows 10, MCSE Messaging, MCT und Novell Certified Linux Administrator. Seit 2016 ist er auch MCT Regional Lead für Deutschland. Seine Hobby’s sind Social Media, Bloggen, Mittelaltermärkte, Historische Lieder und der Hausbau. Zu finden ist er auch auf folgenden Plattformen: -

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht.