Listen der Gerätebezogenen Policies
App-V
| Setting Name | Path |
|---|---|
| Enable App-V Client | \System\App-V |
| Enable Migration Mode | \System\App-V\Client Coexistence |
| Integration Root Global | \System\App-V\Integration |
| Integration Root User | \System\App-V\Integration |
| Roaming File Exclusions | \System\App-V\Integration |
| Roaming Registry Exclusions | \System\App-V\Integration |
| Enable automatic cleanup of unused appv packages | \System\App-V\PackageManagement |
| Enable Publishing Refresh UX | \System\App-V\Publishing |
| Publishing Server 1 Settings | \System\App-V\Publishing |
| Publishing Server 2 Settings | \System\App-V\Publishing |
| Publishing Server 3 Settings | \System\App-V\Publishing |
| Publishing Server 4 Settings | \System\App-V\Publishing |
| Publishing Server 5 Settings | \System\App-V\Publishing |
| Reporting Server | \System\App-V\Reporting |
| Enable Package Scripts | \System\App-V\Scripting |
| Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection | \System\App-V\Streaming |
| Certificate Filter For Client SSL | \System\App-V\Streaming |
| Enable Support for BranchCache | \System\App-V\Streaming |
| Location Provider | \System\App-V\Streaming |
| Package Installation Root | \System\App-V\Streaming |
| Package Source Root | \System\App-V\Streaming |
| Reestablishment Interval | \System\App-V\Streaming |
| Reestablishment Retries | \System\App-V\Streaming |
| Shared Content Store (SCS) mode | \System\App-V\Streaming |
| Specify what to load in background (aka AutoLoad) | \System\App-V\Streaming |
| Verify certificate revocation list | \System\App-V\Streaming |
| Enable Dynamic Virtualization | \System\App-V\Virtualization |
| Virtual Component Process Allow List | \System\App-V\Virtualization |
Edge
| Setting Name | Path |
|---|---|
| Ads setting for sites with intrusive ads | \Microsoft Edge |
| Allow download restrictions | \Microsoft Edge |
| Allow file selection dialogs | \Microsoft Edge |
| Allow full screen mode | \Microsoft Edge |
| Allow Google Cast to connect to Cast devices on all IP addresses | \Microsoft Edge |
| Allow importing of autofill form data | \Microsoft Edge |
| Allow importing of browser settings | \Microsoft Edge |
| Allow importing of browsing history | \Microsoft Edge |
| Allow importing of favorites | \Microsoft Edge |
| Allow importing of home page settings | \Microsoft Edge |
| Allow importing of payment info | \Microsoft Edge |
| Allow importing of saved passwords | \Microsoft Edge |
| Allow importing of search engine settings | \Microsoft Edge |
| Allow managed extensions to use the Enterprise Hardware Platform API | \Microsoft Edge |
| Allow media autoplay for websites | \Microsoft Edge |
| Allow or block audio capture | \Microsoft Edge |
| Allow or block video capture | \Microsoft Edge |
| Allow queries to a Browser Network Time service | \Microsoft Edge |
| Allow QUIC protocol | \Microsoft Edge |
| Allow or block video capture | \Microsoft Edge |
| Allow queries to a Browser Network Time service | \Microsoft Edge |
| Allow QUIC protocol | \Microsoft Edge |
| Allow user feedback | \Microsoft Edge |
| Allow users to open files using the ClickOnce protocol | \Microsoft Edge |
| Allow users to open files using the DirectInvoke protocol | \Microsoft Edge |
| Allow users to proceed from the SSL warning page | \Microsoft Edge |
| Allow WebDriver to Override Incompatible Policies | \Microsoft Edge |
| Allows a page to show popups during its unloading | \Microsoft Edge |
| Allows users to edit favorites | \Microsoft Edge |
| Always open PDF files externally | \Microsoft Edge |
| Ask where to save downloaded files | \Microsoft Edge |
| Automatically import another browser’s data and settings at first run | \Microsoft Edge |
| Block access to a list of URLs | \Microsoft Edge |
| Block third party cookies | \Microsoft Edge |
| Block tracking of users‘ web-browsing activity | \Microsoft Edge |
| Browser sign-in settings | \Microsoft Edge |
| Clear browsing data when Microsoft Edge closes | \Microsoft Edge |
| Configure Do Not Track | \Microsoft Edge |
| Configure favorites | \Microsoft Edge |
| Configure InPrivate mode availability | \Microsoft Edge |
| Configure Internet Explorer integration | \Microsoft Edge |
| Configure Online Text To Speech | \Microsoft Edge |
| Configure tab lifecycles | \Microsoft Edge |
| Configure the Enterprise Mode Site List | \Microsoft Edge |
| Configure tracking prevention exceptions for specific sites | \Microsoft Edge |
| Continue running background apps after Microsoft Edge closes | \Microsoft Edge |
| Control communication with the Experimentation and Configuration Service | \Microsoft Edge |
| Control where developer tools can be used | \Microsoft Edge |
| Control where security restrictions on insecure origins apply | \Microsoft Edge |
| Define a list of allowed URLs | \Microsoft Edge |
| Disable Certificate Transparency enforcement for a list of legacy certificate authorities | \Microsoft Edge |
| Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes | \Microsoft Edge |
| Disable Certificate Transparency enforcement for specific URLs | \Microsoft Edge |
| Disable saving browser history | \Microsoft Edge |
| Disable support for 3D graphics APIs | \Microsoft Edge |
| Disable synchronization of data using Microsoft sync services | \Microsoft Edge |
| Disable taking screenshots | \Microsoft Edge |
| Enable a non-removable default sign-in profile | \Microsoft Edge |
| Enable AutoFill for addresses | \Microsoft Edge |
| Enable AutoFill for credit cards | \Microsoft Edge |
| Enable component updates in Microsoft Edge | \Microsoft Edge |
| Enable deleting browser and download history | \Microsoft Edge |
| Enable Domain Actions Download from Microsoft | \Microsoft Edge |
| Enable ending processes in the Browser task manager | \Microsoft Edge |
| Enable favorites bar | \Microsoft Edge |
| Enable full-tab promotional content | \Microsoft Edge |
| Enable guest mode | \Microsoft Edge |
| Enable network prediction | \Microsoft Edge |
| Enable online OCSP/CRL checks | \Microsoft Edge |
| Enable Proactive Authentication | \Microsoft Edge |
| Enable profile creation from the Identity flyout menu or the Settings page | \Microsoft Edge |
| Enable renderer code integrity | \Microsoft Edge |
| Enable resolution of navigation errors using a web service | \Microsoft Edge |
| Enable search suggestions | \Microsoft Edge |
| Enable security warnings for command-line flags | \Microsoft Edge |
| Enable Signed HTTP Exchange (SXG) support | \Microsoft Edge |
| Enable site isolation for every site | \Microsoft Edge |
| Enable site isolation for specific origins | \Microsoft Edge |
| Enable specific spellcheck languages | \Microsoft Edge |
| Enable spellcheck | \Microsoft Edge |
| Enable the Collections feature | \Microsoft Edge |
| Enable Translate | \Microsoft Edge |
| Enable usage and crash-related data reporting | \Microsoft Edge |
| Enable use of ephemeral profiles | \Microsoft Edge |
| Enforce Bing SafeSearch | \Microsoft Edge |
| Enforce Google SafeSearch | \Microsoft Edge |
| Extend Adobe Flash content setting to all content | \Microsoft Edge |
| Force disable spellcheck languages | \Microsoft Edge |
| Force minimum YouTube Restricted Mode | \Microsoft Edge |
| Force networking code to run in the browser process | \Microsoft Edge |
| Forces direct intranet site navigation instead of searching on single word entries in the Address Bar. | \Microsoft Edge |
| Manage Search Engines | \Microsoft Edge |
| Maximum number of concurrent connections to the proxy server | \Microsoft Edge |
| Minimum SSL version enabled | \Microsoft Edge |
| Notify a user that a browser restart is recommended or required for pending updates | \Microsoft Edge |
| Re-enable deprecated web platform features for a limited time | \Microsoft Edge |
| Restrict exposure of localhost IP address by WebRTC | \Microsoft Edge |
| Restrict the range of local UDP ports used by WebRTC | \Microsoft Edge |
| Restrict which accounts can be used as Microsoft Edge primary accounts | \Microsoft Edge |
| Send all intranet sites to Internet Explorer | \Microsoft Edge |
| Send site information to improve Microsoft services | \Microsoft Edge |
| Set application locale | \Microsoft Edge |
| Set disk cache directory | \Microsoft Edge |
| Set disk cache size, in bytes | \Microsoft Edge |
| Set download directory | \Microsoft Edge |
| Set Microsoft Edge as default browser | \Microsoft Edge |
| Set the time period for update notifications | \Microsoft Edge |
| Set the user data directory | \Microsoft Edge |
| Set WPAD optimization | \Microsoft Edge |
| Show Microsoft Office shortcut in favorites bar | \Microsoft Edge |
| Sites that can access audio capture devices without requesting permission | \Microsoft Edge |
| Sites that can access video capture devices without requesting permission | \Microsoft Edge |
| Specify if online OCSP/CRL checks are required for local trust anchors | \Microsoft Edge |
| Suppress the unsupported OS warning | \Microsoft Edge |
| Use built-in DNS client | \Microsoft Edge |
| Use hardware acceleration when available | \Microsoft Edge |
| Websites or domains that don’t need permission to use direct Security Key attestation | \Microsoft Edge |
| Allow download restrictions | \Microsoft Edge – Default Settings (users can override) |
| Allow importing of autofill form data | \Microsoft Edge – Default Settings (users can override) |
| Allow importing of browser settings | \Microsoft Edge – Default Settings (users can override) |
| Allow importing of browsing history | \Microsoft Edge – Default Settings (users can override) |
| Allow importing of favorites | \Microsoft Edge – Default Settings (users can override) |
| Allow importing of payment info | \Microsoft Edge – Default Settings (users can override) |
| Allow importing of saved passwords | \Microsoft Edge – Default Settings (users can override) |
| Allow importing of search engine settings | \Microsoft Edge – Default Settings (users can override) |
| Block third party cookies | \Microsoft Edge – Default Settings (users can override) |
| Clear browsing data when Microsoft Edge closes | \Microsoft Edge – Default Settings (users can override) |
| Continue running background apps after Microsoft Edge closes | \Microsoft Edge – Default Settings (users can override) |
| Disable synchronization of data using Microsoft sync services | \Microsoft Edge – Default Settings (users can override) |
| Enable AutoFill for addresses | \Microsoft Edge – Default Settings (users can override) |
| Enable AutoFill for credit cards | \Microsoft Edge – Default Settings (users can override) |
| Enable favorites bar | \Microsoft Edge – Default Settings (users can override) |
| Enable network prediction | \Microsoft Edge – Default Settings (users can override) |
| Enable resolution of navigation errors using a web service | \Microsoft Edge – Default Settings (users can override) |
| Enable search suggestions | \Microsoft Edge – Default Settings (users can override) |
| Enable Translate | \Microsoft Edge – Default Settings (users can override) |
| Set application locale | \Microsoft Edge – Default Settings (users can override) |
| Set download directory | \Microsoft Edge – Default Settings (users can override) |
| Register protocol handlers | \Microsoft Edge – Default Settings (users can override)\Content settings |
| Enable saving passwords to the password manager | \Microsoft Edge – Default Settings (users can override)\Password manager and protection |
| Print headers and footers | \Microsoft Edge – Default Settings (users can override)\Printing |
| Set the system default printer as the default printer | \Microsoft Edge – Default Settings (users can override)\Printing |
| Configure Microsoft Defender SmartScreen | \Microsoft Edge – Default Settings (users can override)\SmartScreen settings |
| Configure Microsoft Defender SmartScreen for trusted downloads | \Microsoft Edge – Default Settings (users can override)\SmartScreen settings |
| Action to take on startup | \Microsoft Edge – Default Settings (users can override)\Startup, home page and new tab page |
| Configure the home page URL | \Microsoft Edge – Default Settings (users can override)\Startup, home page and new tab page |
| Configure the new tab page URL | \Microsoft Edge – Default Settings (users can override)\Startup, home page and new tab page |
| Set the new tab page as the home page | \Microsoft Edge – Default Settings (users can override)\Startup, home page and new tab page |
| Show Home button on toolbar | \Microsoft Edge – Default Settings (users can override)\Startup, home page and new tab page |
| Sites to open when the browser starts | \Microsoft Edge – Default Settings (users can override)\Startup, home page and new tab page |
| Allow installation default | \Microsoft Edge Update\Microsoft Edge Update\Applications |
| Allow Microsoft Edge Side by Side browser experience | \Microsoft Edge Update\Microsoft Edge Update\Applications |
| Update policy override default | \Microsoft Edge Update\Microsoft Edge Update\Applications |
| Allow installation | \Microsoft Edge Update\Microsoft Edge Update\Applications\Microsoft Edge |
| Update policy override | \Microsoft Edge Update\Microsoft Edge Update\Applications\Microsoft Edge |
| Allow installation | \Microsoft Edge Update\Microsoft Edge Update\Applications\Microsoft Edge Beta |
| Update policy override | \Microsoft Edge Update\Microsoft Edge Update\Applications\Microsoft Edge Beta |
| Allow installation | \Microsoft Edge Update\Microsoft Edge Update\Applications\Microsoft Edge Canary |
| Update policy override | \Microsoft Edge Update\Microsoft Edge Update\Applications\Microsoft Edge Canary |
| Allow installation | \Microsoft Edge Update\Microsoft Edge Update\Applications\Microsoft Edge Dev |
| Update policy override | \Microsoft Edge Update\Microsoft Edge Update\Applications\Microsoft Edge Dev |
| Auto-update check period override | \Microsoft Edge Update\Microsoft Edge Update\Preferences |
| Time period in each day to suppress auto-update check | \Microsoft Edge Update\Microsoft Edge Update\Preferences |
| Address or URL of proxy server | \Microsoft Edge Update\Microsoft Edge Update\Proxy Server |
| Choose how to specify proxy server settings | \Microsoft Edge Update\Microsoft Edge Update\Proxy Server |
| URL to a proxy .pac file | \Microsoft Edge Update\Microsoft Edge Update\Proxy Server |
| Enable Google Cast | \Microsoft Edge\Cast |
| Show the cast icon in the toolbar | \Microsoft Edge\Cast |
| Allow cookies on specific sites | \Microsoft Edge\Content settings |
| Allow images on these sites | \Microsoft Edge\Content settings |
| Allow JavaScript on specific sites | \Microsoft Edge\Content settings |
| Allow notifications on specific sites | \Microsoft Edge\Content settings |
| Allow pop-up windows on specific sites | \Microsoft Edge\Content settings |
| Allow pop-up windows on specific sites | \Microsoft Edge\Content settings |
| Allow the Adobe Flash plug-in on specific sites | \Microsoft Edge\Content settings |
| Allow WebUSB on specific sites | \Microsoft Edge\Content settings |
| Automatically select client certificates for these sites | \Microsoft Edge\Content settings |
| Block cookies on specific sites | \Microsoft Edge\Content settings |
| Block images on specific sites | \Microsoft Edge\Content settings |
| Block JavaScript on specific sites | \Microsoft Edge\Content settings |
| Block notifications on specific sites | \Microsoft Edge\Content settings |
| Block pop-up windows on specific sites | \Microsoft Edge\Content settings |
| Block the Adobe Flash plug-in on specific sites | \Microsoft Edge\Content settings |
| Block WebUSB on specific sites | \Microsoft Edge\Content settings |
| Configure cookies | \Microsoft Edge\Content settings |
| Control use of the Web Bluetooth API | \Microsoft Edge\Content settings |
| Control use of the WebUSB API | \Microsoft Edge\Content settings |
| Default Adobe Flash setting | \Microsoft Edge\Content settings |
| Default geolocation setting | \Microsoft Edge\Content settings |
| Default images setting | \Microsoft Edge\Content settings |
| Default JavaScript setting | \Microsoft Edge\Content settings |
| Default notification setting | \Microsoft Edge\Content settings |
| Default pop-up window setting | \Microsoft Edge\Content settings |
| Grant access to specific sites to connect to specific USB devices | \Microsoft Edge\Content settings |
| Limit cookies from specific websites to the current session | \Microsoft Edge\Content settings |
| Default search provider encodings | \Microsoft Edge\Default search provider |
| Default search provider keyword | \Microsoft Edge\Default search provider |
| Default search provider name | \Microsoft Edge\Default search provider |
| Default search provider search URL | \Microsoft Edge\Default search provider |
| Default search provider URL for suggestions | \Microsoft Edge\Default search provider |
| Enable the default search provider | \Microsoft Edge\Default search provider |
| Parameters for an image URL that uses POST | \Microsoft Edge\Default search provider |
| Specifies the search-by-image feature for the default search provider | \Microsoft Edge\Default search provider |
| Allow specific extensions to be installed | \Microsoft Edge\Extensions |
| Configure allowed extension types | \Microsoft Edge\Extensions |
| Configure extension and user script install sources | \Microsoft Edge\Extensions |
| Configure extension management settings | \Microsoft Edge\Extensions |
| Control which extensions are installed silently | \Microsoft Edge\Extensions |
| Control which extensions cannot be installed | \Microsoft Edge\Extensions |
| Allow cross-origin HTTP Basic Auth prompts | \Microsoft Edge\HTTP authentication |
| Configure list of allowed authentication servers | \Microsoft Edge\HTTP authentication |
| Disable CNAME lookup when negotiating Kerberos authentication | \Microsoft Edge\HTTP authentication |
| Include non-standard port in Kerberos SPN | \Microsoft Edge\HTTP authentication |
| Specifies a list of servers that Microsoft Edge can delegate user credentials to | \Microsoft Edge\HTTP authentication |
| Supported authentication schemes | \Microsoft Edge\HTTP authentication |
| Allow user-level native messaging hosts (installed without admin permissions) | \Microsoft Edge\Native Messaging |
| Configure native messaging block list | \Microsoft Edge\Native Messaging |
| Control which native messaging hosts users can use | \Microsoft Edge\Native Messaging |
| Configure password protection warning trigger | \Microsoft Edge\Password manager and protection |
| Configure the change password URL | \Microsoft Edge\Password manager and protection |
| Configure the list of enterprise login URLs where password protection service should capture fingerprint of password | \Microsoft Edge\Password manager and protection |
| Enable saving passwords to the password manager | \Microsoft Edge\Password manager and protection |
| Default printer selection rules | \Microsoft Edge\Printing |
| Enable printing | \Microsoft Edge\Printing |
| Print headers and footers | \Microsoft Edge\Printing |
| Print using system print dialog | \Microsoft Edge\Printing |
| Set the system default printer as the default printer | \Microsoft Edge\Printing |
| Configure address or URL of proxy server | \Microsoft Edge\Proxy server |
| Configure proxy bypass rules | \Microsoft Edge\Proxy server |
| Configure proxy server settings | \Microsoft Edge\Proxy server |
| Proxy settings | \Microsoft Edge\Proxy server |
| Set the proxy .pac file URL | \Microsoft Edge\Proxy server |
| Configure Microsoft Defender SmartScreen | \Microsoft Edge\SmartScreen settings |
| Configure Microsoft Defender SmartScreen for trusted downloads | \Microsoft Edge\SmartScreen settings |
| Configure the list of domains for which SmartScreen won’t trigger warnings | \Microsoft Edge\SmartScreen settings |
| Prevent bypassing Microsoft Defender SmartScreen prompts for sites | \Microsoft Edge\SmartScreen settings |
| Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads | \Microsoft Edge\SmartScreen settings |
| Action to take on startup | \Microsoft Edge\Startup, home page and new tab page |
| Configure the home page URL | \Microsoft Edge\Startup, home page and new tab page |
| Configure the new tab page URL | \Microsoft Edge\Startup, home page and new tab page |
| Hide the default top sites from the new tab page | \Microsoft Edge\Startup, home page and new tab page |
| Set the new tab page as the home page | \Microsoft Edge\Startup, home page and new tab page |
| Show Home button on toolbar | \Microsoft Edge\Startup, home page and new tab page |
| Sites to open when the browser starts | \Microsoft Edge\Startup, home page and new tab page |
Error Reporting
| Setting Name | Path |
|---|---|
| Disable Windows Error Reporting | \Windows Components\Windows Error Reporting |
| Display Error Notification | \Windows Components\Windows Error Reporting |
| Do not send additional data | \Windows Components\Windows Error Reporting |
| Prevent display of the user interface for critical errors | \Windows Components\Windows Error Reporting |
| Customize consent settings | \Windows Components\Windows Error Reporting\Consent |
Internet Explorer
| Setting Name | Path |
|---|---|
| Add a specific list of search providers to the user’s list of search providers | \Windows Components\Internet Explorer |
| Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar | \Windows Components\Internet Explorer |
| Disable changing secondary home page settings | \Windows Components\Internet Explorer |
| Disable Periodic Check for Internet Explorer software updates | \Windows Components\Internet Explorer |
| Let users turn on and use Enterprise Mode from the Tools menu | \Windows Components\Internet Explorer |
| Prevent bypassing SmartScreen Filter warnings | \Windows Components\Internet Explorer |
| Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet | \Windows Components\Internet Explorer |
| Prevent changing proxy settings | \Windows Components\Internet Explorer |
| Prevent changing the default search provider | \Windows Components\Internet Explorer |
| Prevent managing SmartScreen Filter | \Windows Components\Internet Explorer |
| Prevent participation in the Customer Experience Improvement Program | \Windows Components\Internet Explorer |
| Prevent per-user installation of ActiveX controls | \Windows Components\Internet Explorer |
| Prevent running First Run wizard | \Windows Components\Internet Explorer |
| Restrict search providers to a specific list | \Windows Components\Internet Explorer |
| Security Zones: Do not allow users to add/delete sites | \Windows Components\Internet Explorer |
| Security Zones: Do not allow users to change policies | \Windows Components\Internet Explorer |
| Security Zones: Use only machine settings | \Windows Components\Internet Explorer |
| Specify default behavior for a new tab | \Windows Components\Internet Explorer |
| Specify use of ActiveX Installer Service for installation of ActiveX controls | \Windows Components\Internet Explorer |
| Turn off browser geolocation | \Windows Components\Internet Explorer |
| Turn off Crash Detection | \Windows Components\Internet Explorer |
| Turn off the auto-complete feature for web addresses | \Windows Components\Internet Explorer |
| Turn off the Security Settings Check feature | \Windows Components\Internet Explorer |
| Turn on ActiveX Filtering | \Windows Components\Internet Explorer |
| Turn on Suggested Sites | \Windows Components\Internet Explorer |
| Use the Enterprise Mode IE website list | \Windows Components\Internet Explorer |
| Turn off Compatibility View | \Windows Components\Internet Explorer\Compatibility View |
| Turn on Internet Explorer Standards Mode for local intranet | \Windows Components\Internet Explorer\Compatibility View |
| Use Policy List of Internet Explorer 7 sites | \Windows Components\Internet Explorer\Compatibility View |
| Allow deleting browsing history on exit | \Windows Components\Internet Explorer\Delete Browsing History |
| Disable „Configuring History“ | \Windows Components\Internet Explorer\Delete Browsing History |
| Prevent deleting websites that the user has visited | \Windows Components\Internet Explorer\Delete Browsing History |
| Prevent ignoring certificate errors | \Windows Components\Internet Explorer\Internet Control Panel |
| Allow software to run or install even if the signature is invalid | \Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |
| Check for server certificate revocation | \Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |
| Check for signatures on downloaded programs | \Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |
| Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled | \Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |
| Turn off encryption support | \Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |
| Turn off the flip ahead with page prediction feature | \Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |
| Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows | \Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |
| Turn on Enhanced Protected Mode | \Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |
| Internet Zone Template | \Windows Components\Internet Explorer\Internet Control Panel\Security Page |
| Intranet Sites: Include all local (intranet) sites not listed in other zones | \Windows Components\Internet Explorer\Internet Control Panel\Security Page |
| Intranet Sites: Include all network paths (UNCs) | \Windows Components\Internet Explorer\Internet Control Panel\Security Page |
| Intranet Zone Template | \Windows Components\Internet Explorer\Internet Control Panel\Security Page |
| Local Machine Zone Template | \Windows Components\Internet Explorer\Internet Control Panel\Security Page |
| Locked-Down Internet Zone Template | \Windows Components\Internet Explorer\Internet Control Panel\Security Page |
| Locked-Down Intranet Zone Template | \Windows Components\Internet Explorer\Internet Control Panel\Security Page |
| Locked-Down Local Machine Zone Template | \Windows Components\Internet Explorer\Internet Control Panel\Security Page |
| Locked-Down Restricted Sites Zone Template | \Windows Components\Internet Explorer\Internet Control Panel\Security Page |
| Locked-Down Trusted Sites Zone Template | \Windows Components\Internet Explorer\Internet Control Panel\Security Page |
| Restricted Sites Zone Template | \Windows Components\Internet Explorer\Internet Control Panel\Security Page |
| Site to Zone Assignment List | \Windows Components\Internet Explorer\Internet Control Panel\Security Page |
| Trusted Sites Zone Template | \Windows Components\Internet Explorer\Internet Control Panel\Security Page |
| Turn on certificate address mismatch warning | \Windows Components\Internet Explorer\Internet Control Panel\Security Page |
| Access data sources across domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Allow cut, copy or paste operations from the clipboard via script | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Allow drag and drop or copy and paste files | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Allow font downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Allow loading of XAML files | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Allow only approved domains to use ActiveX controls without prompt | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Allow only approved domains to use the TDC ActiveX control | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Allow script-initiated windows without size or position constraints | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Allow scripting of Internet Explorer WebBrowser controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Allow script-initiated windows without size or position constraints | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Allow scripting of Internet Explorer WebBrowser controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Allow scriptlets | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Allow updates to status bar via script | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Allow VBScript to run in Internet Explorer | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Automatic prompting for ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Automatic prompting for file downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Don’t run antimalware programs against ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Download signed ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Download unsigned ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Enable dragging of content from different domains across windows | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Enable dragging of content from different domains within a window | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Enable MIME Sniffing | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Include local path when user is uploading files to a server | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Initialize and script ActiveX controls not marked as safe | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Java permissions | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Launching applications and files in an IFRAME | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Logon options | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Navigate windows and frames across different domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Run .NET Framework-reliant components not signed with Authenticode | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Run .NET Framework-reliant components signed with Authenticode | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Show security warning for potentially unsafe files | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Turn on Cross-Site Scripting Filter | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Turn on Protected Mode | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Turn on SmartScreen Filter scan | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Use Pop-up Blocker | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Userdata persistence | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Web sites in less privileged Web content zones can navigate into this zone | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
| Access data sources across domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone |
| Allow font downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone |
| Allow scriptlets | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone |
| Allow scriptlets | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone |
| Automatic prompting for ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone |
| Automatic prompting for file downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone |
| Don’t run antimalware programs against ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone |
| Initialize and script ActiveX controls not marked as safe | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone |
| Java permissions | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone |
| Navigate windows and frames across different domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone |
| Run .NET Framework-reliant components not signed with Authenticode | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone |
| Turn on SmartScreen Filter scan | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone |
| Userdata persistence | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone |
| Web sites in less privileged Web content zones can navigate into this zone | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone |
| Access data sources across domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone |
| Allow font downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone |
| Allow scriptlets | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone |
| Allow scriptlets | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone |
| Automatic prompting for ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone |
| Automatic prompting for file downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone |
| Don’t run antimalware programs against ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone |
| Initialize and script ActiveX controls not marked as safe | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone |
| Java permissions | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone |
| Navigate windows and frames across different domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone |
| Run .NET Framework-reliant components not signed with Authenticode | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone |
| Turn on SmartScreen Filter scan | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone |
| Userdata persistence | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone |
| Web sites in less privileged Web content zones can navigate into this zone | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone |
| Access data sources across domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
| Allow font downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
| Allow scriptlets | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
| Allow scriptlets | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
| Automatic prompting for ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
| Automatic prompting for file downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
| Initialize and script ActiveX controls not marked as safe | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
| Java permissions | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
| Navigate windows and frames across different domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
| Run .NET Framework-reliant components not signed with Authenticode | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
| Turn on SmartScreen Filter scan | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
| Userdata persistence | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
| Web sites in less privileged Web content zones can navigate into this zone | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
| Access data sources across domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
| Allow font downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
| Allow scriptlets | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
| Allow scriptlets | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
| Automatic prompting for ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
| Automatic prompting for file downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
| Initialize and script ActiveX controls not marked as safe | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
| Java permissions | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
| Navigate windows and frames across different domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
| Run .NET Framework-reliant components not signed with Authenticode | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
| Turn on SmartScreen Filter scan | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
| Userdata persistence | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
| Web sites in less privileged Web content zones can navigate into this zone | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
| Access data sources across domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
| Allow font downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
| Allow scriptlets | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
| Allow scriptlets | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
| Automatic prompting for ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
| Automatic prompting for file downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
| Initialize and script ActiveX controls not marked as safe | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
| Java permissions | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
| Navigate windows and frames across different domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
| Run .NET Framework-reliant components not signed with Authenticode | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
| Turn on SmartScreen Filter scan | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
| Userdata persistence | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
| Web sites in less privileged Web content zones can navigate into this zone | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
| Access data sources across domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone |
| Allow font downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone |
| Allow scriptlets | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone |
| Allow scriptlets | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone |
| Automatic prompting for ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone |
| Automatic prompting for file downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone |
| Initialize and script ActiveX controls not marked as safe | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone |
| Java permissions | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone |
| Navigate windows and frames across different domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone |
| Run .NET Framework-reliant components not signed with Authenticode | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone |
| Turn on SmartScreen Filter scan | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone |
| Userdata persistence | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone |
| Web sites in less privileged Web content zones can navigate into this zone | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone |
| Access data sources across domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
| Allow font downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
| Allow scriptlets | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
| Allow scriptlets | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
| Automatic prompting for ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
| Automatic prompting for file downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
| Initialize and script ActiveX controls not marked as safe | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
| Java permissions | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
| Navigate windows and frames across different domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
| Run .NET Framework-reliant components not signed with Authenticode | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
| Turn on SmartScreen Filter scan | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
| Userdata persistence | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
| Web sites in less privileged Web content zones can navigate into this zone | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
| Access data sources across domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Allow active scripting | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Allow binary and script behaviors | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Allow cut, copy or paste operations from the clipboard via script | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Allow drag and drop or copy and paste files | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Allow file downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Allow font downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Allow loading of XAML files | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Allow META REFRESH | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Allow only approved domains to use ActiveX controls without prompt | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Allow only approved domains to use the TDC ActiveX control | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Allow script-initiated windows without size or position constraints | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Allow scripting of Internet Explorer WebBrowser controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Allow scriptlets | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Allow script-initiated windows without size or position constraints | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Allow scripting of Internet Explorer WebBrowser controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Allow scriptlets | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Allow updates to status bar via script | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Allow VBScript to run in Internet Explorer | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Automatic prompting for ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Automatic prompting for file downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Don’t run antimalware programs against ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Download signed ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Download unsigned ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Enable dragging of content from different domains across windows | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Enable dragging of content from different domains within a window | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Enable MIME Sniffing | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Include local path when user is uploading files to a server | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Initialize and script ActiveX controls not marked as safe | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Java permissions | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Launching applications and files in an IFRAME | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Logon options | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Navigate windows and frames across different domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Run .NET Framework-reliant components not signed with Authenticode | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Run .NET Framework-reliant components signed with Authenticode | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Run ActiveX controls and plugins | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Script ActiveX controls marked safe for scripting | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Scripting of Java applets | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Show security warning for potentially unsafe files | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Turn on Cross-Site Scripting Filter | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Turn on Protected Mode | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Turn on SmartScreen Filter scan | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Use Pop-up Blocker | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Userdata persistence | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Web sites in less privileged Web content zones can navigate into this zone | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
| Access data sources across domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
| Allow font downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
| Allow scriptlets | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
| Automatic prompting for ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
| Automatic prompting for file downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
| Don’t run antimalware programs against ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
| Initialize and script ActiveX controls not marked as safe | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
| Java permissions | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
| Navigate windows and frames across different domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
| Run .NET Framework-reliant components not signed with Authenticode | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
| Turn on SmartScreen Filter scan | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
| Userdata persistence | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
| Web sites in less privileged Web content zones can navigate into this zone | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
| Go to an intranet site for a one-word entry in the Address bar | \Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing |
| Turn off InPrivate Browsing | \Windows Components\Internet Explorer\Privacy |
| Allow fallback to SSL 3.0 (Internet Explorer) | \Windows Components\Internet Explorer\Security Features |
| Add-on List | \Windows Components\Internet Explorer\Security Features\Add-on Management |
| Remove „Run this time“ button for outdated ActiveX controls in Internet Explorer | \Windows Components\Internet Explorer\Security Features\Add-on Management |
| Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects | \Windows Components\Internet Explorer\Security Features\Add-on Management |
| Turn off automatic download of the ActiveX VersionList | \Windows Components\Internet Explorer\Security Features\Add-on Management |
| Turn off blocking of outdated ActiveX controls for Internet Explorer | \Windows Components\Internet Explorer\Security Features\Add-on Management |
| Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains | \Windows Components\Internet Explorer\Security Features\Add-on Management |
| Internet Explorer Processes | \Windows Components\Internet Explorer\Security Features\Consistent Mime Handling |
| Internet Explorer Processes | \Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature |
| Internet Explorer Processes | \Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction |
| Internet Explorer Processes | \Windows Components\Internet Explorer\Security Features\Notification bar |
| Internet Explorer Processes | \Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation |
| Internet Explorer Processes | \Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install |
| Internet Explorer Processes | \Windows Components\Internet Explorer\Security Features\Restrict File Download |
| Internet Explorer Processes | \Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions |
Network
| Setting Name | Path |
|---|---|
| MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) | \MSS (Legacy) |
| MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) | \MSS (Legacy) |
| MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes | \MSS (Legacy) |
| MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | \MSS (Legacy) |
| Prohibit installation and configuration of Network Bridge on your DNS domain network | \Network\Network Connections |
| Hardened UNC Paths | \Network\Network Provider |
| Prohibit connection to non-domain networks when connected to domain authenticated network | \Network\Windows Connection Manager |
| Set 3G Cost | \Network\WWAN Service\WWAN Media Cost |
| Set 4G Cost | \Network\WWAN Service\WWAN Media Cost |
| Set Per-App Cellular Access UI Visibility | \Network\WWAN Service\WWAN UI Settings |
Office
| Setting Name | Path |
|---|---|
| Enable EDU Org ID Sign In in Office from Windows Store | \Microsoft Office 2016 (Machine)\Licensing Settings |
| Specify the location to save the licensing token used by shared computer activation | \Microsoft Office 2016 (Machine)\Licensing Settings |
| Use shared computer activation | \Microsoft Office 2016 (Machine)\Licensing Settings |
| Age out documents older than n days | \Microsoft Office 2016 (Machine)\Miscellaneous |
| Age out the locally cached copies of server document versions that are more than n days old. | \Microsoft Office 2016 (Machine)\Miscellaneous |
| File Previewing | \Microsoft Office 2016 (Machine)\Miscellaneous |
| Open Directly in Office Client Application | \Microsoft Office 2016 (Machine)\Miscellaneous |
| Prevent document inspectors from running | \Microsoft Office 2016 (Machine)\Miscellaneous |
| Set the max size of the Office Document Cache | \Microsoft Office 2016 (Machine)\Miscellaneous |
| Disable Package Repair | \Microsoft Office 2016 (Machine)\Security Settings |
| Disable Password Caching | \Microsoft Office 2016 (Machine)\Security Settings |
| Disable VBA for Office applications | \Microsoft Office 2016 (Machine)\Security Settings |
| Graphics filter import | \Microsoft Office 2016 (Machine)\Security Settings |
| Add-on Management | \Microsoft Office 2016 (Machine)\Security Settings\IE Security |
| Bind to object | \Microsoft Office 2016 (Machine)\Security Settings\IE Security |
| Block popups | \Microsoft Office 2016 (Machine)\Security Settings\IE Security |
| Consistent Mime Handling | \Microsoft Office 2016 (Machine)\Security Settings\IE Security |
| Disable user name and password | \Microsoft Office 2016 (Machine)\Security Settings\IE Security |
| Information Bar | \Microsoft Office 2016 (Machine)\Security Settings\IE Security |
| Local Machine Zone Lockdown Security | \Microsoft Office 2016 (Machine)\Security Settings\IE Security |
| Mime Sniffing Safety Feature | \Microsoft Office 2016 (Machine)\Security Settings\IE Security |
| Navigate URL | \Microsoft Office 2016 (Machine)\Security Settings\IE Security |
| Object Caching Protection | \Microsoft Office 2016 (Machine)\Security Settings\IE Security |
| Protection From Zone Elevation | \Microsoft Office 2016 (Machine)\Security Settings\IE Security |
| Restrict ActiveX Install | \Microsoft Office 2016 (Machine)\Security Settings\IE Security |
| Restrict File Download | \Microsoft Office 2016 (Machine)\Security Settings\IE Security |
| Saved from URL | \Microsoft Office 2016 (Machine)\Security Settings\IE Security |
| Scripted Window Security Restrictions | \Microsoft Office 2016 (Machine)\Security Settings\IE Security |
| Enable Automatic Updates | \Microsoft Office 2016 (Machine)\Updates |
| Hide option to enable or disable updates | \Microsoft Office 2016 (Machine)\Updates |
| Hide Update Notifications | \Microsoft Office 2016 (Machine)\Updates |
| Office 365 Client Management | \Microsoft Office 2016 (Machine)\Updates |
| Online Repair | \Microsoft Office 2016 (Machine)\Updates |
| Prevent Office from being updated to a specific version | \Microsoft Office 2016 (Machine)\Updates |
| Prioritize BITS | \Microsoft Office 2016 (Machine)\Updates |
| Target Version | \Microsoft Office 2016 (Machine)\Updates |
| Update Channel | \Microsoft Office 2016 (Machine)\Updates |
| Update Deadline | \Microsoft Office 2016 (Machine)\Updates |
| Update Path | \Microsoft Office 2016 (Machine)\Updates |
| Upgrade Office 2019 to Office 365 ProPlus | \Microsoft Office 2016 (Machine)\Updates |
| Prevent Token Activation dialog from closing | \Microsoft Office 2016 (Machine)\Volume Activation |
| Use only Token Activation | \Microsoft Office 2016 (Machine)\Volume Activation |
| Turn on an external converter as the default for a file extension | \Microsoft PowerPoint 2016 (Machine)\Converters |
| Additional server versions supported | \Skype for Business 2016\Microsoft Lync Feature Policies |
| Allow storage of user passwords | \Skype for Business 2016\Microsoft Lync Feature Policies |
| Configure SIP compression mode | \Skype for Business 2016\Microsoft Lync Feature Policies |
| Configure SIP security mode | \Skype for Business 2016\Microsoft Lync Feature Policies |
| Disable automatic upload of sign-in failure logs | \Skype for Business 2016\Microsoft Lync Feature Policies |
| Disable HTTP fallback for SIP connection | \Skype for Business 2016\Microsoft Lync Feature Policies |
| Disable server version check | \Skype for Business 2016\Microsoft Lync Feature Policies |
| Enable using BITS to download Address Book Service files | \Skype for Business 2016\Microsoft Lync Feature Policies |
| Global Address Book Download Initial Delay | \Skype for Business 2016\Microsoft Lync Feature Policies |
| Prevent users from running Microsoft Lync | \Skype for Business 2016\Microsoft Lync Feature Policies |
| Require logon credentials | \Skype for Business 2016\Microsoft Lync Feature Policies |
| Specify server | \Skype for Business 2016\Microsoft Lync Feature Policies |
| Trusted Domain List | \Skype for Business 2016\Microsoft Lync Feature Policies |
OneDrive
| Setting Name | Path |
|---|---|
| Allow syncing OneDrive accounts for only specific organizations | \OneDrive |
| Block syncing OneDrive accounts for specific organizations | \OneDrive |
| Configure team site libraries to sync automatically | \OneDrive |
| Convert synced team site files to online-only files | \OneDrive |
| Limit the sync client upload rate to a percentage of throughput | \OneDrive |
| Prevent the sync client from generating network traffic until users sign in | \OneDrive |
| Prevent users from fetching files remotely | \OneDrive |
| Prevent users from moving their Windows known folders to OneDrive | \OneDrive |
| Prevent users from redirecting their Windows known folders to their PC | \OneDrive |
| Prevent users from syncing libraries and folders shared from other organizations | \OneDrive |
| Prompt users to move Windows known folders to OneDrive | \OneDrive |
| Require users to confirm large delete operations | \OneDrive |
| Set the maximum size of a user’s OneDrive that can download automatically | \OneDrive |
| Set the sync client update ring | \OneDrive |
| Silently move Windows known folders to OneDrive | \OneDrive |
| Silently sign in users to the OneDrive sync client with their Windows credentials | \OneDrive |
| Specify SharePoint Server URL and organization name | \OneDrive |
| Specify the OneDrive location in a hybrid environment | \OneDrive |
| Use OneDrive Files On-Demand | \OneDrive |
Power Management
| Setting Name | Path |
|---|---|
| Allow standby states (S1-S3) when sleeping (on battery) | \System\Power Management\Sleep Settings |
| Allow standby states (S1-S3) when sleeping (plugged in) | \System\Power Management\Sleep Settings |
| Require a password when a computer wakes (on battery) | \System\Power Management\Sleep Settings |
| Require a password when a computer wakes (plugged in) | \System\Power Management\Sleep Settings |
| Specify the system hibernate timeout (on battery) | \System\Power Management\Sleep Settings |
| Specify the system hibernate timeout (plugged in) | \System\Power Management\Sleep Settings |
| Specify the system sleep timeout (on battery) | \System\Power Management\Sleep Settings |
| Specify the system sleep timeout (plugged in) | \System\Power Management\Sleep Settings |
| Turn off the display (on battery) | \System\Power Management\Video and Display Settings |
| Turn off the display (plugged in) | \System\Power Management\Video and Display Settings |
Remote Desktop Service
| Setting Name | Path |
|---|---|
| Do not allow passwords to be saved | \Windows Components\Remote Desktop Services\Remote Desktop Connection Client |
| Allow users to connect remotely by using Remote Desktop Services | \Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections |
| Do not allow drive redirection | \Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection |
| Always prompt for password upon connection | \Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security |
| Require secure RPC communication | \Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security |
| Set client connection encryption level | \Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security |
Remote Assistance
| Setting Name | Path |
|---|---|
| Configure Offer Remote Assistance | \System\Remote Assistance |
| Configure Solicited Remote Assistance | \System\Remote Assistance |
| Customize warning messages | \System\Remote Assistance |
| Turn on session logging | \System\Remote Assistance |
Remote Management
| Setting Name | Path |
|---|---|
| Allow Basic authentication | \Windows Components\Windows Remote Management (WinRM)\WinRM Client |
| Allow CredSSP authentication | \Windows Components\Windows Remote Management (WinRM)\WinRM Client |
| Allow unencrypted traffic | \Windows Components\Windows Remote Management (WinRM)\WinRM Client |
| Disallow Digest authentication | \Windows Components\Windows Remote Management (WinRM)\WinRM Client |
| Disallow Negotiate authentication | \Windows Components\Windows Remote Management (WinRM)\WinRM Client |
| Trusted Hosts | \Windows Components\Windows Remote Management (WinRM)\WinRM Client |
| Allow Basic authentication | \Windows Components\Windows Remote Management (WinRM)\WinRM Service |
| Allow CredSSP authentication | \Windows Components\Windows Remote Management (WinRM)\WinRM Service |
| Allow remote server management through WinRM | \Windows Components\Windows Remote Management (WinRM)\WinRM Service |
| Allow remote server management through WinRM | \Windows Components\Windows Remote Management (WinRM)\WinRM Service |
| Allow unencrypted traffic | \Windows Components\Windows Remote Management (WinRM)\WinRM Service |
| Disallow Negotiate authentication | \Windows Components\Windows Remote Management (WinRM)\WinRM Service |
| Disallow WinRM from storing RunAs credentials | \Windows Components\Windows Remote Management (WinRM)\WinRM Service |
| Specify channel binding token hardening level | \Windows Components\Windows Remote Management (WinRM)\WinRM Service |
| Turn On Compatibility HTTP Listener | \Windows Components\Windows Remote Management (WinRM)\WinRM Service |
| Turn On Compatibility HTTPS Listener | \Windows Components\Windows Remote Management (WinRM)\WinRM Service |
| Allow Remote Shell Access | \Windows Components\Windows Remote Shell |
| Allow Remote Shell Access | \Windows Components\Windows Remote Shell |
| MaxConcurrentUsers | \Windows Components\Windows Remote Shell |
| Specify idle Timeout | \Windows Components\Windows Remote Shell |
| Specify maximum amount of memory in MB per Shell | \Windows Components\Windows Remote Shell |
| Specify maximum number of processes per Shell | \Windows Components\Windows Remote Shell |
| Specify maximum number of remote shells per user | \Windows Components\Windows Remote Shell |
| Specify Shell Timeout | \Windows Components\Windows Remote Shell |
RSS
| Setting Name | Path |
|---|---|
| Prevent downloading of enclosures | \Windows Components\RSS Feeds |
| Turn off background synchronization for feeds and Web Slices | \Windows Components\RSS Feeds |
Security
| Setting Name | Path |
|---|---|
| Prevent enabling lock screen camera | \Control Panel\Personalization |
| Prevent enabling lock screen slide show | \Control Panel\Personalization |
| Apply UAC restrictions to local accounts on network logons | \MS Security Guide |
| Configure SMB v1 client driver | \MS Security Guide |
| Configure SMB v1 server | \MS Security Guide |
| Enable Structured Exception Handling Overwrite Protection (SEHOP) | \MS Security Guide |
| Turn on Windows Defender protection against Potentially Unwanted Applications (DEPRECATED) | \MS Security Guide |
| WDigest Authentication (disabling may require KB2871997) | \MS Security Guide |
| Allow printers to be published | \Printers |
| Allow printers to be published | \Printers |
| Point and Print Restrictions | \Printers |
| Remote host allows delegation of non-exportable credentials | \System\Credentials Delegation |
| Prevent device metadata retrieval from the Internet | \System\Device Installation |
| Allow installation of devices that match any of these device IDs | \System\Device Installation\Device Installation Restrictions |
| Allow installation of devices using drivers that match these device setup classes | \System\Device Installation\Device Installation Restrictions |
| Prevent installation of devices not described by other policy settings | \System\Device Installation\Device Installation Restrictions |
| Prevent installation of devices that match any of these device IDs | \System\Device Installation\Device Installation Restrictions |
| Prevent installation of devices using drivers that match these device setup classes | \System\Device Installation\Device Installation Restrictions |
| Boot-Start Driver Initialization Policy | \System\Early Launch Antimalware |
| Do not allow Windows to activate Enhanced Storage devices | \System\Enhanced Storage Access |
| Turn off downloading of print drivers over HTTP | \System\Internet Communication Management\Internet Communication settings |
| Turn off Internet download for Web publishing and online ordering wizards | \System\Internet Communication Management\Internet Communication settings |
| Turn off printing over HTTP | \System\Internet Communication Management\Internet Communication settings |
| Fail authentication requests when Kerberos armoring is not available | \System\Kerberos |
| Kerberos client support for claims, compound authentication and Kerberos armoring | \System\Kerberos |
| Require strict KDC validation | \System\Kerberos |
| Set maximum Kerberos SSPI context token buffer size | \System\Kerberos |
| Use forest search order | \System\Kerberos |
| Do not display network selection UI | \System\Logon |
| Enumerate local users on domain-joined computers | \System\Logon |
| Turn off app notifications on the lock screen | \System\Logon |
| Turn off picture password sign-in | \System\Logon |
| Turn on convenience PIN sign-in | \System\Logon |
| Enable RPC Endpoint Mapper Client Authentication | \System\Remote Procedure Call |
| Restrict Unauthenticated RPC clients | \System\Remote Procedure Call |
| Enable svchost.exe mitigation options | \System\Service Control Manager Settings\Security Settings |
| Turn off System Restore | \System\System Restore |
| Approved Installation Sites for ActiveX Controls | \Windows Components\ActiveX Installer Service |
| Allow Microsoft accounts to be optional | \Windows Components\App runtime |
| Disallow Autoplay for non-volume devices | \Windows Components\AutoPlay Policies |
| Set the default behavior for AutoRun | \Windows Components\AutoPlay Policies |
| Turn off Autoplay | \Windows Components\AutoPlay Policies |
| Do not display the password reveal button | \Windows Components\Credential User Interface |
| Enumerate administrator accounts on elevation | \Windows Components\Credential User Interface |
| Control Event Log behavior when the log file reaches its maximum size | \Windows Components\Event Log Service\Application |
| Specify the maximum log file size (KB) | \Windows Components\Event Log Service\Application |
| Specify the maximum log file size (KB) | \Windows Components\Event Log Service\Security |
| Specify the maximum log file size (KB) | \Windows Components\Event Log Service\System |
| Turn off Data Execution Prevention for Explorer | \Windows Components\File Explorer |
| Turn off heap termination on corruption | \Windows Components\File Explorer |
| Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot | \Windows Components\Windows Logon Options |
| Sign-in and lock last interactive user automatically after a restart | \Windows Components\Windows Logon Options |
| Turn on PowerShell Script Block Logging | \Windows Components\Windows PowerShell |
Zweimal versuchen Sie, darüber nachzudenken, so zu gut tat und eine Chance hat und
es hat geklappt. Vielen Dank für den Hinweis, vereinfachte ich diesen Job.
Artikel ein Wort ist einfach toll. Empfehlen Sie versuchen, werden Sie
nicht bereuen.