Author: admin
Prevent AutoPlay from remembering user choices.
This policy setting allows you to prevent AutoPlay from remembering user’s choice of what to do when a device is connected. If you enable this policy setting AutoPlay prompts the user to choose what to do when a device is connected. If you disable or do not configure this policy setting AutoPlay remembers user’s choice of what to do when a device is connected.
Prevent AutoPlay from remembering user choices.
This policy setting allows you to prevent AutoPlay from remembering user’s choice of what to do when a device is connected. If you enable this policy setting AutoPlay prompts the user to choose what to do when a device is connected. If you disable or do not configure this policy setting AutoPlay remembers user’s choice of what to do when a device is connected.
Set the default behavior for AutoRun
This policy setting sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun. inf files. They often launch the installation program or other routines. Prior to Windows Vista when media containing an autorun command is inserted the system will automatically execute the program without user intervention. This creates a major security concern as code may be executed without user’s knowledge. The default behavior starting with Windows Vista is to prompt the user whether autorun command is to be run. The autorun command is represented as a handler in the Autoplay dialog. If you enable this policy setting an Administrator can change the default Windows Vista or later behavior for autorun to: a) Completely disable autorun commands or b) Revert back to pre-Windows Vista behavior of automatically executing the autorun command. If you disable or not configure this policy setting Windows Vista or later will prompt the user whether autorun command is to be run.
Set the default behavior for AutoRun
This policy setting sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun. inf files. They often launch the installation program or other routines. Prior to Windows Vista when media containing an autorun command is inserted the system will automatically execute the program without user intervention. This creates a major security concern as code may be executed without user’s knowledge. The default behavior starting with Windows Vista is to prompt the user whether autorun command is to be run. The autorun command is represented as a handler in the Autoplay dialog. If you enable this policy setting an Administrator can change the default Windows Vista or later behavior for autorun to: a) Completely disable autorun commands or b) Revert back to pre-Windows Vista behavior of automatically executing the autorun command. If you disable or not configure this policy setting Windows Vista or later will prompt the user whether autorun command is to be run.
Include command line in process creation events
This policy setting determines what information is logged in security audit events when a new process has been created. This setting only applies when the Audit Process Creation policy is enabled. If you enable this policy setting the command line information for every process will be logged in plain text in the security event log as part of the Audit Process Creation event 4688 “a new process has been created” on the workstations and servers on which this policy setting is applied. If you disable or do not configure this policy setting the process’s command line information will not be included in Audit Process Creation events. Default: Not configuredNote: When this policy setting is enabled any user with access to read the security events will be able to read the command line arguments for any successfully created process. Command line arguments can contain sensitive or private information such as passwords or user data.
Inclusion list for moderate risk file types
This policy setting allows you to configure the list of moderate-risk file types. If the attachment is in the list of moderate-risk file types and is from the restricted or Internet zone Windows prompts the user before accessing the file. This inclusion list overrides the list of potentially high-risk file types built into Windows and it takes precedence over the low-risk inclusion list but has a lower precedence than the high-risk inclusion list (where an extension is listed in more than one inclusion list). If you enable this policy setting you can specify file types which pose a moderate risk. If you disable this policy setting Windows uses its default trust logic. If you do not configure this policy setting Windows uses its default trust logic.
Inclusion list for low file types
This policy setting allows you to configure the list of low-risk file types. If the attachment is in the list of low-risk file types Windows will not prompt the user before accessing the file regardless of the file’s zone information. This inclusion list overrides the list of high-risk file types built into Windows and has a lower precedence than the high-risk or medium-risk inclusion lists (where an extension is listed in more than one inclusion list). If you enable this policy setting you can specify file types that pose a low risk. If you disable this policy setting Windows uses its default trust logic. If you do not configure this policy setting Windows uses its default trust logic.
Inclusion list for high risk file types
This policy setting allows you to configure the list of high-risk file types. If the file attachment is in the list of high-risk file types and is from the restricted zone Windows blocks the user from accessing the file. If the file is from the Internet zone Windows prompts the user before accessing the file. This inclusion list takes precedence over the medium-risk and low-risk inclusion lists (where an extension is listed in more than one inclusion list). If you enable this policy setting you can create a custom list of high-risk file types. If you disable this policy setting Windows uses its built-in list of file types that pose a high risk. If you do not configure this policy setting Windows uses its built-in list of high-risk file types.
Default risk level for file attachments
This policy setting allows you to manage the default risk level for file types. To fully customize the risk level for file attachments you may also need to configure the trust logic for file attachments. High Risk: If the attachment is in the list of high-risk file types and is from the restricted zone Windows blocks the user from accessing the file. If the file is from the Internet zone Windows prompts the user before accessing the file. Moderate Risk: If the attachment is in the list of moderate-risk file types and is from the restricted or Internet zone Windows prompts the user before accessing the file. Low Risk: If the attachment is in the list of low-risk file types Windows will not prompt the user before accessing the file regardless of the file’s zone information. If you enable this policy setting you can specify the default risk level for file types. If you disable this policy setting Windows sets the default risk level to moderate. If you do not configure this policy setting Windows sets the default risk level to moderate.
Hide mechanisms to remove zone information
This policy setting allows you to manage whether users can manually remove the zone information from saved file attachments by clicking the Unblock button in the file’s property sheet or by using a check box in the security warning dialog. Removing the zone information allows users to open potentially dangerous file attachments that Windows has blocked users from opening. If you enable this policy setting Windows hides the check box and Unblock button. If you disable this policy setting Windows shows the check box and Unblock button. If you do not configure this policy setting Windows hides the check box and Unblock button.