Author: admin
Do not preserve zone information in file attachments
This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted Internet intranet local). This requires NTFS in order to function correctly and will fail without notice on FAT32. By not preserving the zone information Windows cannot make proper risk assessments. If you enable this policy setting Windows does not mark file attachments with their zone information. If you disable this policy setting Windows marks file attachments with their zone information. If you do not configure this policy setting Windows marks file attachments with their zone information.
Trust logic for file attachments
This policy setting allows you to configure the logic that Windows uses to determine the risk for file attachments. Preferring the file handler instructs Windows to use the file handler data over the file type data. For example trust notepad. exe but don’t trust . txt files. Preferring the file type instructs Windows to use the file type data over the file handler data. For example trust . txt files regardless of the file handler. Using both the file handler and type data is the most restrictive option. Windows chooses the more restrictive recommendation which will cause users to see more trust prompts than choosing the other options. If you enable this policy setting you can choose the order in which Windows processes risk assessment data. If you disable this policy setting Windows uses its default trust logic which prefers the file handler over the file type. If you do not configure this policy setting Windows uses its default trust logic which prefers the file handler over the file type.
Notify antivirus programs when opening attachments
This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered they will all be notified. If the registered antivirus program already performs on-access checks or scans files as they arrive on the computer’s email server additional calls would be redundant. If you enable this policy setting Windows tells the registered antivirus program to scan the file when a user opens a file attachment. If the antivirus program fails the attachment is blocked from being opened. If you disable this policy setting Windows does not call the registered antivirus programs when file attachments are opened. If you do not configure this policy setting Windows does not call the registered antivirus programs when file attachments are opened.
Turn on dynamic Content URI Rules for Windows store apps
This policy setting lets you turn on Content URI Rules to supplement the static Content URI Rules that were defined as part of the app manifest and apply to all Windows Store apps that use the enterpriseAuthentication capability on a computer. If you enable this policy setting you can define additional Content URI Rules that all Windows Store apps that use the enterpriseAuthentication capability on a computer can use. If you disable or don’t set this policy setting Windows Store apps will only use the static Content URI Rules.
Allow Microsoft accounts to be optional
This policy setting lets you control whether Microsoft accounts are optional for Windows Store apps that require an account to sign in. This policy only affects Windows Store apps that support it. If you enable this policy setting Windows Store apps that typically require a Microsoft account to sign in will allow users to sign in with an enterprise account instead. If you disable or do not configure this policy setting users will need to sign in with a Microsoft account.
Allow Microsoft accounts to be optional
This policy setting lets you control whether Microsoft accounts are optional for Windows Store apps that require an account to sign in. This policy only affects Windows Store apps that support it. If you enable this policy setting Windows Store apps that typically require a Microsoft account to sign in will allow users to sign in with an enterprise account instead. If you disable or do not configure this policy setting users will need to sign in with a Microsoft account.
Block launching desktop apps associated with a URI scheme
This policy setting lets you control whether Windows Store apps can open URIs using the default desktop app for a URI scheme. Because desktop apps run at a higher integrity level than Windows Store apps there is a risk that a URI scheme launched by a Windows Store app might compromise the system by launching a desktop app. If you enable this policy setting Windows Store apps cannot open URIs in the default desktop app for a URI scheme; they can open URIs only in other Windows Store apps. If you disable or do not configure this policy setting Windows Store apps can open URIs in the default desktop app for a URI scheme. Note: Enabling this policy setting does not block Windows Store apps from opening the default desktop app for the http https and mailto URI schemes. The handlers for these URI schemes are hardened against URI-based vulnerabilities from untrusted sources reducing the associated risk.
Block launching desktop apps associated with a URI scheme
This policy setting lets you control whether Windows Store apps can open URIs using the default desktop app for a URI scheme. Because desktop apps run at a higher integrity level than Windows Store apps there is a risk that a URI scheme launched by a Windows Store app might compromise the system by launching a desktop app. If you enable this policy setting Windows Store apps cannot open URIs in the default desktop app for a URI scheme; they can open URIs only in other Windows Store apps. If you disable or do not configure this policy setting Windows Store apps can open URIs in the default desktop app for a URI scheme. Note: Enabling this policy setting does not block Windows Store apps from opening the default desktop app for the http https and mailto URI schemes. The handlers for these URI schemes are hardened against URI-based vulnerabilities from untrusted sources reducing the associated risk.
Block launching desktop apps associated with a file.
This policy setting lets you control whether Windows Store apps can open files using the default desktop app for a file type. Because desktop apps run at a higher integrity level than Windows Store apps there is a risk that a Windows Store app might compromise the system by opening a file in the default desktop app for a file type. If you enable this policy setting Windows Store apps cannot open files in the default desktop app for a file type; they can open files only in other Windows Store apps. If you disable or do not configure this policy setting Windows Store apps can open files in the default desktop app for a file type.
Block launching desktop apps associated with a file.
This policy setting lets you control whether Windows Store apps can open files using the default desktop app for a file type. Because desktop apps run at a higher integrity level than Windows Store apps there is a risk that a Windows Store app might compromise the system by opening a file in the default desktop app for a file type. If you enable this policy setting Windows Store apps cannot open files in the default desktop app for a file type; they can open files only in other Windows Store apps. If you disable or do not configure this policy setting Windows Store apps can open files in the default desktop app for a file type.