Author: admin
Don’t run specified Windows applications
Prevents Windows from running the programs you specify in this policy setting. If you enable this policy setting users cannot run programs that you add to the list of disallowed applications. If you disable this policy setting or do not configure it users can run any programs. This policy setting only prevents users from running programs that are started by the File Explorer process. It does not prevent users from running programs such as Task Manager which are started by the system process or by other processes. Also if users have access to the command prompt (Cmd. exe) this policy setting does not prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer. Note: Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting. Note: To create a list of allowed applications click Show. In the Show Contents dialog box in the Value column type the application executable name (e. g. Winword. exe Poledit. exe Powerpnt. exe).
Run only specified Windows applications
Limits the Windows programs that users have permission to run on the computer. If you enable this policy setting users can only run programs that you add to the list of allowed applications. If you disable this policy setting or do not configure it users can run all applications. This policy setting only prevents users from running programs that are started by the File Explorer process. It does not prevent users from running programs such as Task Manager which are started by the system process or by other processes. Also if users have access to the command prompt (Cmd. exe) this policy setting does not prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer. Note: Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting. Note: To create a list of allowed applications click Show. In the Show Contents dialog box in the Value column type the application executable name (e. g. Winword. exe Poledit. exe Powerpnt. exe).
Prevent access to registry editing tools
Disables the Windows registry editor Regedit. exe. If you enable this policy setting and the user tries to start Regedit. exe a message appears explaining that a policy setting prevents the action. If you disable this policy setting or do not configure it users can run Regedit. exe normally. To prevent users from using other administrative tools use the “Run only specified Windows applications” policy setting.
Prevent access to the command prompt
This policy setting prevents users from running the interactive command prompt Cmd. exe. This policy setting also determines whether batch files (. cmd and . bat) can run on the computer. If you enable this policy setting and the user tries to open a command window the system displays a message explaining that a setting prevents the action. If you disable this policy setting or do not configure it users can run Cmd. exe and batch files normally. Note: Do not prevent the computer from running batch files if the computer uses logon logoff startup or shutdown batch file scripts or for users that use Remote Desktop Services.
Prevent the computer from joining a homegroup
This policy setting specifies whether users can add computers to a homegroup. By default users can add their computer to a homegroup on a private network. If you enable this policy setting users cannot add computers to a homegroup. This policy setting does not affect other network sharing features. If you disable or do not configure this policy setting users can add computers to a homegroup. However data on a domain-joined computer is not shared with the homegroup. This policy setting is not configured by default. You must restart the computer for this policy setting to take effect.
Prevent users from sharing files within their profile.
This policy setting specifies whether users can share files within their profile. By default users are allowed to share files within their profile to other users on their network after an administrator opts in the computer. An administrator can opt in the computer by using the sharing wizard to share a file within their profile. If you enable this policy setting users cannot share files within their profile using the sharing wizard. Also the sharing wizard cannot create a share at %root% -> users and can only be used to create SMB shares on folders. If you disable or don’t configure this policy setting users can share files out of their user profile after an administrator has opted in the computer.
Allow shared folders to be published
This policy setting determines whether the user can publish shared folders in Active Directory Domain Services (AD DS). If you enable or do not configure this policy setting users can use the “Publish in Active Directory” option in the Shared Folders snap-in to publish shared folders in AD DS. If you disable this policy setting users cannot publish shared folders in AD DS and the “Publish in Active Directory” option is disabled. Note: The default is to allow shared folders to be published when this setting is not configured.
Allow DFS roots to be published
This policy setting determines whether the user can publish DFS roots in Active Directory Domain Services (AD DS). If you enable or do not configure this policy setting users can use the “Publish in Active Directory” option to publish DFS roots as shared folders in AD DS . If you disable this policy setting users cannot publish DFS roots in AD DS and the “Publish in Active Directory” option is disabled. Note: The default is to allow shared folders to be published when this setting is not configured.
Turn off handwriting personalization data sharing
Turns off data sharing from the handwriting recognition personalization tool. The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection. If you enable this policy Tablet PC users cannot choose to share writing samples from the handwriting recognition personalization tool with Microsoft. If you disable this policy Tablet PC user writing samples from the handwriting recognition personalization tool will automatically be shared with Microsoft. If you do not configure this policy Tablet PC users can choose whether or not they want to share their writing samples from the handwriting recognition personalization tool with Microsoft.
Turn off handwriting personalization data sharing
Turns off data sharing from the handwriting recognition personalization tool. The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection. If you enable this policy Tablet PC users cannot choose to share writing samples from the handwriting recognition personalization tool with Microsoft. If you disable this policy Tablet PC user writing samples from the handwriting recognition personalization tool will automatically be shared with Microsoft. If you do not configure this policy Tablet PC users can choose whether or not they want to share their writing samples from the handwriting recognition personalization tool with Microsoft.