Author: admin
Run logon scripts synchronously
This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop. If you enable this policy setting File Explorer does not start until the logon scripts have finished running. This policy setting ensures that logon script processing is complete before the user starts working but it can delay the appearance of the desktop. If you disable or do not configure this policy setting the logon scripts and File Explorer are not synchronized and can run simultaneously. This policy setting appears in the Computer Configuration and User Configuration folders. The policy setting set in Computer Configuration takes precedence over the policy setting set in User Configuration.
Run logon scripts synchronously
This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop. If you enable this policy setting File Explorer does not start until the logon scripts have finished running. This policy setting ensures that logon script processing is complete before the user starts working but it can delay the appearance of the desktop. If you disable or do not configure this policy setting the logon scripts and File Explorer are not synchronized and can run simultaneously. This policy setting appears in the Computer Configuration and User Configuration folders. The policy setting set in Computer Configuration takes precedence over the policy setting set in User Configuration.
Display instructions in logoff scripts as they run
This policy setting displays the instructions in logoff scripts as they run. Logoff scripts are batch files of instructions that run when the user logs off. By default the system does not display the instructions in the logoff script. If you enable this policy setting the system displays each instruction in the logoff script as it runs. The instructions appear in a command window. This policy setting is designed for advanced users. If you disable or do not configure this policy setting the instructions are suppressed.
Run legacy logon scripts hidden
This policy setting hides the instructions in logon scripts written for Windows NT 4. 0 and earlier. Logon scripts are batch files of instructions that run when the user logs on. By default Windows 2000 displays the instructions in logon scripts written for Windows NT 4. 0 and earlier in a command window as they run although it does not display logon scripts written for Windows 2000. If you enable this setting Windows 2000 does not display logon scripts written for Windows NT 4. 0 and earlier. If you disable or do not configure this policy setting Windows 2000 displays login scripts written for Windows NT 4. 0 and earlier. Also see the “Run Logon Scripts Visible” setting.
Specify maximum wait time for Group Policy scripts
This policy setting determines how long the system waits for scripts applied by Group Policy to run. This setting limits the total time allowed for all logon logoff startup and shutdown scripts applied by Group Policy to finish running. If the scripts have not finished running when the specified time expires the system stops script processing and records an error event. If you enable this setting then in the Seconds box you can type a number from 1 to 32000 for the number of seconds you want the system to wait for the set of scripts to finish. To direct the system to wait until the scripts have finished no matter how long they take type 0. This interval is particularly important when other system tasks must wait while the scripts complete. By default each startup script must complete before the next one runs. Also you can use the “”Run logon scripts synchronously”” setting to direct the system to wait for the logon scripts to complete before loading the desktop. An excessively long interval can delay the system and inconvenience users. However if the interval is too short prerequisite tasks might not be done and the system can appear to be ready prematurely. If you disable or do not configure this setting the system lets the combined set of scripts run for up to 600 seconds (10 minutes). This is the default.
Maintain RPC Troubleshooting State Information
This policy setting determines whether the RPC Runtime maintains RPC state information for the system and how much information it maintains. Basic state information which consists only of the most commonly needed state data is required for troubleshooting RPC problems. If you disable this policy setting the RPC runtime defaults to “Auto2” level. If you do not configure this policy setting the RPC defaults to “Auto2” level. If you enable this policy setting you can use the drop-down box to determine which systems maintain RPC state information. — “None” indicates that the system does not maintain any RPC state information. Note: Because the basic state information required for troubleshooting has a negligible effect on performance and uses only about 4K of memory this setting is not recommended for most installations. — “Auto1” directs RPC to maintain basic state information only if the computer has at least 64 MB of memory. — “Auto2” directs RPC to maintain basic state information only if the computer has at least 128 MB of memory and is running Windows 2000 Server Windows 2000 Advanced Server or Windows 2000 Datacenter Server. — “Server” directs RPC to maintain basic state information on the computer regardless of its capacity. — “Full” directs RPC to maintain complete RPC state information on the system regardless of its capacity. Because this level can degrade performance it is recommended for use only while you are investigating an RPC problem. Note: To retrieve the RPC state information from a system that maintains it you must use a debugging tool. Note: This policy setting will not be applied until the system is rebooted.
Restrict Unauthenticated RPC clients
This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers. This policy setting impacts all RPC applications. In a domain environment this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setting should never be applied to a domain controller. If you disable this policy setting the RPC server runtime uses the value of “Authenticated” on Windows Client and the value of “None” on Windows Server versions that support this policy setting. If you do not configure this policy setting it remains disabled. The RPC server runtime will behave as though it was enabled with the value of “Authenticated” used for Windows Client and the value of “None” used for Server SKUs that support this policy setting. If you enable this policy setting it directs the RPC server runtime to restrict unauthenticated RPC clients connecting to RPC servers running on a machine. A client will be considered an authenticated client if it uses a named pipe to communicate with the server or if it uses RPC Security. RPC Interfaces that have specifically requested to be accessible by unauthenticated clients may be exempt from this restriction depending on the selected value for this policy setting. — “None” allows all RPC clients to connect to RPC Servers running on the machine on which the policy setting is applied. — “Authenticated” allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied. Exemptions are granted to interfaces that have requested them. — “Authenticated without exceptions” allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied. No exceptions are allowed. Note: This policy setting will not be applied until the system is rebooted.
Set Minimum Idle Connection Timeout for RPC/HTTP connections
This policy setting controls the idle connection timeout for RPC/HTTP connections. This policy setting is useful in cases where a network agent like an HTTP proxy or a router uses a lower idle connection timeout than the IIS server running the RPC/HTTP proxy. In such cases RPC/HTTP clients may encounter errors because connections will be timed out faster than expected. Using this policy setting you can force the RPC Runtime and the RPC/HTTP Proxy to use a lower connection timeout. This policy setting is only applicable when the RPC Client the RPC Server and the RPC HTTP Proxy are all running Windows Server 2003 family/Windows XP SP1 or higher versions. If either the RPC Client or the RPC Server or the RPC HTTP Proxy run on an older version of Windows this policy setting will be ignored. The minimum allowed value for this policy setting is 90 seconds. The maximum is 7200 seconds (2 hours). If you disable this policy setting the idle connection timeout on the IIS server running the RPC HTTP proxy will be used. If you do not configure this policy setting it will remain disabled. The idle connection timeout on the IIS server running the RPC HTTP proxy will be used. If you enable this policy setting and the IIS server running the RPC HTTP proxy is configured with a lower idle connection timeout the timeout on the IIS server is used. Otherwise the provided timeout value is used. The timeout is given in seconds. Note: This policy setting will not be applied until the system is rebooted.
Ignore Delegation Failure
This policy setting controls whether the RPC Runtime ignores delegation failures when delegation is requested. The constrained delegation model introduced in Windows Server 2003 does not report that delegation was enabled on a security context when a client connects to a server. Callers of RPC and COM are encouraged to use the RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE flag but some applications written for the traditional delegation model prior to Windows Server 2003 may not use this flag and will encounter RPC_S_SEC_PKG_ERROR when connecting to a server that uses constrained delegation. If you disable this policy setting the RPC Runtime will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and connect to servers using constrained delegation. If you do not configure this policy setting it remains disabled and will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and connect to servers using constrained delegation. If you enable this policy setting then:– “Off” directs the RPC Runtime to generate RPC_S_SEC_PKG_ERROR if the client asks for delegation but the created security context does not support delegation. — “On” directs the RPC Runtime to accept security contexts that do not support delegation even if delegation was asked for. Note: This policy setting will not be applied until the system is rebooted.
Propagate extended error information
This policy setting controls whether the RPC runtime generates extended error information when an error occurs. Extended error information includes the local time that the error occurred the RPC version and the name of the computer on which the error occurred or from which it was propagated. Programs can retrieve the extended error information by using standard Windows application programming interfaces (APIs). If you disable this policy setting the RPC Runtime only generates a status code to indicate an error condition. If you do not configure this policy setting it remains disabled. It will only generate a status code to indicate an error condition. If you enable this policy setting the RPC runtime will generate extended error information. You must select an error response type in the drop-down box. — “Off” disables all extended error information for all processes. RPC only generates an error code. — “On with Exceptions” enables extended error information but lets you disable it for selected processes. To disable extended error information for a process while this policy setting is in effect the command that starts the process must begin with one of the strings in the Extended Error Information Exception field. — “Off with Exceptions” disables extended error information but lets you enable it for selected processes. To enable extended error information for a process while this policy setting is in effect the command that starts the process must begin with one of the strings in the Extended Error Information Exception field. — “On” enables extended error information for all processes. Note: For information about the Extended Error Information Exception field see the Windows Software Development Kit (SDK). Note: Extended error information is formatted to be compatible with other operating systems and older Microsoft operating systems but only newer Microsoft operating systems can read and respond to the information. Note: The default policy setting “Off” is designed for systems where extended error information is considered to be sensitive and it should not be made available remotely. Note: This policy setting will not be applied until the system is rebooted.