Disable or enable software Secure Attention Sequence
This policy setting controls whether or not software can simulate the Secure Attention Sequence (SAS). If you enable this policy setting you have one of four options:If you set this policy setting to “None” user mode software cannot simulate the SAS. If you set this policy setting to “Services” services can simulate the SAS. If you set this policy setting to “Ease of Access applications” Ease of Access applications can simulate the SAS. If you set this policy setting to “Services and Ease of Access applications” both services and Ease of Access applications can simulate the SAS. If you disable or do not configure this setting only Ease of Access applications running on the secure desktop can simulate the SAS.
Set action to take when logon hours expire
This policy controls which action will be taken when the logon hours expire for the logged on user. The actions include lock the workstation disconnect the user or log the user off completely. If you choose to lock or disconnect a session the user cannot unlock the session or reconnect except during permitted logon hours. If you choose to log off a user the user cannot log on again except during permitted logon hours. If you choose to log off a user the user might lose unsaved data. If you enable this setting the system will perform the action you specify when the user’s logon hours expire. If you disable or do not configure this setting the system takes no action when the user’s logon hours expire. The user can continue the existing session but cannot log on to a new session. Note: If you configure this setting you might want to examine and appropriately configure the “Remove logon hours expiration warnings” setting
Remove logon hours expiration warnings
This policy controls whether the logged on user should be notified when his logon hours are about to expire. By default a user is notified before logon hours expire if actions have been set to occur when the logon hours expire. If you enable this setting warnings are not displayed to the user before the logon hours expire. If you disable or do not configure this setting users receive warnings before the logon hours expire if actions have been set to occur when the logon hours expire. Note: If you configure this setting you might want to examine and appropriately configure the “Set action to take when logon hours expire” setting. If “Set action to take when logon hours expire” is disabled or not configured the “Remove logon hours expiration warnings” setting will have no effect and users receive no warnings about logon hour expiration
Display information about previous logons during user logon
This policy setting controls whether or not the system displays information about previous logons and logon failures to the user. For local user accounts and domain user accounts in domains of at least a Windows Server 2008 functional level if you enable this setting a message appears after the user logs on that displays the date and time of the last successful logon by that user the date and time of the last unsuccessful logon attempted with that user name and the number of unsuccessful logons since the last successful logon by that user. This message must be acknowledged by the user before the user is presented with the Microsoft Windows desktop. For domain user accounts in Windows Server 2003 Windows 2000 native or Windows 2000 mixed functional level domains if you enable this setting a warning message will appear that Windows could not retrieve the information and the user will not be able to log on. Therefore you should not enable this policy setting if the domain is not at the Windows Server 2008 domain functional level. If you disable or do not configure this setting messages about the previous logon or logon failures are not displayed.
Require use of fast startup
This policy setting controls the use of fast startup. If you enable this policy setting the system requires hibernate to be enabled. If you disable or do not configure this policy setting the local setting is used.
Timeout for hung logon sessions during shutdown
This policy setting configures the number of minutes the system waits for the hung logon sessions before proceeding with the system shutdown. If you enable this policy setting the system waits for the hung logon sessions for the number of minutes specified. If you disable or do not configure this policy setting the default timeout value is 3 minutes for workstations and 15 minutes for servers.
Turn off legacy remote shutdown interface
This policy setting controls the legacy remote shutdown interface (named pipe). The named pipe remote shutdown interface is needed in order to shutdown this system from a remote Windows XP or Windows Server 2003 system. If you enable this policy setting the system does not create the named pipe remote shutdown interface. If you disable or do not configure this policy setting the system creates the named pipe remote shutdown interface.
Do not connect to any Windows Update Internet locations
Even when Windows Update is configured to receive updates from an intranet update service it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update and other services like Microsoft Update or the Windows Store. Enabling this policy will disable that functionality and may cause connection to public services such as the Windows Store to stop working. Note: This policy applies only when this PC is configured to connect to an intranet update service using the “Specify intranet Microsoft update service location” policy.
Allow signed updates from an intranet Microsoft update service location
This policy setting allows you to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location. If you enable this policy setting Automatic Updates accepts updates received through an intranet Microsoft update service location if they are signed by a certificate found in the “Trusted Publishers” certificate store of the local computer. If you disable or do not configure this policy setting updates from an intranet Microsoft update service location must be signed by Microsoft. Note: Updates from a service other than an intranet Microsoft update service must always be signed by Microsoft and are not affected by this policy setting. Note: This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs.
Enable client-side targeting
Specifies the target group name or names that should be used to receive updates from an intranet Microsoft update service. If the status is set to Enabled the specified target group information is sent to the intranet Microsoft update service which uses it to determine which updates should be deployed to this computer. If the intranet Microsoft update service supports multiple target groups this policy can specify multiple group names separated by semicolons. Otherwise a single group must be specified. If the status is set to Disabled or Not Configured no target group information will be sent to the intranet Microsoft update service. Note: This policy applies only when the intranet Microsoft update service this computer is directed to is configured to support client-side targeting. If the “Specify intranet Microsoft update service location” policy is disabled or not configured this policy has no effect. Note: This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs.