Specify permitted managers
This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer. Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events. The manager is located on the host computer on the network. The manager’s role is to poll the agents for certain requested information. If you enable this policy setting the SNMP agent only accepts requests from the list of permitted managers that you configure using this setting. If you disable or do not configure this policy setting SNMP service takes the permitted managers configured on the local computer instead. Best practice: For security purposes it is recommended to restrict the HKEY_LOCAL_MACHINE -> SOFTWARE -> Policies -> SNMP -> Parameters -> PermittedManagers key to allow only the local admin group full control. Note: This policy setting has no effect if the SNMP agent is not installed on the client computer. Also see the other two SNMP policy settings: “Specify trap configuration” and “Specify Community Name”.
Specify communities
This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service. SNMP is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events. A valid community is a community recognized by the SNMP service while a community is a group of hosts (servers workstations hubs and routers) that are administered together by SNMP. The SNMP service is a managed network node that receives SNMP packets from the network. If you enable this policy setting the SNMP agent only accepts requests from management systems within the communities it recognizes and only SNMP Read operation is allowed for the community. If you disable or do not configure this policy setting the SNMP service takes the Valid Communities configured on the local computer instead. Best practice: For security purposes it is recommended to restrict the HKEY_LOCAL_MACHINE -> SOFTWARE -> Policies -> SNMP -> Parameters -> ValidCommunities key to allow only the local admin group full control. Note: It is good practice to use a cryptic community name. Note: This policy setting has no effect if the SNMP agent is not installed on the client computer. Also see the other two SNMP settings: “Specify permitted managers” and “Specify trap configuration”.
Set the map update interval for NIS subordinate servers
This policy setting allows a Server for NIS administrator to configure an update interval for pushing Network Information Service (NIS) maps to NIS subordinate servers. If you enable this policy setting the map update interval specified in this policy setting is applied to all affected domain controllers that are running Server for NIS. If you disable or do not configure this policy setting individual computers that are running Server for NIS use the map update interval specified on the General tab of the Server for NIS Properties dialog box. Note: Valid values for intervals are whole numbers in the following ranges: days 0 through 99999; hours 0 through 23; minutes 0 through 59. The default value if the policy setting is enabled is one day.
Turn on extensive logging for Active Directory Domain Services domain controllers that are running Server for NIS
This policy setting allows an administrator to configure extensive logging for computers that are running Server for Network Information Service (NIS). If you enable this policy setting intermediate steps of NIS map updates or propagations and whether map updates are successful are logged for all affected computers that are running Server for NIS. If you disable or do not configure this policy setting individual computers that are running the Server for NIS log steps of map propagations based upon how the “NIS map propagation logging” policy setting on the Logging tab of the Server for NIS Properties dialog box is configured.
Allow ECC certificates to be used for logon and authentication
This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to log on to a domain. If you enable this policy setting ECC certificates on a smart card can be used to log on to a domain. If you disable or do not configure this policy setting ECC certificates on a smart card cannot be used to log on to a domain. Note: This policy setting only affects a user’s ability to log on to a domain. ECC certificates on a smart card that are used for other applications such as document signing are not affected by this policy setting. Note: If you use an ECDSA key to log on you must also have an associated ECDH key to permit logons when you are not connected to the network.
Notify user of successful smart card driver installation
This policy setting allows you to control whether a confirmation message is displayed when a smart card device driver is installed. If you enable or do not configure this policy setting a confirmation message will be displayed when a smart card device driver is installed. If you disable this policy setting a confirmation message will not be displayed when a smart card device driver is installed. Note: This policy setting is applied only for smart cards that have passed the Windows Hardware Quality Labs (WHQL) testing process.
Turn on Smart Card Plug and Play service
This policy setting allows you to control whether Smart Card Plug and Play is enabled. If you enable or do not configure this policy setting Smart Card Plug and Play will be enabled and the system will attempt to install a Smart Card device driver when a card is inserted in a Smart Card Reader for the first time. If you disable this policy setting Smart Card Plug and Play will be disabled and a device driver will not be installed when a card is inserted in a Smart Card Reader. Note: This policy setting is applied only for smart cards that have passed the Windows Hardware Quality Labs (WHQL) testing process.
Allow user name hint
This policy setting lets you determine whether an optional field will be displayed during logon and elevation that allows a user to enter his or her user name or user name and domain thereby associating a certificate with that user. If you enable this policy setting then an optional field that allows a user to enter their user name or user name and domain will be displayed. If you disable or do not configure this policy setting an optional field that allows users to enter their user name or user name and domain will not be displayed.
Prevent plaintext PINs from being returned by Credential Manager
This policy setting prevents plaintext PINs from being returned by Credential Manager. If you enable this policy setting Credential Manager does not return a plaintext PIN. If you disable or do not configure this policy setting plaintext PINs can be returned by Credential Manager. Note: Enabling this policy setting could prevent certain smart cards from working on Windows. Please consult your smart card manufacturer to find out whether you will be affected by this policy setting.
Reverse the subject name stored in a certificate when displaying
This policy setting lets you reverse the subject name from how it is stored in the certificate when displaying it during logon. By default the user principal name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example if the certificate subject was CN=User1 OU=Users DN=example DN=com and had an UPN of user1@example. com then “User1” will be displayed along with “user1@example. com. ” If the UPN is not present then the entire subject name will be displayed. This setting controls the appearance of that subject name and might need to be adjusted per organization. If you enable this policy setting or do not configure this setting then the subject name will be reversed. If you disable the subject name will be displayed as it appears in the certificate.