Tag: Computer Configuration
Prevent changing start menu background
Prevents users from changing the look of their start menu background such as its color or accent. By default users can change the look of their start menu background such as its color or accent. If you enable this setting the user will be assigned the default start menu background and colors and will not be allowed to change them. If the “Force a specific background and accent color” policy is also set on a supported version of Windows then those colors take precedence over this policy. If the “Force a specific Start background” policy is also set on a supported version of Windows then that background takes precedence over this policy.
Force a specific background and accent color
Forces Windows to use the specified colors for the background and accent. The color values are specified in hex as #RGB. By default users can change the background and accent colors. If this setting is enabled the background and accent colors of Windows will be set to the specified colors and users cannot change those colors. This setting will not be applied if the specified colors do not meet a contrast ratio of 2:1 with white text.
Prevent enabling lock screen camera
Disables the lock screen camera toggle switch in PC Settings and prevents a camera from being invoked on the lock screen. By default users can enable invocation of an available camera on the lock screen. If you enable this setting users will no longer be able to enable or disable lock screen camera access in PC Settings and the camera cannot be invoked on the lock screen.
Prevent enabling lock screen slide show
Disables the lock screen slide show settings in PC Settings and prevents a slide show from playing on the lock screen. By default users can enable a slide show that will run after they lock the machine. If you enable this setting users will no longer be able to modify slide show settings in PC Settings and no slide show will ever start.
Prevent changing lock screen image
Prevents users from changing the background image shown when the machine is locked. By default users can change the background image shown when the machine is locked. If you enable this setting the user will not be able to change their lock screen image and they will instead see the default image.
Do not display the lock screen
This policy setting controls whether the lock screen appears for users. If you enable this policy setting users that are not required to press CTRL + ALT + DEL before signing in will see their selected tile after locking their PC. If you disable or do not configure this policy setting users that are not required to press CTRL + ALT + DEL before signing in will see a lock screen after locking their PC. They must dismiss the lock screen using touch the keyboard or by dragging it with the mouse.
Disable remote Desktop Sharing
Disables the remote desktop sharing feature of NetMeeting. Users will not be able to set it up or use it for controlling their computers remotely.
Download missing COM components
This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires. Many Windows programs such as the MMC snap-ins use the interfaces provided by the COM components. These programs cannot perform all their functions unless Windows has internally registered the required components. If you enable this policy setting and a component registration is missing the system searches for it in Active Directory and if it is found downloads it. The resulting searches might make some programs start or run slowly. If you disable or do not configure this policy setting the program continues without the registration. As a result the program might not perform all its functions or it might stop. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured the setting in Computer Configuration takes precedence over the setting in User Configuration.
SSL Cipher Suite Order
This policy setting determines the cipher suites used by the Secure Socket Layer (SSL). If you enable this policy setting SSL cipher suites are prioritized in the order specified. If you disable or do not configure this policy setting the factory default cipher suite order is used. SSL2 SSL3 TLS 1. 0 and TLS 1. 1 cipher suites:TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521 TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHATLS_RSA_WITH_RC4_128_MD5 SSL_CK_RC4_128_WITH_MD5 SSL_CK_DES_192_EDE3_CBC_WITH_MD5 TLS_RSA_WITH_NULL_SHATLS_RSA_WITH_NULL_MD5 TLS 1. 2 SHA256 and SHA384 cipher suites:TLS_RSA_WITH_AES_128_CBC_SHA256TLS_RSA_WITH_AES_256_CBC_SHA256TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521TLS_DHE_DSS_WITH_AES_128_CBC_SHA256TLS_DHE_DSS_WITH_AES_256_CBC_SHA256TLS_RSA_WITH_NULL_SHA256TLS 1. 2 ECC GCM cipher suites:TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521How to modify this setting:1. Open a blank notepad document. 2. Copy and paste the list of available suites into it. 3. Arrange the suites in the correct order; remove any suites you don’t want to use. 4. Place a comma at the end of every suite name except the last. Make sure there are NO embedded spaces. 5. Remove all the line breaks so that the cipher suite names are on a single long line. 6. Copy the cipher-suite line to the clipboard then paste it into the edit box. The maximum length is 1023 characters.
Tag Windows Customer Experience Improvement data with Study Identifier
This policy setting will enable tagging of Windows Customer Experience Improvement data when a study is being conducted. If you enable this setting then Windows CEIP data uploaded will be tagged. If you do not configure this setting or disable it then CEIP data will not be tagged with the Study Identifier.