Tag: Computer Configuration
Do not display ‘Install Updates and Shut Down’ option in Shut Down Windows dialog box
This policy setting allows you to manage whether the ‘Install Updates and Shut Down’ option is displayed in the Shut Down Windows dialog box. If you enable this policy setting ‘Install Updates and Shut Down’ will not appear as a choice in the Shut Down Windows dialog box even if updates are available for installation when the user selects the Shut Down option in the Start menu. If you disable or do not configure this policy setting the ‘Install Updates and Shut Down’ option will be available in the Shut Down Windows dialog box if updates are available when the user selects the Shut Down option in the Start menu.
Do not adjust default option to ‘Install Updates and Shut Down’ in Shut Down Windows dialog box
This policy setting allows you to manage whether the ‘Install Updates and Shut Down’ option is allowed to be the default choice in the Shut Down Windows dialog. If you enable this policy setting the user’s last shut down choice (Hibernate Restart etc. ) is the default option in the Shut Down Windows dialog box regardless of whether the ‘Install Updates and Shut Down’ option is available in the ‘What do you want the computer to do?’ list. If you disable or do not configure this policy setting the ‘Install Updates and Shut Down’ option will be the default option in the Shut Down Windows dialog box if updates are available for installation at the time the user selects the Shut Down option in the Start menu. Note that this policy setting has no impact if the Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update -> Do not display ‘Install Updates and Shut Down’ option in Shut Down Windows dialog box policy setting is enabled.
Configure Automatic Updates
Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. Note: This policy does not apply to Windows RT. This setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled you must select one of the four options in the Group Policy Setting: 2 = Notify before downloading and installing any updates. When Windows finds updates that apply to this computer users will be notified that updates are ready to be downloaded. After going to Windows Update users can download and install any available updates. 3 = (Default setting) Download the updates automatically and notify when they are ready to be installed Windows finds updates that apply to the computer and downloads them in the background (the user is not notified or interrupted during this process). When the downloads are complete users will be notified that they are ready to install. After going to Windows Update users can install them. 4 = Automatically download updates and install them on the schedule specified below. Specify the schedule using the options in the Group Policy Setting. If no schedule is specified the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart the user will be notified and given the option to delay the restart. ) On Windows 8 and later you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer is not in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days Windows Update will install updates right away. Users will then be notified about an upcoming restart and that restart will only take place if there is no potential for accidental data loss. Automatic maintenance can be further configured by using Group Policy settings here: Computer Configuration->Administrative Templates->Windows Components->Maintenance Scheduler 5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. With this option local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators will not be allowed to disable the configuration for Automatic Updates. If the status for this policy is set to Disabled any updates that are available on Windows Update must be downloaded and installed manually. To do this search for Windows Update using Start. If the status is set to Not Configured use of Automatic Updates is not specified at the Group Policy level. However an administrator can still configure Automatic Updates through Control Panel.
Specify intranet Microsoft update service location
Specifies an intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network. This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network. To use this setting you must set two servername values: the server from which the Automatic Updates client detects and downloads updates and the server to which updated workstations upload statistics. You can set both values to be the same server. If the status is set to Enabled the Automatic Updates client connects to the specified intranet Microsoft update service instead of Windows Update to search for and download updates. Enabling this setting means that end users in your organization don’t have to go through a firewall to get updates and it gives you the opportunity to test updates before deploying them. If the status is set to Disabled or Not Configured and if Automatic Updates is not disabled by policy or user preference the Automatic Updates client connects directly to the Windows Update site on the Internet. Note: If the “Configure Automatic Updates” policy is disabled then this policy has no effect. Note: This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs.
Automatic Updates detection frequency
Specifies the hours that Windows will use to determine how long to wait before checking for available updates. The exact wait time is determined by using the hours specified here minus zero to twenty percent of the hours specified. For example if this policy is used to specify a 20 hour detection frequency then all clients to which this policy is applied will check for updates anywhere between 16 and 20 hours. If the status is set to Enabled Windows will check for available updates at the specified interval. If the status is set to Disabled or Not Configured Windows will check for available updates at the default interval of 22 hours. Note: The “Specify intranet Microsoft update service location” setting must be enabled for this policy to have effect. Note: If the “Configure Automatic Updates” policy is disabled this policy has no effect. Note: This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs.
Allow CredSSP authentication
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts CredSSP authentication from a remote client. If you enable this policy setting the WinRM service accepts CredSSP authentication from a remote client. If you disable or do not configure this policy setting the WinRM service does not accept CredSSP authentication from a remote client.
Specify channel binding token hardening level
This policy setting allows you to set the hardening level of the Windows Remote Management (WinRM) service with regard to channel binding tokens. If you enable this policy setting the WinRM service uses the level specified in HardeningLevel to determine whether or not to accept a received request based on a supplied channel binding token. If you disable or do not configure this policy setting you can configure the hardening level locally on each computer. If HardeningLevel is set to Strict any request not containing a valid channel binding token is rejected. If HardeningLevel is set to Relaxed (default value) any request containing an invalid channel binding token is rejected. However a request that does not contain a channel binding token is accepted (though it is not protected from credential-forwarding attacks). If HardeningLevel is set to None all requests are accepted (though they are not protected from credential-forwarding attacks).
Allow Remote Shell Access
This policy setting configures access to remote shells. If you enable this policy setting and set it to False new remote shell connections are rejected by the server. If you disable or do not configure this policy setting new remote shell connections are allowed.
Specify idle Timeout
This policy setting configures the maximum time in milliseconds remote shell will stay open without any user activity until it is automatically deleted. Any value from 0 to 0x7FFFFFFF can be set. A minimum of 60000 milliseconds (1 minute) is used for smaller values. If you enable this policy setting the server will wait for the specified amount of time since the last received message from the client before terminating the open shell. If you do not configure or disable this policy setting the default value of 900000 or 15 min will be used.
MaxConcurrentUsers
This policy setting configures the maximum number of users able to concurrently perform remote shell operations on the system. The value can be any number from 1 to 100. If you enable this policy setting the new shell connections are rejected if they exceed the specified limit. If you disable or do not configure this policy setting the default number is five users.