Tag: Computer Configuration
Enable access-denied assistance on client for all file types
This Group Policy Setting should be set on Windows clients to enable access-denied assistance for all file types
File Classification Infrastructure: Specify classification properties list
This policy setting controls which set of properties is available for classifying files on affected computers. Administrators can define the properties for the organization by using Active Directory Domain Services (AD DS) and then group these properties into lists. Administrators can supplement these properties on individual file servers by using File Classification Infrastructure which is part of the File Server Resource Manager role service. If you enable this policy setting you can select which list of properties is available for classification on the affected computers. If you disable or do not configure this policy setting the Global Resource Property List in AD DS provides the default set of properties.
Notify user of successful smart card driver installation
This policy setting allows you to control whether a confirmation message is displayed when a smart card device driver is installed. If you enable or do not configure this policy setting a confirmation message will be displayed when a smart card device driver is installed. If you disable this policy setting a confirmation message will not be displayed when a smart card device driver is installed. Note: This policy setting is applied only for smart cards that have passed the Windows Hardware Quality Labs (WHQL) testing process.
Allow ECC certificates to be used for logon and authentication
This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to log on to a domain. If you enable this policy setting ECC certificates on a smart card can be used to log on to a domain. If you disable or do not configure this policy setting ECC certificates on a smart card cannot be used to log on to a domain. Note: This policy setting only affects a user’s ability to log on to a domain. ECC certificates on a smart card that are used for other applications such as document signing are not affected by this policy setting. Note: If you use an ECDSA key to log on you must also have an associated ECDH key to permit logons when you are not connected to the network.
Turn on extensive logging for Active Directory Domain Services domain controllers that are running Server for NIS
This policy setting allows an administrator to configure extensive logging for computers that are running Server for Network Information Service (NIS). If you enable this policy setting intermediate steps of NIS map updates or propagations and whether map updates are successful are logged for all affected computers that are running Server for NIS. If you disable or do not configure this policy setting individual computers that are running the Server for NIS log steps of map propagations based upon how the “NIS map propagation logging” policy setting on the Logging tab of the Server for NIS Properties dialog box is configured.
Set the map update interval for NIS subordinate servers
This policy setting allows a Server for NIS administrator to configure an update interval for pushing Network Information Service (NIS) maps to NIS subordinate servers. If you enable this policy setting the map update interval specified in this policy setting is applied to all affected domain controllers that are running Server for NIS. If you disable or do not configure this policy setting individual computers that are running Server for NIS use the map update interval specified on the General tab of the Server for NIS Properties dialog box. Note: Valid values for intervals are whole numbers in the following ranges: days 0 through 99999; hours 0 through 23; minutes 0 through 59. The default value if the policy setting is enabled is one day.
Specify communities
This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service. SNMP is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events. A valid community is a community recognized by the SNMP service while a community is a group of hosts (servers workstations hubs and routers) that are administered together by SNMP. The SNMP service is a managed network node that receives SNMP packets from the network. If you enable this policy setting the SNMP agent only accepts requests from management systems within the communities it recognizes and only SNMP Read operation is allowed for the community. If you disable or do not configure this policy setting the SNMP service takes the Valid Communities configured on the local computer instead. Best practice: For security purposes it is recommended to restrict the HKEY_LOCAL_MACHINE -> SOFTWARE -> Policies -> SNMP -> Parameters -> ValidCommunities key to allow only the local admin group full control. Note: It is good practice to use a cryptic community name. Note: This policy setting has no effect if the SNMP agent is not installed on the client computer. Also see the other two SNMP settings: “Specify permitted managers” and “Specify trap configuration”.
Specify permitted managers
This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer. Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events. The manager is located on the host computer on the network. The manager’s role is to poll the agents for certain requested information. If you enable this policy setting the SNMP agent only accepts requests from the list of permitted managers that you configure using this setting. If you disable or do not configure this policy setting SNMP service takes the permitted managers configured on the local computer instead. Best practice: For security purposes it is recommended to restrict the HKEY_LOCAL_MACHINE -> SOFTWARE -> Policies -> SNMP -> Parameters -> PermittedManagers key to allow only the local admin group full control. Note: This policy setting has no effect if the SNMP agent is not installed on the client computer. Also see the other two SNMP policy settings: “Specify trap configuration” and “Specify Community Name”.
Specify traps for public community
This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent. Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events. This policy setting allows you to configure the name of the hosts that receive trap messages for the community sent by the SNMP service. A trap message is an alert or significant event that allows the SNMP agent to notify management systems asynchronously. If you enable this policy setting the SNMP service sends trap messages to the hosts within the “public” community. If you disable or do not configure this policy setting the SNMP service takes the trap configuration configured on the local computer instead. Note: This setting has no effect if the SNMP agent is not installed on the client computer. Also see the other two SNMP settings: “Specify permitted managers” and “Specify Community Name”.
Do not allow Sound Recorder to run
Specifies whether Sound Recorder can run. Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file. If you enable this policy setting Sound Recorder will not run. If you disable or do not configure this policy setting Sound Recorder can be run.