Tag: Computer Configuration
File Classification Infrastructure: Display Classification tab in File Explorer
This policy setting controls whether the Classification tab is displayed in the Properties dialog box in File Explorer. The Classification tab enables users to manually classify files by selecting properties from a list. Administrators can define the properties for the organization by using Group Policy and supplement these with properties defined on individual file servers by using File Classification Infrastructure which is part of the File Server Resource Manager role service. If you enable this policy setting the Classification tab is displayed. If you disable or do not configure this policy setting the Classification tab is hidden.
Configure root certificate clean up
This policy setting allows you to manage the clean up behavior of root certificates. If you enable this policy setting then root certificate cleanup will occur according to the option selected. If you disable or do not configure this setting then root certificate clean up will occur on log off.
Turn on root certificate propagation from smart card
This policy setting allows you to manage the root certificate propagation that occurs when a smart card is inserted. If you enable or do not configure this policy setting then root certificate propagation will occur when you insert your smart card. Note: For this policy setting to work the following policy setting must also be enabled: Turn on certificate propagation from smart card. If you disable this policy setting then root certificates will not be propagated from the smart card.
Display string when smart card is blocked
This policy setting allows you to manage the displayed message when a smart card is blocked. If you enable this policy setting the specified message will be displayed to the user when the smart card is blocked. Note: The following policy setting must be enabled – Allow Integrated Unblock screen to be displayed at the time of logon. If you disable or do not configure this policy setting the default message will be displayed to the user when the smart card is blocked if the integrated unblock feature is enabled.
Reverse the subject name stored in a certificate when displaying
This policy setting lets you reverse the subject name from how it is stored in the certificate when displaying it during logon. By default the user principal name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example if the certificate subject was CN=User1 OU=Users DN=example DN=com and had an UPN of user1@example. com then “User1” will be displayed along with “user1@example. com. ” If the UPN is not present then the entire subject name will be displayed. This setting controls the appearance of that subject name and might need to be adjusted per organization. If you enable this policy setting or do not configure this setting then the subject name will be reversed. If you disable the subject name will be displayed as it appears in the certificate.
Prevent plaintext PINs from being returned by Credential Manager
This policy setting prevents plaintext PINs from being returned by Credential Manager. If you enable this policy setting Credential Manager does not return a plaintext PIN. If you disable or do not configure this policy setting plaintext PINs can be returned by Credential Manager. Note: Enabling this policy setting could prevent certain smart cards from working on Windows. Please consult your smart card manufacturer to find out whether you will be affected by this policy setting.
Allow user name hint
This policy setting lets you determine whether an optional field will be displayed during logon and elevation that allows a user to enter his or her user name or user name and domain thereby associating a certificate with that user. If you enable this policy setting then an optional field that allows a user to enter their user name or user name and domain will be displayed. If you disable or do not configure this policy setting an optional field that allows users to enter their user name or user name and domain will not be displayed.
Turn on Smart Card Plug and Play service
This policy setting allows you to control whether Smart Card Plug and Play is enabled. If you enable or do not configure this policy setting Smart Card Plug and Play will be enabled and the system will attempt to install a Smart Card device driver when a card is inserted in a Smart Card Reader for the first time. If you disable this policy setting Smart Card Plug and Play will be disabled and a device driver will not be installed when a card is inserted in a Smart Card Reader. Note: This policy setting is applied only for smart cards that have passed the Windows Hardware Quality Labs (WHQL) testing process.
Allow signature keys valid for Logon
This policy setting lets you allow signature key-based certificates to be enumerated and available for logon. If you enable this policy setting then any certificates available on the smart card with a signature only key will be listed on the logon screen. If you disable or do not configure this policy setting any available smart card signature key-based certificates will not be listed on the logon screen.
Allow time invalid certificates
This policy setting permits those certificates to be displayed for logon that are either expired or not yet valid. Under previous versions of Microsoft Windows certificates were required to contain a valid time and not be expired. The certificate must still be accepted by the domain controller in order to be used. This setting only controls the displaying of the certificate on the client machine. If you enable this policy setting certificates will be listed on the logon screen regardless of whether they have an invalid time or their time validity has expired. If you disable or do not configure this policy setting certificates which are expired or not yet valid will not be listed on the logon screen.