Tag: Computer Configuration
Proxy definitions are authoritative
This setting does not apply to desktop apps. Turns off Windows Network Isolation’s automatic proxy discovery in the domain corporate environment. If you enable this policy setting it turns off Windows Network Isolation’s automatic proxy discovery in the domain corporate environment. Only proxies configured with Group Policy are authoritative. This applies to both Internet and intranet proxies. If you disable or do not configure this policy setting Windows Network Isolation attempts to automatically discover your proxy server addresses. For more information see: http://go. microsoft. com/fwlink/p/?LinkId=234043
Private network ranges for apps
This setting does not apply to desktop apps. A comma-separated list of IP address ranges that are in your corporate network. If you enable this policy setting it ensures that apps with the Home/Work Networking capability have appropriate access to your corporate network. These addresses are only accessible to apps if and only if the app has declared the Home/Work Networking capability. Windows Network Isolation attempts to automatically discover private network hosts. By default the addresses configured with this policy setting are merged with the hosts that are declared as private through automatic discovery. To ensure that these addresses are the only addresses ever classified as private enable the “Subnet definitions are authoritative” policy setting. If you disable or do not configure this policy setting Windows Network Isolation attempts to automatically discover your private network hosts. Example: 3efe:1092::/9618. 1. 1. 1/10 For more information see: http://go. microsoft. com/fwlink/p/?LinkId=234043
Intranet proxy servers for apps
This setting does not apply to desktop apps. A semicolon-separated list of intranet proxy server IP addresses. These addresses are categorized as private by Windows Network Isolation and are accessible to apps that have the Home/Work Networking capability. If you enable this policy setting it allows an administrator to configure a set of proxies that provide access to intranet resources. If you disable or do not configure this policy setting Windows Network Isolation attempts to discover proxies and configures them as Internet nodes. This setting should NOT be used to configure Internet proxies. Example: [3efe:3022::1000]; 18. 0. 0. 1; 18. 0. 0. 2For more information see: http://go. microsoft. com/fwlink/p/?LinkId=234043
Internet proxy servers for apps
This setting does not apply to desktop apps. A semicolon-separated list of Internet proxy server IP addresses. These addresses are categorized as Internet by Windows Network Isolation and are accessible to apps that have the Internet Client or Internet Client/Server capabilities. If you enable this policy setting apps on proxied networks can access the Internet without relying on the Private Network capability. However in most situations Windows Network Isolation will be able to correctly discover proxies. By default any proxies configured with this setting are merged with proxies that are auto-discovered. To make this policy configuration the sole list of allowed proxies enable the “Proxy definitions are authoritative” setting. If you disable or do not configure this policy setting apps will use the Internet proxies auto-discovered by Windows Network Isolation. Example: [3efe:3022::1000];18. 0. 0. 1;18. 0. 0. 2 For more information see: http://go. microsoft. com/fwlink/p/?LinkId=234043
Route all traffic through the internal network
This policy setting determines whether a remote client computer routes Internet traffic through the internal network or whether the client accesses the Internet directly. When a remote client computer connects to an internal network using DirectAccess it can access the Internet in two ways: through the secure tunnel that DirectAccess establishes between the computer and the internal network or directly through the local default gateway. If you enable this policy setting all traffic between a remote client computer running DirectAccess and the Internet is routed through the internal network. If you disable this policy setting traffic between remote client computers running DirectAccess and the Internet is not routed through the internal network. If you do not configure this policy setting traffic between remote client computers running DirectAccess and the Internet is not routed through the internal network.
Do not show the “local access only” network icon
Specifies whether or not the “local access only” network icon will be shown. When enabled the icon for Internet access will be shown in the system tray even when a user is connected to a network with local access only. If you disable this setting or do not configure it the “local access only” icon will be used when a user is connected to a network with local access only.
Require domain users to elevate when setting a network’s location
This policy setting determines whether to require domain users to elevate when setting a network’s location. If you enable this policy setting domain users must elevate when setting a network’s location. If you disable or do not configure this policy setting domain users can set a network’s location without elevating.
Prohibit use of Internet Connection Sharing on your DNS domain network
Determines whether administrators can enable and configure the Internet Connection Sharing (ICS) feature of an Internet connection and if the ICS service can run on the computer. ICS lets administrators configure their system as an Internet gateway for a small network and provides network services such as name resolution and addressing through DHCP to the local private network. If you enable this setting ICS cannot be enabled or configured by administrators and the ICS service cannot run on the computer. The Advanced tab in the Properties dialog box for a LAN or remote access connection is removed. The Internet Connection Sharing page is removed from the New Connection Wizard. The Network Setup Wizard is disabled. If you disable this setting or do not configure it and have two or more connections administrators can enable ICS. The Advanced tab in the properties dialog box for a LAN or remote access connection is available. In addition the user is presented with the option to enable Internet Connection Sharing in the Network Setup Wizard and Make New Connection Wizard. (The Network Setup Wizard is available only in Windows XP Professional. )By default ICS is disabled when you create a remote access connection but administrators can use the Advanced tab to enable it. When running the New Connection Wizard or Network Setup Wizard administrators can choose to enable ICS. Note: Internet Connection Sharing is only available when two or more network connections are present. Note: When the “Prohibit access to properties of a LAN connection” “Ability to change properties of an all user remote access connection” or “Prohibit changing properties of a private remote access connection” settings are set to deny access to the Connection Properties dialog box the Advanced tab for the connection is blocked. Note: Nonadministrators are already prohibited from configuring Internet Connection Sharing regardless of this setting. Note: Disabling this setting does not prevent Wireless Hosted Networking from using the ICS service for DHCP services. To prevent the ICS service from running on the Network Permissions tab in the network’s policy properties select the “Don’t use hosted networks” check box.
Prohibit use of Internet Connection Firewall on your DNS domain network
Prohibits use of Internet Connection Firewall on your DNS domain network. Determines whether users can enable the Internet Connection Firewall feature on a connection and if the Internet Connection Firewall service can run on a computer. Important: This setting is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed this setting does not apply. The Internet Connection Firewall is a stateful packet filter for home and small office users to protect them from Internet network security threats. If you enable this setting Internet Connection Firewall cannot be enabled or configured by users (including administrators) and the Internet Connection Firewall service cannot run on the computer. The option to enable the Internet Connection Firewall through the Advanced tab is removed. In addition the Internet Connection Firewall is not enabled for remote access connections created through the Make New Connection Wizard. The Network Setup Wizard is disabled. Note: If you enable the “Windows Firewall: Protect all network connections” policy setting the “Prohibit use of Internet Connection Firewall on your DNS domain network” policy setting has no effect on computers that are running Windows Firewall which replaces Internet Connection Firewall when you install Windows XP Service Pack 2. If you disable this setting or do not configure it the Internet Connection Firewall is disabled when a LAN Connection or VPN connection is created but users can use the Advanced tab in the connection properties to enable it. The Internet Connection Firewall is enabled by default on the connection for which Internet Connection Sharing is enabled. In addition remote access connections created through the Make New Connection Wizard have the Internet Connection Firewall enabled.
Prohibit installation and configuration of Network Bridge on your DNS domain network
Determines whether a user can install and configure the Network Bridge. Important: This settings is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed this setting does not apply. The Network Bridge allows users to create a layer 2 MAC bridge enabling them to connect two or more network segements together. This connection appears in the Network Connections folder. If you disable this setting or do not configure it the user will be able to create and modify the configuration of a Network Bridge. Enabling this setting does not remove an existing Network Bridge from the user’s computer.