Tag: Machine

This security feature provides a global setting to prevent programs from loading untrusted fonts. Untrusted fonts are any font installed outside of the %windir% -> Fonts directory. This feature can be configured to be in 3 modes: On Off and Audit. By default it is Off and no fonts are blocked. If you aren’t quite ready to deploy this feature into your organization you can run it in Audit mode to see if blocking untrusted fonts causes any usability or compatibility issues.

This policy setting determines whether users can access the Insider build controls in the Advanced Options for Windows Update. These controls are located under “Get Insider builds” and enable users to make their devices available for downloading and installing Windows preview software.If you enable or do not configure this policy setting users can download and install Windows preview software on their devices.If you disable this policy setting the item “Get Insider builds” will be unavailable.Note: This policy setting applies only to devices running the Pro Enterprise or Server editions of Windows 10.

Manages a Windows app’s ability to share data between users who have installed the app. If you enable this policy a Windows app can share app data with other instances of that app. Data is shared through the SharedLocal folder. This folder is available through the Windows.Storage API. If you disable this policy a Windows app can’t share app data with other instances of that app. If this policy was previously enabled any previously shared app data will remain in the SharedLocal folder.

This policy setting controls whether Windows Store apps with Windows Runtime API access directly from web content can be launched. If you enable this policy setting Windows Store apps with Windows Runtime API access directly from web content cannot be launched; Windows Store apps without Windows Runtime API access from web content are not affected. If you disable or do not configure this policy setting all Windows Store apps can be launched.

This policy setting allows the administrator to assign a specified credential provider as the default credential provider.If you enable this policy setting the specified credential provider is selected on other user tile.If you disable or do not configure this policy setting the system picks the default credential provider on other user tile.Note: A list of registered credential providers and their GUIDs can be found in the registry at HKEY_LOCAL_MACHINE -> SOFTWARE -> Microsoft -> Windows -> CurrentVersion -> Authentication -> Credential Providers.

This policy setting determines the amount of diagnostic and usage data reported to Microsoft. A value of 0 indicates that no telemetry data from OS components is sent to Microsoft. Setting a value of 0 is applicable to enterprise and server devices only. Setting a value of 0 for other devices is equivalent to choosing a value of 1. A value of 1 sends only a limited or basic amount of diagnostic and usage data. Note that setting values of 0 or 1 will degrade certain experiences on the device. A value of 2 sends enhanced diagnostic and usage data. A value of 3 sends the same data as a value of 2 plus additional diagnostics data such as the system state at the time of a hang or crash and the files and content that may have caused the problem.If you disable or do not configure this policy setting users can configure the Telemetry level in Settings.

This policy setting determines the level that Microsoft can experiment with the product to study user preferences or device behavior. A value of 1 permits Microsoft to configure device settings only. A value of 2 allows Microsoft to conduct full experimentations.If you disable this policy setting all experimentations will be turned off.If you do not configure this policy setting user can configure the “Let Microsoft try features on this build” option in Settings.