Tag: Machine
Group ID
Set this policy to specify an arbitrary group ID that the device belongs to. Use this if you need to: 1. Limit the #of devices participating in peering in a domain network with many users. 2. Create a single group for Local Network Peering for branches that are on different domains or are not on the same NAT. Note: this is a best effort optimization and should not be relied on for an authentication of identity. You must use a GUID as the group ID.
Max Upload Bandwidth
Set this policy to define a cap for the upload bandwidth a device will utilize across all concurrent upload activity via Delivery Optimization (set in KB/s)
Max Cache Size
Set this policy to define the max cache size Delivery Optimization can utilize as a percentage of the internal disk size.
Max Cache Age
Set this policy to define the max time that each file is held in the Delivery Optimization cache.
Turn On Virtualization Based Security
Specifies whether Virtualization Based Security is enabled.Virtualization Based Security uses the Windows Hypervisor to provide support for security services. Virtualization Based Security requires Secure Boot and can optionally be enabled with the use of DMA Protections. DMA protections require hardware support and will only be enabled on correctly configured devices.Virtualization Based Protection of Code IntegrityThis setting enables virtualization based protection of Kernel Mode Code Integrity. When this is enabled kernel mode memory protections are enforced and the Code Integrity validation path is protected by the virtualization based security feature.Warning: All drivers on the system must be compatible with this feature or the system may crash. Ensure that this policy setting is only deployed to computers which are known to be compatible. Credential GuardThis setting lets you decide whether users can turn on Credential Guard with virtualization-based security to help protect credentials. Disabling these settings does not remove the feature from the computer. Instead you must also remove the security functionality from each computer with a physically present user in order to clear configuration persisted in Secure Boot.Please refer to the documentation for a complete set of requirements to securely configure this feature.
Deploy Code Integrity Policy
Deploy Code Integrity PolicyThis policy setting lets you deploy a Code Integrity Policy to a machine to control what is allowed to run on that machine.If you deploy a Code Integrity Policy Windows will restrict what can run in both kernel mode and on the Windows Desktop based on the policy. To enable this policy the machine must be rebooted. The file path must be either a UNC path (for example -> -> ServerName -> ShareName -> SIPolicy.p7b) or a locally valid path (for example C: -> FolderName -> SIPolicy.p7b). The local machine account (LOCAL SYSTEM) must have access permission to the policy file. If using a signed and protected policy then disabling this policy setting doesn’t remove the feature from the computer. Instead you must either: 1) first update the policy to a non-protected policy and then disable the setting or 2) disable the setting and then remove the policy from each computer with a physically present user.
Enables or disables Windows Game Recording and Broadcasting
Windows Game Recording and Broadcasting.This setting enables or disables the Windows Game Recording and Broadcasting features. If you disable this setting Windows Game Recording will not be allowed.If the setting is enabled or not configured then Recording and Broadcasting (streaming) will be allowed.