Tag: User Configuration
Trust logic for file attachments
This policy setting allows you to configure the logic that Windows uses to determine the risk for file attachments. Preferring the file handler instructs Windows to use the file handler data over the file type data. For example trust notepad. exe but don’t trust . txt files. Preferring the file type instructs Windows to use the file type data over the file handler data. For example trust . txt files regardless of the file handler. Using both the file handler and type data is the most restrictive option. Windows chooses the more restrictive recommendation which will cause users to see more trust prompts than choosing the other options. If you enable this policy setting you can choose the order in which Windows processes risk assessment data. If you disable this policy setting Windows uses its default trust logic which prefers the file handler over the file type. If you do not configure this policy setting Windows uses its default trust logic which prefers the file handler over the file type.
Notify antivirus programs when opening attachments
This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered they will all be notified. If the registered antivirus program already performs on-access checks or scans files as they arrive on the computer’s email server additional calls would be redundant. If you enable this policy setting Windows tells the registered antivirus program to scan the file when a user opens a file attachment. If the antivirus program fails the attachment is blocked from being opened. If you disable this policy setting Windows does not call the registered antivirus programs when file attachments are opened. If you do not configure this policy setting Windows does not call the registered antivirus programs when file attachments are opened.
Allow Microsoft accounts to be optional
This policy setting lets you control whether Microsoft accounts are optional for Windows Store apps that require an account to sign in. This policy only affects Windows Store apps that support it. If you enable this policy setting Windows Store apps that typically require a Microsoft account to sign in will allow users to sign in with an enterprise account instead. If you disable or do not configure this policy setting users will need to sign in with a Microsoft account.
Block launching desktop apps associated with a URI scheme
This policy setting lets you control whether Windows Store apps can open URIs using the default desktop app for a URI scheme. Because desktop apps run at a higher integrity level than Windows Store apps there is a risk that a URI scheme launched by a Windows Store app might compromise the system by launching a desktop app. If you enable this policy setting Windows Store apps cannot open URIs in the default desktop app for a URI scheme; they can open URIs only in other Windows Store apps. If you disable or do not configure this policy setting Windows Store apps can open URIs in the default desktop app for a URI scheme. Note: Enabling this policy setting does not block Windows Store apps from opening the default desktop app for the http https and mailto URI schemes. The handlers for these URI schemes are hardened against URI-based vulnerabilities from untrusted sources reducing the associated risk.
Block launching desktop apps associated with a file.
This policy setting lets you control whether Windows Store apps can open files using the default desktop app for a file type. Because desktop apps run at a higher integrity level than Windows Store apps there is a risk that a Windows Store app might compromise the system by opening a file in the default desktop app for a file type. If you enable this policy setting Windows Store apps cannot open files in the default desktop app for a file type; they can open files only in other Windows Store apps. If you disable or do not configure this policy setting Windows Store apps can open files in the default desktop app for a file type.
Turn off Program Compatibility Assistant
This setting exists only for backward compatibility and is not valid for this version of Windows. To configure the Program Compatibility Assistant use the ‘Turn off Program Compatibility Assistant’ setting under Computer Configuration -> Administrative Templates -> Windows Components -> Application Compatibility.
Hide Add/Remove Windows Components page
Removes the Add/Remove Windows Components button from the Add or Remove Programs bar. As a result users cannot view or change the associated page. The Add/Remove Windows Components button lets users configure installed services and use the Windows Component Wizard to add remove and configure components of Windows from the installation files. If you disable this setting or do not configure it the Add/Remove Windows Components button is available to all users. This setting does not prevent users from using other tools and methods to configure services or add or remove program components. However this setting blocks user access to the Windows Component Wizard.
Remove Support Information
Removes links to the Support Info dialog box from programs on the Change or Remove Programs page. Programs listed on the Change or Remove Programs page can include a “Click here for support information” hyperlink. When clicked the hyperlink opens a dialog box that displays troubleshooting information including a link to the installation files and data that users need to obtain product support such as the Product ID and version number of the program. The dialog box also includes a hyperlink to support information on the Internet such as the Microsoft Product Support Services Web page. If you disable this setting or do not configure it the Support Info hyperlink appears. Note: Not all programs provide a support information hyperlink.
Go directly to Components Wizard
Prevents users from using Add or Remove Programs to configure installed services. This setting removes the “Set up services” section of the Add/Remove Windows Components page. The “Set up services” section lists system services that have not been configured and offers users easy access to the configuration tools. If you disable this setting or do not configure it “Set up services” appears only when there are unconfigured system services. If you enable this setting “Set up services” never appears. This setting does not prevent users from using other methods to configure services. Note: When “Set up services” does not appear clicking the Add/Remove Windows Components button starts the Windows Component Wizard immediately. Because the only remaining option on the Add/Remove Windows Components page starts the wizard that option is selected automatically and the page is bypassed. To remove “Set up services” and prevent the Windows Component Wizard from starting enable the “Hide Add/Remove Windows Components page” setting. If the “Hide Add/Remove Windows Components page” setting is enabled this setting is ignored.
Hide Change or Remove Programs page
Removes the Change or Remove Programs button from the Add or Remove Programs bar. As a result users cannot view or change the attached page. The Change or Remove Programs button lets users uninstall repair add or remove features of installed programs. If you disable this setting or do not configure it the Change or Remove Programs page is available to all users. This setting does not prevent users from using other tools and methods to delete or uninstall programs.