Category: At least Windows Server 2003 operating systems or Windows XP Professional
Use maximum DC discovery retry interval setting for background callers
This policy setting determines the maximum retry interval allowed when applications performing periodic searches for Domain Controllers (DCs) are unable to find a DC. For example the retry intervals may be set at 10 minutes then 20 minutes and then 40 minutes but when the interval reaches the value set in this setting that value becomes the retry interval for all subsequent retries until the value set in Final DC Discovery Retry Setting is reached. The default value for this setting is 60 minutes (60*60). The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0. If the value for this setting is smaller than the value specified for the Initial DC Discovery Retry Setting the Initial DC Discovery Retry Setting is used. Warning: If the value for this setting is too large a client may take very long periods to try to find a DC. If the value for this setting is too small and the DC is not available the frequent retries may produce excessive network traffic.
Use initial DC discovery retry setting for background callers
This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform periodic searches for domain controllers (DC) that are unable to find a DC. The default value for this setting is 10 minutes (10*60). The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0. This setting is relevant only to those callers of DsGetDcName that have specified the DS_BACKGROUND_ONLY flag. If the value of this setting is less than the value specified in the NegativeCachePeriod subkey the value in the NegativeCachePeriod subkey is used. Warning: If the value for this setting is too large a client will not attempt to find any DCs that were initially unavailable. If the value set in this setting is very small and the DC is not available the traffic caused by periodic DC discoveries may be excessive.
Contact PDC on logon failure
This policy setting defines whether a domain controller (DC) should attempt to verify the password provided by a client with the PDC emulator if the DC failed to validate the password. Contacting the PDC emulator is useful in case the client’s password was recently changed and did not propagate to the DC yet. Users may want to disable this feature if the PDC emulator is located over a slow WAN connection. If you enable this policy setting the DCs to which this policy setting applies will attempt to verify a password with the PDC emulator if the DC fails to validate the password. If you disable this policy setting the DCs will not attempt to verify any passwords with the PDC emulator. If you do not configure this policy setting it is not applied to any DCs.
Turn off creation of System Restore checkpoints
This policy setting prevents Windows Installer from creating a System Restore checkpoint each time an application is installed. System Restore enables users in the event of a problem to restore their computers to a previous state without losing personal data files. If you enable this policy setting the Windows Installer does not generate System Restore checkpoints when installing applications. If you disable or do not configure this policy setting by default the Windows Installer automatically creates a System Restore checkpoint each time an application is installed so that users can restore their computer to the state it was in before installing the application.
Remote Desktops
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured the setting of the “Restrict users to the explicitly permitted list of snap-ins” setting determines whether this snap-in is permitted or prohibited. — If the policy setting “Restrict users to the explicitly permitted list of snap-ins” is enabled users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in enable this policy setting. If this policy setting is not configured or disabled this snap-in is prohibited. — If the policy setting “Restrict users to the explicitly permitted list of snap-ins” is disabled or not configured users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in disable this policy setting. If this policy setting is not configured or enabled the snap-in is permitted. When a snap-in is prohibited it does not appear in the Add/Remove Snap-in window in MMC. Also when a user opens a console file that includes a prohibited snap-in the console file opens but the prohibited snap-in does not appear.
IP Security Monitor
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured the setting of the “Restrict users to the explicitly permitted list of snap-ins” setting determines whether this snap-in is permitted or prohibited. — If the policy setting “Restrict users to the explicitly permitted list of snap-ins” is enabled users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in enable this policy setting. If this policy setting is not configured or disabled this snap-in is prohibited. — If the policy setting “Restrict users to the explicitly permitted list of snap-ins” is disabled or not configured users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in disable this policy setting. If this policy setting is not configured or enabled the snap-in is permitted. When a snap-in is prohibited it does not appear in the Add/Remove Snap-in window in MMC. Also when a user opens a console file that includes a prohibited snap-in the console file opens but the prohibited snap-in does not appear.
IP Security Policy Management
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured the setting of the “Restrict users to the explicitly permitted list of snap-ins” setting determines whether this snap-in is permitted or prohibited. — If the policy setting “Restrict users to the explicitly permitted list of snap-ins” is enabled users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in enable this policy setting. If this policy setting is not configured or disabled this snap-in is prohibited. — If the policy setting “Restrict users to the explicitly permitted list of snap-ins” is disabled or not configured users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in disable this policy setting. If this policy setting is not configured or enabled the snap-in is permitted. When a snap-in is prohibited it does not appear in the Add/Remove Snap-in window in MMC. Also when a user opens a console file that includes a prohibited snap-in the console file opens but the prohibited snap-in does not appear.
FrontPage Server Extensions
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured the setting of the “Restrict users to the explicitly permitted list of snap-ins” setting determines whether this snap-in is permitted or prohibited. — If the policy setting “Restrict users to the explicitly permitted list of snap-ins” is enabled users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in enable this policy setting. If this policy setting is not configured or disabled this snap-in is prohibited. — If the policy setting “Restrict users to the explicitly permitted list of snap-ins” is disabled or not configured users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in disable this policy setting. If this policy setting is not configured or enabled the snap-in is permitted. When a snap-in is prohibited it does not appear in the Add/Remove Snap-in window in MMC. Also when a user opens a console file that includes a prohibited snap-in the console file opens but the prohibited snap-in does not appear.
Security Settings
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured the setting of the “Restrict users to the explicitly permitted list of snap-ins” setting determines whether this snap-in is permitted or prohibited. — If the policy setting “Restrict users to the explicitly permitted list of snap-ins” is enabled users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in enable this policy setting. If this policy setting is not configured or disabled this snap-in is prohibited. — If the policy setting “Restrict users to the explicitly permitted list of snap-ins” is disabled or not configured users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in disable this policy setting. If this policy setting is not configured or enabled the snap-in is permitted. When a snap-in is prohibited it does not appear in the Add/Remove Snap-in window in MMC. Also when a user opens a console file that includes a prohibited snap-in the console file opens but the prohibited snap-in does not appear.
Scripts (Logon/Logoff)
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured the setting of the “Restrict users to the explicitly permitted list of snap-ins” setting determines whether this snap-in is permitted or prohibited. — If the policy setting “Restrict users to the explicitly permitted list of snap-ins” is enabled users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in enable this policy setting. If this policy setting is not configured or disabled this snap-in is prohibited. — If the policy setting “Restrict users to the explicitly permitted list of snap-ins” is disabled or not configured users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in disable this policy setting. If this policy setting is not configured or enabled the snap-in is permitted. When a snap-in is prohibited it does not appear in the Add/Remove Snap-in window in MMC. Also when a user opens a console file that includes a prohibited snap-in the console file opens but the prohibited snap-in does not appear.