Category: At least Windows Server 2003 operating systems or Windows XP Professional
Remove the “Undock PC” button from the Start Menu
If you enable this setting the “Undock PC” button is removed from the simple Start Menu and your PC cannot be undocked. If you disable this setting or do not configure it the “Undock PC” button remains on the simple Start menu and your PC can be undocked.
Remove Clock from the system notification area
Prevents the clock in the system notification area from being displayed. If you enable this setting the clock will not be displayed in the system notification area. If you disable or do not configure this setting the default behavior of the clock appearing in the notification area will occur.
Prevent grouping of taskbar items
This setting affects the taskbar buttons used to switch between running programs. Taskbar grouping consolidates similar applications when there is no room on the taskbar. It kicks in when the user’s taskbar is full. If you enable this setting it prevents the taskbar from grouping items that share the same program name. By default this setting is always enabled. If you disable or do not configure it items on the taskbar that share the same program are grouped together. The users have the option to disable grouping if they choose.
Remove All Programs list from the Start menu
This policy setting allows you to remove the All Programs list from the Start menu. If you enable this policy setting the “All Programs” item is removed from the simple Start menu. The Start Screen will show the All Apps view but it will only contain items that are pinned to start. If you disable or do not configure this policy setting the “All Programs” item remains on the simple Start menu.
Lock the Taskbar
This setting affects the taskbar which is used to switch between running applications. The taskbar includes the Start button list of currently running tasks and the notification area. By default the taskbar is located at the bottom of the screen but it can be dragged to any side of the screen. When it is locked it cannot be moved or resized. If you enable this setting it prevents the user from moving or resizing the taskbar. While the taskbar is locked auto-hide and other taskbar options are still available in Taskbar properties. If you disable this setting or do not configure it the user can configure the taskbar position. Note: Enabling this setting also locks the QuickLaunch bar and any other toolbars that the user has on their taskbar. The toolbar’s position is locked and the user cannot show and hide various toolbars using the taskbar context menu.
Turn off notification area cleanup
This setting affects the notification area also called the “system tray. “The notification area is located in the task bar generally at the bottom of the screen and it includes the clock and current notifications. This setting determines whether the items are always expanded or always collapsed. By default notifications are collapsed. The notification cleanup << icon can be referred to as the "notification chevron. "If you enable this setting the system notification area expands to show all of the notifications that use this area. If you disable this setting the system notification area will always collapse notifications. If you do not configure it the user can choose if they want notifications collapsed.
Specify communities
This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service. SNMP is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events. A valid community is a community recognized by the SNMP service while a community is a group of hosts (servers workstations hubs and routers) that are administered together by SNMP. The SNMP service is a managed network node that receives SNMP packets from the network. If you enable this policy setting the SNMP agent only accepts requests from management systems within the communities it recognizes and only SNMP Read operation is allowed for the community. If you disable or do not configure this policy setting the SNMP service takes the Valid Communities configured on the local computer instead. Best practice: For security purposes it is recommended to restrict the HKEY_LOCAL_MACHINE -> SOFTWARE -> Policies -> SNMP -> Parameters -> ValidCommunities key to allow only the local admin group full control. Note: It is good practice to use a cryptic community name. Note: This policy setting has no effect if the SNMP agent is not installed on the client computer. Also see the other two SNMP settings: “Specify permitted managers” and “Specify trap configuration”.
Specify permitted managers
This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer. Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events. The manager is located on the host computer on the network. The manager’s role is to poll the agents for certain requested information. If you enable this policy setting the SNMP agent only accepts requests from the list of permitted managers that you configure using this setting. If you disable or do not configure this policy setting SNMP service takes the permitted managers configured on the local computer instead. Best practice: For security purposes it is recommended to restrict the HKEY_LOCAL_MACHINE -> SOFTWARE -> Policies -> SNMP -> Parameters -> PermittedManagers key to allow only the local admin group full control. Note: This policy setting has no effect if the SNMP agent is not installed on the client computer. Also see the other two SNMP policy settings: “Specify trap configuration” and “Specify Community Name”.
Specify traps for public community
This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent. Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events. This policy setting allows you to configure the name of the hosts that receive trap messages for the community sent by the SNMP service. A trap message is an alert or significant event that allows the SNMP agent to notify management systems asynchronously. If you enable this policy setting the SNMP service sends trap messages to the hosts within the “public” community. If you disable or do not configure this policy setting the SNMP service takes the trap configuration configured on the local computer instead. Note: This setting has no effect if the SNMP agent is not installed on the client computer. Also see the other two SNMP settings: “Specify permitted managers” and “Specify Community Name”.
Allow DFS roots to be published
This policy setting determines whether the user can publish DFS roots in Active Directory Domain Services (AD DS). If you enable or do not configure this policy setting users can use the “Publish in Active Directory” option to publish DFS roots as shared folders in AD DS . If you disable this policy setting users cannot publish DFS roots in AD DS and the “Publish in Active Directory” option is disabled. Note: The default is to allow shared folders to be published when this setting is not configured.