Category: At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2
Leave Windows Installer and Group Policy Software Installation Data
This policy setting determines whether the system retains a roaming user’s Windows Installer and Group Policy based software installation data on their profile deletion. By default Windows deletes all information related to a roaming user (which includes the user’s settings data Windows Installer related data and the like) when their profile is deleted. As a result the next time a roaming user whose profile was previously deleted on that client logs on they will need to reinstall all apps published via policy at logon increasing logon time. You can use this policy setting to change this behavior. If you enable this policy setting Windows will not delete Windows Installer or Group Policy software installation data for roaming users when profiles are deleted from the machine. This will improve the performance of Group Policy based Software Installation during user logon when a user profile is deleted and that user subsequently logs on to the machine. If you disable or do not configure this policy setting Windows will delete the entire profile for roaming users including the Windows Installer and Group Policy software installation data when those profiles are deleted. Note: If this policy setting is enabled for a machine local administrator action is required to remove the Windows Installer or Group Policy software installation data stored in the registry and file system of roaming users’ profiles on the machine.
Do not allow passwords to be saved
Controls whether a user can save passwords using Remote Desktop Connection. If you enable this setting the credential saving checkbox in Remote Desktop Connection will be disabled and users will no longer be able to save passwords. When a user opens an RDP file using Remote Desktop Connection and saves his settings any password that previously existed in the RDP file will be deleted. If you disable this setting or leave it not configured the user will be able to save passwords using Remote Desktop Connection
Do not allow passwords to be saved
Controls whether passwords can be saved on this computer from Remote Desktop Connection. If you enable this setting the password saving checkbox in Remote Desktop Connection will be disabled and users will no longer be able to save passwords. When a user opens an RDP file using Remote Desktop Connection and saves his settings any password that previously existed in the RDP file will be deleted. If you disable this setting or leave it not configured the user will be able to save passwords using Remote Desktop Connection.
Set RD Gateway authentication method
Specifies the authentication method that clients must use when attempting to connect to an RD Session Host server through an RD Gateway server. You can enforce this policy setting or you can allow users to overwrite this policy setting. By default when you enable this policy setting it is enforced. When this policy setting is enforced users cannot override this setting even if they select the “Use these RD Gateway server settings” option on the client. To allow users to overwrite this policy setting select the “Allow users to change this setting” check box. When you do this users can specify an alternate authentication method by configuring settings on the client using an RDP file or using an HTML script. If users do not specify an alternate authentication method the authentication method that you specify in this policy setting is used by default. If you disable or do not configure this policy setting the authentication method that is specified by the user is used if one is specified. If an authentication method is not specified the NTLM protocol that is enabled on the client or a smart card can be used for authentication.
Enable connection through RD Gateway
If you enable this policy setting when Remote Desktop Connection cannot connect directly to a remote computer (an RD Session Host server or a computer with Remote Desktop enabled) the clients will attempt to connect to the remote computer through an RD Gateway server. In this case the clients will attempt to connect to the RD Gateway server that is specified in the “Set RD Gateway server address” policy setting. You can enforce this policy setting or you can allow users to overwrite this setting. By default when you enable this policy setting it is enforced. When this policy setting is enforced users cannot override this setting even if they select the “Use these RD Gateway server settings” option on the client. Note: To enforce this policy setting you must also specify the address of the RD Gateway server by using the “Set RD Gateway server address” policy setting or client connection attempts to any remote computer will fail if the client cannot connect directly to the remote computer. To enhance security it is also highly recommended that you specify the authentication method by using the “Set RD Gateway authentication method” policy setting. If you do not specify an authentication method by using this policy setting either the NTLM protocol that is enabled on the client or a smart card can be used. To allow users to overwrite this policy setting select the “Allow users to change this setting” check box. When you do this users on the client can choose not to connect through the RD Gateway server by selecting the “Do not use an RD Gateway server” option. Users can specify a connection method by configuring settings on the client using an RDP file or using an HTML script. If users do not specify a connection method the connection method that you specify in this policy setting is used by default. If you disable or do not configure this policy setting clients will not use the RD Gateway server address that is specified in the “Set RD Gateway server address” policy setting. If an RD Gateway server is specified by the user a client connection attempt will be made through that RD Gateway server.
Set RD Gateway server address
Specifies the address of the RD Gateway server that clients must use when attempting to connect to an RD Session Host server. You can enforce this policy setting or you can allow users to overwrite this policy setting. By default when you enable this policy setting it is enforced. When this policy setting is enforced users cannot override this setting even if they select the “Use these RD Gateway server settings” option on the client. Note: It is highly recommended that you also specify the authentication method by using the “Set RD Gateway authentication method” policy setting. If you do not specify an authentication method by using this setting either the NTLM protocol that is enabled on the client or a smart card can be used. To allow users to overwrite the “Set RD Gateway server address” policy setting and connect to another RD Gateway server you must select the “Allow users to change this setting” check box and users will be allowed to specify an alternate RD Gateway server. Users can specify an alternative RD Gateway server by configuring settings on the client using an RDP file or using an HTML script. If users do not specify an alternate RD Gateway server the server that you specify in this policy setting is used by default. Note: If you disable or do not configure this policy setting but enable the “Enable connections through RD Gateway” policy setting client connection attempts to any remote computer will fail if the client cannot connect directly to the remote computer. If an RD Gateway server is specified by the user a client connection attempt will be made through that RD Gateway server.
Turn off Search Companion content file updates
This policy setting specifies whether Search Companion should automatically download content updates during local and Internet searches. When users search the local computer or the Internet Search Companion occasionally connects to Microsoft to download an updated privacy policy and additional content files used to format and display results. If you enable this policy setting Search Companion does not download content updates during searches. If you disable or do not configure this policy setting Search Companion downloads content updates unless the user is using Classic Search. Note: Internet searches still send the search text and information about the search to Microsoft and the chosen search provider. Choosing Classic Search turns off the Search Companion feature completely.
Turn off downloading of print drivers over HTTP
This policy setting specifies whether to allow this client to download print driver packages over HTTP. To set up HTTP printing non-inbox drivers need to be downloaded over HTTP. Note: This policy setting does not prevent the client from printing to printers on the Intranet or the Internet over HTTP. It only prohibits downloading drivers that are not already installed locally. If you enable this policy setting print drivers cannot be downloaded over HTTP. If you disable or do not configure this policy setting users can download print drivers over HTTP.
Turn off Event Viewer “Events. asp” links
This policy setting specifies whether “Events. asp” hyperlinks are available for events within the Event Viewer application. The Event Viewer normally makes all HTTP(S) URLs into hyperlinks that activate the Internet browser when clicked. In addition “More Information” is placed at the end of the description text if the event is created by a Microsoft component. This text contains a link (URL) that if clicked sends information about the event to Microsoft and allows users to learn more about why that event occurred. If you enable this policy setting event description hyperlinks are not activated and the text “More Information” is not displayed at the end of the description. If you disable or do not configure this policy setting the user can click the hyperlink which prompts the user and then sends information about the event over the Internet to Microsoft. Also see “Events. asp URL” “Events. asp program” and “Events. asp Program Command Line Parameters” settings in “Administrative Templates/Windows Components/Event Viewer”.
Turn off Internet Connection Wizard if URL connection is referring to Microsoft. com
This policy setting specifies whether the Internet Connection Wizard can connect to Microsoft to download a list of Internet Service Providers (ISPs). If you enable this policy setting the “Choose a list of Internet Service Providers” path in the Internet Connection Wizard causes the wizard to exit. This prevents users from retrieving the list of ISPs which resides on Microsoft servers. If you disable or do not configure this policy setting users can connect to Microsoft to download a list of ISPs for their area.