Category: At least Windows Server 2008 R2 or Windows 7

This policy setting configures whether or not only USB root hub connected Enhanced Storage devices are allowed. Allowing only root hub connected Enhanced Storage devices minimizes the risk of an unauthorized USB device reading data on an Enhanced Storage device. If you enable this policy setting only USB root hub connected Enhanced Storage devices are allowed. If you disable or do not configure this policy setting USB Enhanced Storage devices connected to both USB root hubs and non-root hubs will be allowed.

This policy setting configures whether or not Windows will activate an Enhanced Storage device. If you enable this policy setting Windows will not activate unactivated Enhanced Storage devices. If you disable or do not configure this policy setting Windows will activate unactivated Enhanced Storage devices.

This policy setting configures whether or not a password can be used to unlock an Enhanced Storage device. If you enable this policy setting a password cannot be used to unlock an Enhanced Storage device. If you disable or do not configure this policy setting a password can be used to unlock an Enhanced Storage device.

This policy setting allows you to prevent Windows from retrieving device metadata from the Internet. If you enable this policy setting Windows does not retrieve device metadata for installed devices from the Internet. This policy setting overrides the setting in the Device Installation Settings dialog box (Control Panel > System and Security > System > Advanced System Settings > Hardware tab). If you disable or do not configure this policy setting the setting in the Device Installation Settings dialog box controls whether Windows retrieves device metadata from the Internet.

This policy setting allows you to specify the search server that Windows uses to find updates for device drivers. If you enable this policy setting you can select whether Windows searches Windows Update (WU) searches a Managed Server or a combination of both. Note that if both are specified then Windows will first search the Managed Server such as a Windows Server Update Services (WSUS) server. Only if no update is found will Windows then also search Windows Update. If you disable or do not configure this policy setting members of the Administrators group can determine the server used in the search for device drivers.

This policy setting allows you to specify the order in which Windows searches source locations for device drivers. If you enable this policy setting you can select whether Windows searches for drivers on Windows Update unconditionally only if necessary or not at all. Note that searching always implies that Windows will attempt to search Windows Update exactly one time. With this setting Windows will not continually search for updates. This setting is used to ensure that the best software will be found for the device even if the network is temporarily available. If the setting for searching only if needed is specified then Windows will search for a driver only if a driver is not locally available on the system. If you disable or do not configure this policy setting members of the Administrators group can determine the priority order in which Windows searches source locations for device drivers.

Windows has a feature that allows a device driver to request additional software through the Windows Error Reporting infrastructure. This policy allows you to disable the feature. If you enable this policy setting Windows will not send an error report to request additional software even if this is specified by the device driver. If you disable or do not configure this policy setting Windows sends an error report when a device driver that requests additional software is installed.

This policy setting prevents redirection of specific USB devices. If you enable this setting an alternate driver for the USB device cannot be loaded. If you disable or do not configure this setting an alternate driver for the USB device can be loaded.

This policy setting prevents redirection of USB devices. If you enable this setting an alternate driver for USB devices cannot be loaded. If you disable or do not configure this setting an alternate driver for USB devices can be loaded.

This policy setting establishes the amount of time (in seconds) that the system will wait to reboot in order to enforce a change in device installation restriction policies. If you enable this policy setting set the amount of seconds you want the system to wait until a reboot. If you disable or do not configure this policy setting the system does not force a reboot. Note: If no reboot is forced the device installation restriction right will not take effect until the system is restarted.