Category: At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
Request compound authentication
This policy setting allows you to configure a domain controller to request compound authentication. Note: For a domain controller to request compound authentication the policy “KDC support for claims compound authentication and Kerberos armoring” must be configured and enabled. If you enable this policy setting domain controllers will request compound authentication. The returned service ticket will contain compound authentication only when the account is explicitly configured. This policy should be applied to all domain controllers to ensure consistent application of this policy in the domain. If you disable or do not configure this policy setting domain controllers will return service tickets that contain compound authentication any time the client sends a compound authentication request regardless of the account configuration.
Configure Logon Script Delay
Enter “0” to disable Logon Script Delay. This policy setting allows you to configure how long the Group Policy client waits after logon before running scripts. By default the Group Policy client waits five minutes before running logon scripts. This helps create a responsive desktop environment by preventing disk contention. If you enable this policy setting Group Policy will wait for the specified amount of time before running logon scripts. If you disable this policy setting Group Policy will run scripts immediately after logon. If you do not configure this policy setting Group Policy will wait five minutes before running logon scripts.
Enable Group Policy Caching for Servers
This policy setting allows you to configure Group Policy caching behavior on Windows Server machines. If you enable this policy setting Group Policy caches policy information after every background processing session. This cache saves applicable GPOs and the settings contained within them. When Group Policy runs in synchronous foreground mode it refers to this cache which enables it to run faster. When the cache is read Group Policy attempts to contact a logon domain controller to determine the link speed. When Group Policy runs in background mode or asynchronous foreground mode it continues to download the latest version of the policy information and it uses a bandwidth estimate to determine slow link thresholds. (See the “Configure Group Policy Slow Link Detection” policy setting to configure asynchronous foreground behavior. ) The slow link value that is defined in this policy setting determines how long Group Policy will wait for a response from the domain controller before reporting the link speed as slow. The default is 500 milliseconds. The timeout value that is defined in this policy setting determines how long Group Policy will wait for a response from the domain controller before determining that there is no network connectivity. This stops the current Group Policy processing. Group Policy will run in the background the next time a connection to a domain controller is established. Setting this value too high might result in longer waits for the user at boot or logon. The default is 5000 milliseconds. If you disable or do not configure this policy setting the Group Policy client will not cache applicable GPOs or settings that are contained within the GPOs. When Group Policy runs synchronously it downloads the latest version of the policy from the network and uses bandwidth estimates to determine slow link thresholds. (See the “Configure Group Policy Slow Link Detection” policy setting to configure asynchronous foreground behavior. )
Configure Group Policy Caching
This policy setting allows you to configure Group Policy caching behavior. If you enable or do not configure this policy setting Group Policy caches policy information after every background processing session. This cache saves applicable GPOs and the settings contained within them. When Group Policy runs in synchronous foreground mode it refers to this cache which enables it to run faster. When the cache is read Group Policy attempts to contact a logon domain controller to determine the link speed. When Group Policy runs in background mode or asynchronous foreground mode it continues to download the latest version of the policy information and it uses a bandwidth estimate to determine slow link thresholds. (See the “Configure Group Policy Slow Link Detection” policy setting to configure asynchronous foreground behavior. ) The slow link value that is defined in this policy setting determines how long Group Policy will wait for a response from the domain controller before reporting the link speed as slow. The default is 500 milliseconds. The timeout value that is defined in this policy setting determines how long Group Policy will wait for a response from the domain controller before determining that there is no network connectivity. This stops the current Group Policy processing. Group Policy will run in the background the next time a connection to a domain controller is established. Setting this value too high might result in longer waits for the user at boot or logon. The default is 5000 milliseconds. If you disable this policy setting the Group Policy client will not cache applicable GPOs or settings that are contained within the GPOs. When Group Policy runs synchronously it downloads the latest version of the policy from the network and uses bandwidth estimates to determine slow link thresholds. (See the “Configure Group Policy Slow Link Detection” policy setting to configure asynchronous foreground behavior. )
Allow Windows Runtime apps to revoke enterprise data
Windows Runtime applications can protect content which has been associated with an enterprise identifier (EID) but can only revoke access to content it protected. To allow an application to revoke access to all content on the device that is protected by a particular enterprise add an entry to the list on a new line that contains the enterprise identifier separated by a comma and the Package Family Name of the application. The EID must be an internet domain belonging to the enterprise in standard international domain name format. Example value: Contoso. comContosoIT. HumanResourcesApp_m5g0r7arhahqy If you enable this policy setting the application identified by the Package Family Name will be permitted to revoke access to all content protected using the specified EID on the device. If you disable or do not configure this policy setting the only Windows Runtime applications that can revoke access to all enterprise-protected content on the device are Windows Mail and the user-selected mailto protocol handler app. Any other Windows Runtime application will only be able to revoke access to content it protected. Note: File revocation applies to all content protected under the same second level domain as the provided enterprise identifier. So revoking an enterprise ID of mail. contoso. com will revoke the user’s access to all content protected under the contoso. com hierarchy.
Automatically send memory dumps for OS-generated error reports
This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products or additional data other than memory dumps. If you enable or do not configure this policy setting any memory dumps generated for error reports by Microsoft Windows are automatically uploaded without notification to the user. If you disable this policy setting then all memory dumps are uploaded according to the default consent and notification settings.
Automatically send memory dumps for OS-generated error reports
This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products or additional data other than memory dumps. If you enable or do not configure this policy setting any memory dumps generated for error reports by Microsoft Windows are automatically uploaded without notification to the user. If you disable this policy setting then all memory dumps are uploaded according to the default consent and notification settings.
Disable help tips
Disables help tips that Windows shows to the user. By default Windows will show the user help tips until the user has successfully completed the scenarios. If this setting is enabled Windows will not show any help tips to the user.
Disable help tips
Disables help tips that Windows shows to the user. By default Windows will show the user help tips until the user has successfully completed the scenarios. If this setting is enabled Windows will not show any help tips to the user.
Prevent users from replacing the Command Prompt with Windows PowerShell in the menu they see when they right-click the lower-left corner or press the Windows logo key+X
This policy setting allows you to prevent users from replacing the Command Prompt with Windows PowerShell in the menu they see when they right-click the lower-left corner or press the Windows logo key + X. If you enable this policy setting the Command Prompt will always be listed in that menu and users won’t be able to replace it with Windows PowerShell. Users will still be able to access Windows PowerShell but not from that menu. If you disable or don’t configure this policy setting Command Prompt will be listed in the menu by default and users can configure this setting.