Category: At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1

When running in restricted mode participating apps do not expose credentials to remote computers (regardless of the delegation method). Restricted mode may limit access to resources located on other servers or networks beyond the target computer because credentials are not delegated. Participating apps:Remote Desktop ClientIf you enable this policy setting restricted mode is enforced and participating apps will not delegate credentials to remote computers. If you disable or do not configure this policy setting restricted mode is not enforced and participating apps can delegate credentials to remote computers. Note: To disable most credential delegation it may be sufficient to deny delegation in Credential Security Support Provider (CredSSP) by modifying Administrative template settings (located at Computer Configuration -> Administrative Templates -> System -> Credentials Delegation).

Forces the Start screen to use one of the available backgrounds 1 through 20 and prevents the user from changing it. If this setting is set to zero or not configured then Start uses the default background and users can change it. If this setting is set to a nonzero value then Start uses the specified background and users cannot change it. If the specified background is not supported the default background is used.

Forces Windows to use the specified colors for the background and accent. The color values are specified in hex as #RGB. By default users can change the background and accent colors. If this setting is enabled the background and accent colors of Windows will be set to the specified colors and users cannot change those colors. This setting will not be applied if the specified colors do not meet a contrast ratio of 2:1 with white text.

Disables the lock screen camera toggle switch in PC Settings and prevents a camera from being invoked on the lock screen. By default users can enable invocation of an available camera on the lock screen. If you enable this setting users will no longer be able to enable or disable lock screen camera access in PC Settings and the camera cannot be invoked on the lock screen.

Disables the lock screen slide show settings in PC Settings and prevents a slide show from playing on the lock screen. By default users can enable a slide show that will run after they lock the machine. If you enable this setting users will no longer be able to modify slide show settings in PC Settings and no slide show will ever start.

This policy setting determines what information is logged in security audit events when a new process has been created. This setting only applies when the Audit Process Creation policy is enabled. If you enable this policy setting the command line information for every process will be logged in plain text in the security event log as part of the Audit Process Creation event 4688 “a new process has been created” on the workstations and servers on which this policy setting is applied. If you disable or do not configure this policy setting the process’s command line information will not be included in Audit Process Creation events. Default: Not configuredNote: When this policy setting is enabled any user with access to read the security events will be able to read the command line arguments for any successfully created process. Command line arguments can contain sensitive or private information such as passwords or user data.

This policy setting lets you turn on Content URI Rules to supplement the static Content URI Rules that were defined as part of the app manifest and apply to all Windows Store apps that use the enterpriseAuthentication capability on a computer. If you enable this policy setting you can define additional Content URI Rules that all Windows Store apps that use the enterpriseAuthentication capability on a computer can use. If you disable or don’t set this policy setting Windows Store apps will only use the static Content URI Rules.