Category: At least Windows Server 2012, Windows 8 or Windows RT

This setting does not apply to desktop apps. A comma-separated list of IP address ranges that are in your corporate network. If you enable this policy setting it ensures that apps with the Home/Work Networking capability have appropriate access to your corporate network. These addresses are only accessible to apps if and only if the app has declared the Home/Work Networking capability. Windows Network Isolation attempts to automatically discover private network hosts. By default the addresses configured with this policy setting are merged with the hosts that are declared as private through automatic discovery. To ensure that these addresses are the only addresses ever classified as private enable the “Subnet definitions are authoritative” policy setting. If you disable or do not configure this policy setting Windows Network Isolation attempts to automatically discover your private network hosts. Example: 3efe:1092::/9618. 1. 1. 1/10 For more information see: http://go. microsoft. com/fwlink/p/?LinkId=234043

This setting does not apply to desktop apps. A semicolon-separated list of intranet proxy server IP addresses. These addresses are categorized as private by Windows Network Isolation and are accessible to apps that have the Home/Work Networking capability. If you enable this policy setting it allows an administrator to configure a set of proxies that provide access to intranet resources. If you disable or do not configure this policy setting Windows Network Isolation attempts to discover proxies and configures them as Internet nodes. This setting should NOT be used to configure Internet proxies. Example: [3efe:3022::1000]; 18. 0. 0. 1; 18. 0. 0. 2For more information see: http://go. microsoft. com/fwlink/p/?LinkId=234043

This setting does not apply to desktop apps. A semicolon-separated list of Internet proxy server IP addresses. These addresses are categorized as Internet by Windows Network Isolation and are accessible to apps that have the Internet Client or Internet Client/Server capabilities. If you enable this policy setting apps on proxied networks can access the Internet without relying on the Private Network capability. However in most situations Windows Network Isolation will be able to correctly discover proxies. By default any proxies configured with this setting are merged with proxies that are auto-discovered. To make this policy configuration the sole list of allowed proxies enable the “Proxy definitions are authoritative” setting. If you disable or do not configure this policy setting apps will use the Internet proxies auto-discovered by Windows Network Isolation. Example: [3efe:3022::1000];18. 0. 0. 1;18. 0. 0. 2 For more information see: http://go. microsoft. com/fwlink/p/?LinkId=234043

This policy setting configures whether the computers to which this setting is applied are more aggressive when trying to locate a domain controller (DC). When an environment has a large number of DCs running both old and new operating systems the default DC locator discovery behavior may be insufficient to find DCs running a newer operating system. This policy setting can be enabled to configure DC locator to be more aggressive about trying to locate a DC in such an environment by pinging DCs at a higher frequency. Enabling this setting may result in additional network traffic and increased load on DCs. You should disable this setting once all DCs are running the same OS version. The allowable values for this setting result in the following behaviors:1 – Computers will ping DCs at the normal frequency. 2 – Computers will ping DCs at the higher frequency. To specify this behavior click Enabled and then enter a value. The range of values is from 1 to 2. If you do not configure this policy setting it is not applied to any computers and computers use their local configuration.

This policy setting configures how a domain controller (DC) behaves when responding to a client whose IP address does not map to any configured site. Domain controllers use the client IP address during a DC locator ping request to compute which Active Directory site the client belongs to. If no site mapping can be computed the DC may do an address lookup on the client network name to discover other IP addresses which may then be used to compute a matching site for the client. The allowable values for this setting result in the following behaviors:0 – DCs will never perform address lookups. 1 – DCs will perform an exhaustive address lookup to discover additional client IP addresses. 2 – DCs will perform a fast DNS-only address lookup to discover additional client IP addresses. To specify this behavior in the DC Locator DNS SRV records click Enabled and then enter a value. The range of values is from 0 to 2. If you do not configure this policy setting it is not applied to any DCs and DCs use their local configuration.

This policy setting allows you to control the domain controller (DC) location algorithm. By default the DC location algorithm prefers DNS-based discovery if the DNS domain name is known. If DNS-based discovery fails and the NetBIOS domain name is known the algorithm then uses NetBIOS-based discovery as a fallback mechanism. NetBIOS-based discovery uses a WINS server and mailslot messages but does not use site information. Hence it does not ensure that clients will discover the closest DC. It also allows a hub-site client to discover a branch-site DC even if the branch-site DC only registers site-specific DNS records (as recommended). For these reasons NetBIOS-based discovery is not recommended. Note that this policy setting does not affect NetBIOS-based discovery for DC location if only the NetBIOS domain name is known. If you enable or do not configure this policy setting the DC location algorithm does not use NetBIOS-based discovery as a fallback mechanism when DNS-based discovery fails. This is the default behavior. If you disable this policy setting the DC location algorithm can use NetBIOS-based discovery as a fallback mechanism when DNS based discovery fails.

This Policy setting enables you to specify passive polling behavior. NCSI polls various measurements throughout the network stack on a frequent interval to determine if network connectivity has been lost. Use the options to control the passive polling behavior.

This policy setting allows you to prevent app notifications from appearing on the lock screen. If you enable this policy setting no app notifications are displayed on the lock screen. If you disable or do not configure this policy setting users can choose which apps display notifications on the lock screen.

This policy setting allows local users to be enumerated on domain-joined computers. If you enable this policy setting Logon UI will enumerate all local users on domain-joined computers. If you disable or do not configure this policy setting the Logon UI will not enumerate local users on domain-joined computers.

This policy setting prevents connected users from being enumerated on domain-joined computers. If you enable this policy setting the Logon UI will not enumerate any connected users on domain-joined computers. If you disable or do not configure this policy setting connected users will be enumerated on domain-joined computers.