Category: At least Windows Server 2012, Windows 8 or Windows RT

Specifies that NetBIOS over TCP/IP (NetBT) queries are issued for fully qualified domain names. If you enable this policy setting NetBT queries will be issued for multi-label and fully qualified domain names such as “www. example. com” in addition to single-label names. If you disable this policy setting or if you do not configure this policy setting NetBT queries will only be issued for single-label names such as “example” and not for multi-label and fully qualified domain names.

Specifies that the DNS client should prefer responses from link local name resolution protocols on non-domain networks over DNS responses when issuing queries for flat names. Examples of link local name resolution protocols include link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT). If you enable this policy setting the DNS client will prefer DNS responses followed by LLMNR followed by NetBT for all networks. If you disable this policy setting or if you do not configure this policy setting the DNS client will prefer link local responses for flat name queries on non-domain networks. Note: This policy setting is applicable only if the turn off smart multi-homed name resolution policy setting is disabled or not configured.

Specifies that a multi-homed DNS client should optimize name resolution across networks. The setting improves performance by issuing parallel DNS link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT) queries across all networks. In the event that multiple positive responses are received the network binding order is used to determine which response to accept. If you enable this policy setting the DNS client will not perform any optimizations. DNS queries will be issued across all networks first. LLMNR queries will be issued if the DNS queries fail followed by NetBT queries if LLMNR queries fail. If you disable this policy setting or if you do not configure this policy setting name resolution will be optimized when issuing DNS LLMNR and NetBT queries.

Changes behavior of 3rd-party drivers to work around incompatibilities introduced between OS versions.

Changes behavior of Microsoft bus drivers to work with specific devices.

This policy setting allows you to control whether a domain user can sign in using a PIN. If you enable this policy setting a domain user can set up and sign in with a PIN. If you disable or don’t configure this policy setting a domain user can’t set up and use a PIN. Note that the user’s domain password will be cached in the system vault when using this feature.

This setting allows you to force a specific default lock screen image by entering the path (location) of the image file. This setting lets you specify the default lock screen image shown when no user is signed in and also sets the specified image as the default for all users (it replaces the inbox default image). To use this setting type the fully qualified path and name of the file that stores the default lock screen image. You can type a local path such as C: -> windows -> web -> screen -> lockscreen. jpg or a UNC path such as -> -> Server -> Share -> Corp. jpg. This can be used in conjunction with the “Prevent changing lock screen image” setting to always force the specified lock screen image to be shown. Note: This setting only applies to domain-joined machines or unconditionally in Enterprise and Server SKUs.

Prevents users from changing the look of their start menu background such as its color or accent. By default users can change the look of their start menu background such as its color or accent. If you enable this setting the user will be assigned the default start menu background and colors and will not be allowed to change them. If the “Force a specific background and accent color” policy is also set on a supported version of Windows then those colors take precedence over this policy. If the “Force a specific Start background” policy is also set on a supported version of Windows then that background takes precedence over this policy.

This policy setting allows you to control whether or not the user may alter the time before a password is required when a device that supports connected standby’s screen turns off. If you enable this policy setting a user on a device that supports connected standby may configure the amount of time after the device’s screen turns off before a password is required when waking the device. The allowable time is limited by any EAS settings or group policies that affect the maximum idle time before a device locks. In addition if a password is required when a screensaver turns on the screensaver timeout will limit the allowable options the user may choose. If you disable or don’t configure this policy setting the user cannot configure the amount of time after the device’s screen turns off before a password is required when waking the device. Instead a password will be required immediately upon the screen turning off. Note: This policy setting only applies to domain-joined devices that support connected standby.

This policy setting allows you to control whether a domain user can sign in using a picture password. If you enable this policy setting a domain user can’t set up or sign in with a picture password. If you disable or don’t configure this policy setting a domain user can set up and use a picture password. Note that the user’s domain password will be cached in the system vault when using this feature.