Category: At least Windows Vista

This policy setting disables the Connect to a Network Projector wizard so that users cannot connect to a network projector. If you enable this policy setting users cannot use the Connect to a Network Projector Wizard to connect to a projector. If you disable or do not configure this policy setting users can run the Connect to a Network Projector Wizard to connect to a projector.

This policy setting enables DC Locator to attempt to locate a DC in the nearest site based on the site link cost if a DC in same the site is not found. In scenarios with multiple sites failing over to the try next closest site during DC Location streamlines network traffic more effectively. The DC Locator service is used by clients to find domain controllers for their Active Directory domain. The default behavior for DC Locator is to find a DC in the same site. If none are found in the same site a DC in another site which might be several site-hops away could be returned by DC Locator. Site proximity between two sites is determined by the total site-link cost between them. A site is closer if it has a lower site link cost than another site with a higher site link cost. If you enable this policy setting Try Next Closest Site DC Location will be turned on for the computer. If you disable this policy setting Try Next Closest Site DC Location will not be used by default for the computer. However if a DC Locator call is made using the DS_TRY_NEXTCLOSEST_SITE flag explicitly the Try Next Closest Site behavior is honored. If you do not configure this policy setting Try Next Closest Site DC Location will not be used by default for the machine. If the DS_TRY_NEXTCLOSEST_SITE flag is used explicitly the Next Closest Site behavior will be used.

This policy setting allows you to control the processing of incoming mailslot messages by a local domain controller (DC). Note: To locate a remote DC based on its NetBIOS (single-label) domain name DC Locator first gets the list of DCs from a WINS server that is configured in its local client settings. DC Locator then sends a mailslot message to each remote DC to get more information. DC location succeeds only if a remote DC responds to the mailslot message. This policy setting is recommended to reduce the attack surface on a DC and can be used in an environment without WINS in an IPv6-only environment and whenever DC location based on a NetBIOS domain name is not required. This policy setting does not affect DC location based on DNS names. If you enable this policy setting this DC does not process incoming mailslot messages that are used for NetBIOS domain name based DC location. If you disable or do not configure this policy setting this DC processes incoming mailslot messages. This is the default behavior of DC Locator.

This policy setting controls whether the Net Logon service will allow the use of older cryptography algorithms that are used in Windows NT 4. 0. The cryptography algorithms used in Windows NT 4. 0 and earlier are not as secure as newer algorithms used in Windows 2000 or later including this version of Windows. By default Net Logon will not allow the older cryptography algorithms to be used and will not include them in the negotiation of cryptography algorithms. Therefore computers running Windows NT 4. 0 will not be able to establish a connection to this domain controller. If you enable this policy setting Net Logon will allow the negotiation and use of older cryptography algorithms compatible with Windows NT 4. 0. However using the older algorithms represents a potential security risk. If you disable this policy setting Net Logon will not allow the negotiation and use of older cryptography algorithms. If you do not configure this policy setting Net Logon will not allow the negotiation and use of older cryptography algorithms.

This policy setting detremines the type of IP address that is returned for a domain controller. The DC Locator APIs return the IP address of the DC with the other parts of information. Before the support of IPv6 the returned DC IP address was IPv4. But with the support of IPv6 the DC Locator APIs can return IPv6 DC address. The returned IPv6 DC address may not be correctly handled by some of the existing applications. So this policy is provided to support such scenarios. By default DC Locator APIs can return IPv4/IPv6 DC address. But if some applications are broken due to the returned IPv6 DC address this policy can be used to disable the default behavior and enforce to return only IPv4 DC address. Once applications are fixed this policy can be used to enable the default behavior. If you enable this policy setting DC Locator APIs can return IPv4/IPv6 DC address. This is the default behavior of the DC Locator. If you disable this policy setting DC Locator APIs will ONLY return IPv4 DC address if any. So if the domain controller supports both IPv4 and IPv6 addresses DC Locator APIs will return IPv4 address. But if the domain controller supports only IPv6 address then DC Locator APIs will fail. If you do not configure this policy setting DC Locator APIs can return IPv4/IPv6 DC address. This is the default behavior of the DC Locator.

This policy setting determines the interval for when a Force Rediscovery is carried out by DC Locator. The Domain Controller Locator (DC Locator) service is used by clients to find domain controllers for their Active Directory domain. When DC Locator finds a domain controller it caches domain controllers to improve the efficiency of the location algorithm. As long as the cached domain controller meets the requirements and is running DC Locator will continue to return it. If a new domain controller is introduced existing clients will only discover it when a Force Rediscovery is carried out by DC Locator. To adapt to changes in network conditions DC Locator will by default carry out a Force Rediscovery according to a specific time interval and maintain efficient load-balancing of clients across all available domain controllers in all domains or forests. The default time interval for Force Rediscovery by DC Locator is 12 hours. Force Rediscovery can also be triggered if a call to DC Locator uses the DS_FORCE_REDISCOVERY flag. Rediscovery resets the timer on the cached domain controller entries. If you enable this policy setting DC Locator on the machine will carry out Force Rediscovery periodically according to the configured time interval. The minimum time interval is 3600 seconds (1 hour) to avoid excessive network traffic from rediscovery. The maximum allowed time interval is 4294967200 seconds while any value greater than 4294967 seconds (~49 days) will be treated as infinity. If you disable this policy setting Force Rediscovery will be used by default for the machine at every 12 hour interval. If you do not configure this policy setting Force Rediscovery will be used by default for the machine at every 12 hour interval unless the local machine setting in the registry is a different value.

This policy setting allows you to configure the recovery behavior for corrupted MSI files to one of three states:Prompt for Resolution: Detection troubleshooting and recovery of corrupted MSI applications will be turned on. Windows will prompt the user with a dialog box when application reinstallation is required. This is the default recovery behavior on Windows client. Silent: Detection troubleshooting and notification of MSI application to reinstall will occur with no UI. Windows will log an event when corruption is determined and will suggest the application that should be re-installed. This behavior is recommended for headless operation and is the default recovery behavior on Windows server. Troubleshooting Only: Detection and verification of file corruption will be performed without UI. Recovery is not attempted. If you enable this policy setting the recovery behavior for corrupted files is set to either the Prompt For Resolution (default on Windows client) Silent (default on Windows server) or Troubleshooting Only. If you disable this policy setting the troubleshooting and recovery behavior for corrupted files will be disabled. No troubleshooting or resolution will be attempted. If you do not configure this policy setting the recovery behavior for corrupted files will be set to the default recovery behavior. No system or service restarts are required for changes to this policy setting to take immediate effect after a Group Policy refresh. Note: This policy setting will take effect only when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled system file recovery will not be attempted. The DPS can be configured with the Services snap-in to the Microsoft Management Console.

This policy setting restricts the tool download policy for Microsoft Support Diagnostic Tool. Microsoft Support Diagnostic Tool (MSDT) gathers diagnostic data for analysis by support professionals. For some problems MSDT may prompt the user to download additional tools for troubleshooting. These tools are required to completely troubleshoot the problem. If tool download is restricted it may not be possible to find the root cause of the problem. If you enable this policy setting for remote troubleshooting MSDT prompts the user to download additional tools to diagnose problems on remote computers only. If you enable this policy setting for local and remote troubleshooting MSDT always prompts for additional tool downloading. If you disable this policy setting MSDT never downloads tools and is unable to diagnose problems on remote computers. If you do not configure this policy setting MSDT prompts the user before downloading any additional tools. No reboots or service restarts are required for this policy setting to take effect. Changes take effect immediately. This policy setting will take effect only when MSDT is enabled. This policy setting will only take effect when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled diagnostic scenarios are not executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.

This policy setting determines the execution level for Microsoft Support Diagnostic Tool. Microsoft Support Diagnostic Tool (MSDT) gathers diagnostic data for analysis by support professionals. If you enable this policy setting administrators can use MSDT to collect and send diagnostic data to a support professional to resolve a problem. If you disable this policy setting MSDT cannot gather diagnostic data. If you do not configure this policy setting MSDT is turned on by default. This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured. No reboots or service restarts are required for this policy setting to take effect. Changes take effect immediately. This policy setting will only take effect when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled diagnostic scenarios will not be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.