Category: At least Windows XP Professional with SP2
Restrict Internet communication
This policy setting specifies whether Windows can access the Internet to accomplish tasks that require Internet resources. If you enable this setting all of the the policy settings listed in the “Internet Communication settings” section are set such that their respective features cannot access the Internet. If you disable this policy setting all of the the policy settings listed in the “Internet Communication settings” section are set such that their respective features can access the Internet. If you do not configure this policy setting all of the the policy settings in the “Internet Communication settings” section are set to not configured.
Events. asp URL
This is the URL that will be passed to the Description area in the Event Properties dialog box. Change this value if you want to use a different Web server to handle event information requests.
Events. asp program command line parameters
This specifies the command line parameters that will be passed to the events. asp program
Events. asp program
This is the program that will be invoked when the user clicks the events. asp link.
Define Activation Security Check exemptions
Allows you to view and change a list of DCOM server application ids (appids) which are exempted from the DCOM Activation security check. DCOM uses two such lists one configured via Group Policy through this policy setting and the other via the actions of local computer administrators. DCOM ignores the second list when this policy setting is configured unless the “Allow local activation security check exemptions” policy is enabled. DCOM server appids added to this policy must be listed in curly-brace format. For example: {b5dcb061-cefb-42e0-a1be-e6a6438133fe}. If you enter a non-existent or improperly formatted appid DCOM will add it to the list without checking for errors. If you enable this policy setting you can view and change the list of DCOM activation security check exemptions defined by Group Policy settings. If you add an appid to this list and set its value to 1 DCOM will not enforce the Activation security check for that DCOM server. If you add an appid to this list and set its value to 0 DCOM will always enforce the Activation security check for that DCOM server regardless of local settings. If you disable this policy setting the appid exemption list defined by Group Policy is deleted and the one defined by local computer administrators is used. If you do not configure this policy setting the appid exemption list defined by local computer administrators is used. Notes:The DCOM Activation security check is done after a DCOM server process is started but before an object activation request is dispatched to the server process. This access check is done against the DCOM server’s custom launch permission security descriptor if it exists or otherwise against the configured defaults. If the DCOM server’s custom launch permission contains explicit DENY entries this may mean that object activations that would have previously succeeded for such specified users once the DCOM server process was up and running might now fail instead. The proper action in this situation is to re-configure the DCOM server’s custom launch permission settings for correct security settings but this policy setting may be used in the short-term as an application compatibility deployment aid. DCOM servers added to this exemption list are only exempted if their custom launch permissions do not contain specific LocalLaunch RemoteLaunch LocalActivate or RemoteActivate grant or deny entries for any users or groups. Also note exemptions for DCOM Server Appids added to this list will apply to both 32-bit and 64-bit versions of the server if present.
Allow local activation security check exemptions
Allows you to specify that local computer administrators can supplement the “Define Activation Security Check exemptions” list. If you enable this policy setting and DCOM does not find an explicit entry for a DCOM server application id (appid) in the “Define Activation Security Check exemptions” policy (if enabled) DCOM will look for an entry in the locally configured list. If you disable this policy setting DCOM will not look in the locally configured DCOM activation security check exemption list. If you do not configure this policy setting DCOM will only look in the locally configured exemption list if the “Define Activation Security Check exemptions” policy is not configured.
Inclusion list for moderate risk file types
This policy setting allows you to configure the list of moderate-risk file types. If the attachment is in the list of moderate-risk file types and is from the restricted or Internet zone Windows prompts the user before accessing the file. This inclusion list overrides the list of potentially high-risk file types built into Windows and it takes precedence over the low-risk inclusion list but has a lower precedence than the high-risk inclusion list (where an extension is listed in more than one inclusion list). If you enable this policy setting you can specify file types which pose a moderate risk. If you disable this policy setting Windows uses its default trust logic. If you do not configure this policy setting Windows uses its default trust logic.
Inclusion list for low file types
This policy setting allows you to configure the list of low-risk file types. If the attachment is in the list of low-risk file types Windows will not prompt the user before accessing the file regardless of the file’s zone information. This inclusion list overrides the list of high-risk file types built into Windows and has a lower precedence than the high-risk or medium-risk inclusion lists (where an extension is listed in more than one inclusion list). If you enable this policy setting you can specify file types that pose a low risk. If you disable this policy setting Windows uses its default trust logic. If you do not configure this policy setting Windows uses its default trust logic.
Inclusion list for high risk file types
This policy setting allows you to configure the list of high-risk file types. If the file attachment is in the list of high-risk file types and is from the restricted zone Windows blocks the user from accessing the file. If the file is from the Internet zone Windows prompts the user before accessing the file. This inclusion list takes precedence over the medium-risk and low-risk inclusion lists (where an extension is listed in more than one inclusion list). If you enable this policy setting you can create a custom list of high-risk file types. If you disable this policy setting Windows uses its built-in list of file types that pose a high risk. If you do not configure this policy setting Windows uses its built-in list of high-risk file types.
Default risk level for file attachments
This policy setting allows you to manage the default risk level for file types. To fully customize the risk level for file attachments you may also need to configure the trust logic for file attachments. High Risk: If the attachment is in the list of high-risk file types and is from the restricted zone Windows blocks the user from accessing the file. If the file is from the Internet zone Windows prompts the user before accessing the file. Moderate Risk: If the attachment is in the list of moderate-risk file types and is from the restricted or Internet zone Windows prompts the user before accessing the file. Low Risk: If the attachment is in the list of low-risk file types Windows will not prompt the user before accessing the file regardless of the file’s zone information. If you enable this policy setting you can specify the default risk level for file types. If you disable this policy setting Windows sets the default risk level to moderate. If you do not configure this policy setting Windows sets the default risk level to moderate.