Category: Windows Server 2003, Windows XP and Windows 2000 only

Prevents users from submitting alternate logon credentials to install a program. This setting suppresses the “Install Program As Other User” dialog box for local and network installations. This dialog box which prompts the current user for the user name and password of an administrator appears when users who are not administrators try to install programs locally on their computers. This setting allows administrators who have logged on as regular users to install programs without logging off and logging on again using their administrator credentials. Many programs can be installed only by an administrator. If you enable this setting and a user does not have sufficient permissions to install a program the installation continues with the current user’s logon credentials. As a result the installation might fail or it might complete but not include all features. Or it might appear to complete successfully but the installed program might not operate correctly. If you disable this setting or do not configure it the “Install Program As Other User” dialog box appears whenever users install programs locally on the computer. By default users are not prompted for alternate logon credentials when installing programs from a network share. If enabled this setting overrides the “Request credentials for network installations” setting.

This policy setting allows you to remove the Search button from the File Explorer toolbar. If you enable this policy setting the Search button is removed from the Standard Buttons toolbar that appears in File Explorer and other programs that use the File Explorer window such as My Computer and Network Locations. Enabling this policy setting does not remove the Search button or affect any search features of Internet browser windows such as the Internet Explorer window. If you disable or do not configure this policy setting the Search button is available from the File Explorer toolbar. This policy setting does not affect the Search items on the File Explorer context menu or on the Start menu. To remove Search from the Start menu use the “Remove Search menu from Start menu” policy setting (in User Configuration -> Administrative Templates -> Start Menu and Taskbar). To hide all context menus use the “Remove File Explorer’s default context menu” policy setting.

This policy setting allows you to prevent users from enabling or disabling minor animations in the operating system for the movement of windows menus and lists. If you enable this policy setting the “Use transition effects for menus and tooltips” option in Display in Control Panel is disabled and cannot be toggled by users. Effects such as animation are designed to enhance the user’s experience but might be confusing or distracting to some users. If you disable or do not configure this policy setting users are allowed to turn on or off these minor system animations using the “Use transition effects for menus and tooltips” option in Display in Control Panel.

Disables the “Hide keyboard navigation indicators until I use the ALT key” option in Display in Control Panel. When this Display Properties option is selected the underlining that indicates a keyboard shortcut character (hot key) does not appear on menus until you press ALT. Effects such as transitory underlines are designed to enhance the user’s experience but might be confusing or distracting to some users.

Removes all computers outside of the user’s workgroup or local domain from lists of network resources in File Explorer and Network Locations. If you enable this setting the system removes the Entire Network option and the icons representing networked computers from Network Locations and from the browser associated with the Map Network Drive option. This setting does not prevent users from viewing or connecting to computers in their workgroup or domain. It also does not prevent users from connecting to remote computers by other commonly used methods such as by typing the share name in the Run dialog box or the Map Network Drive dialog box. To remove computers in the user’s workgroup or domain from lists of network resources use the “No Computers Near Me in Network Locations” setting. Note: It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.

This policy setting restores the definitions of the %HOMESHARE% and %HOMEPATH% environment variables to those used in Windows NT 4. 0 and earlier. Along with %HOMEDRIVE% these variables define the home directory of a user profile. The home directory is a persistent mapping of a drive letter on the local computer to a local or remote directory. If you enable this policy setting the system uses the Windows NT 4. 0 definitions. %HOMESHARE% stores only the network share (such as -> -> server -> share). %HOMEPATH% stores the remainder of the fully qualified path to the home directory (such as -> dir1 -> dir2 -> homedir). As a result users can access any directory on the home share by using the home directory drive letter. If you disable or do not configure this policy setting the system uses the definitions introduced with Windows 2000. %HOMESHARE% stores the fully qualified path to the home directory (such as -> -> server -> share -> dir1 -> dir2 -> homedir). Users can access the home directory and any of its subdirectories from the home drive letter but they cannot see or access its parent directories. %HOMEPATH% stores a final backslash and is included for compatibility with earlier systems.

Prevents users from creating new tasks. This setting removes the Add Scheduled Task item that starts the New Task Wizard. Also the system does not respond when users try to move paste or drag programs or documents into the Scheduled Tasks folder. Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured the setting in Computer Configuration takes precedence over the setting in User Configuration. Important: This setting does not prevent administrators of a computer from using At. exe to create new tasks or prevent administrators from submitting tasks from remote computers.