Windows 8 and Windows 8.1 New Group Policy Settings

Windows 8 and Windows 8.1 New Group Policy Settings

  • Comments 21
  • Likes

Windows 8 RTM

For full details, download the following file

image

 Policy Setting Name 
 
 Allow all trusted apps to install 
 Allow deployment operations in special profiles 
 Block launching desktop apps associated with a file. 
 Block launching desktop apps associated with a protocol 
 Block launching desktop apps associated with a file. 
 Block launching desktop apps associated with a protocol 
 Do not display the lock screen 
 Prevent changing lock screen image 
 Prevent changing start menu background 
 Turn on PIN sign-in 
 Turn off picture password sign-in 
 Do not display the password reveal button 
 Do not display the password reveal button 
 Device compatibility settings 
 Driver compatibility settings 
 Specify the search server for device driver updates 
 Turn off smart multi-homed name resolution 
 Turn off smart protocol reordering 
 Allow NetBT queries for fully qualified domain names 
 Prefer link local responses over DNS when received over a network with higher precedence 
 Turn off IDN encoding 
 IDN mapping 
 Use solid color for Start background 
 Turn on misconversion logging for misconversion report 
 Turn off saving auto-tuning data to file 
 Turn off history-based predictive input 
 Turn off Open Extended Dictionary 
 Turn off Internet search integration 
 Turn off custom dictionary 
 Restrict character code range of conversion 
 Do not include Non-Publishing Standard Glyph in the candidate list 
 Boot-Start Driver Initialization Policy 
 Turn off switching between recent apps 
 Turn off tracking of app usage 
 Do not allow Windows to activate Enhanced Storage devices 
 Do not throttle additional data 
 Send additional data when on battery power 
 Send data when on connected to a restricted/costed network 
 Do not throttle additional data 
 Send additional data when on battery power 
 Send data when on connected to a restricted/costed network 
 Windows To Go Default Startup Options 
 Allow hibernate (S4) when starting from a Windows To Go workspace 
 Disallow standby sleep states (S1-S3) when starting from a Windows to Go workspace 
 Turn off File History 
 Configure maximum age of file server shadow copies 
 Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers. 
 Enable / disable TXF deprecated features 
 Enable optimized move of contents in Offline Files cache on Folder Redirection server path change 
 Redirect folders on primary computers only 
 Redirect folders on primary computers only 
 Turn off offer text predictions as I type 
 Turn off insert a space after selecting a text prediction 
 Turn off autocorrect misspelled words 
 Turn off highlight misspelled words 
 Disallow copying of user input methods to the system account for sign-in 
 Block clean-up of unused language packs 
 Enable AD/DFS domain controller synchronization during policy refresh 
 Turn off Group Policy Client Service AOAC optimization 
 Configure Direct Access connections as a fast network connection 
 Change Group Policy processing to run asynchronously when a slow network connection is detected. 
 Configure Group Policy slow link detection 
 Specify workplace connectivity wait time for policy processing 
 Enable Hotspot Authentication 
 Turn off access to the Store 
 Turn off access to the Store 
 Turn off flip ahead feature 
 Turn on Enhanced Protected Mode 
 Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled 
 Always send Do Not Track header 
 Turn off encryption support 
 Show Content Advisor on Internet Options 
 Go to an intranet site for a one-word entry in the Address bar 
 Install binaries signed by MD2 and MD4 signing technologies 
 Prevent managing SmartScreen Filter 
 Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet 
 Turn off browser geolocation 
 Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects 
 Automatically activate newly installed add-ons 
 Turn off add-on performance notifications 
 Turn on ActiveX Filtering 
 Prevent deleting download history 
 Prevent deleting ActiveX Filtering and Tracking Protection data 
 Allow Internet Explorer 8 shutdown behavior 
 Specify default behavior for a new tab 
 Notify users if Internet Explorer is not the default web browser 
 Turn off URL Suggestions 
 Render legacy filters 
 Enable dragging of content from different domains within a window 
 Enable dragging of content from different domains across windows 
 Render legacy filters 
 Enable dragging of content from different domains within a window 
 Enable dragging of content from different domains across windows 
 Render legacy filters 
 Enable dragging of content from different domains within a window 
 Enable dragging of content from different domains across windows 
 Render legacy filters 
 Enable dragging of content from different domains within a window 
 Enable dragging of content from different domains across windows 
 Render legacy filters 
 Enable dragging of content from different domains within a window 
 Enable dragging of content from different domains across windows 
 Render legacy filters 
 Enable dragging of content from different domains within a window 
 Enable dragging of content from different domains across windows 
 Render legacy filters 
 Enable dragging of content from different domains within a window 
 Enable dragging of content from different domains across windows 
 Render legacy filters 
 Enable dragging of content from different domains within a window 
 Enable dragging of content from different domains across windows 
 Render legacy filters 
 Enable dragging of content from different domains within a window 
 Enable dragging of content from different domains across windows 
 Render legacy filters 
 Enable dragging of content from different domains within a window 
 Enable dragging of content from different domains across windows 
 Allow Internet Explorer to play media files that use alternative codecs 
 Prevent configuration of top-result search on Address bar 
 Do not display the reveal password button 
 Turn off the WebSocket Object 
 Set the maximum number of WebSocket connections per server 
 Display tabs on a separate row 
 Establish InPrivate Filtering threshold 
 Establish Tracking Protection threshold 
 Turn off Tracking Protection 
 Use Policy List of Quirks Mode sites 
 Turn off ability to pin sites in Internet Explorer on the desktop 
 Set default storage limits for websites 
 Allow websites to store indexed databases on client computers 
 Set indexed database storage limits for individual domains 
 Set maximum indexed database storage limit for all domains 
 Allow websites to store application caches on client computers 
 Set application cache storage limits for individual domains 
 Set maximum application caches storage limit for all domains 
 Set application caches expiration time limit for individual domains 
 Set maximum application cache resource list size 
 Set maximum application cache individual resource size 
 Start Internet Explorer with tabs from last browsing session 
 Open Internet Explorer tiles on the desktop 
 Set how links are opened in Internet Explorer 
 Turn off flip ahead feature 
 Turn on Enhanced Protected Mode 
 Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled 
 Always send Do Not Track header 
 Show Content Advisor on Internet Options 
 Go to an intranet site for a one-word entry in the Address bar 
 Install binaries signed by MD2 and MD4 signing technologies 
 Prevent managing SmartScreen Filter 
 Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet 
 Disable Import/Export Settings wizard 
 Turn off browser geolocation 
 Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects 
 Automatically activate newly installed add-ons 
 Turn off add-on performance notifications 
 Turn on ActiveX Filtering 
 Prevent deleting download history 
 Prevent deleting ActiveX Filtering and Tracking Protection data 
 Allow Internet Explorer 8 shutdown behavior 
 Specify default behavior for a new tab 
 Disable changing secondary home page settings 
 Turn off URL Suggestions 
 Render legacy filters 
 Enable dragging of content from different domains within a window 
 Enable dragging of content from different domains across windows 
 Render legacy filters 
 Enable dragging of content from different domains within a window 
 Enable dragging of content from different domains across windows 
 Render legacy filters 
 Enable dragging of content from different domains within a window 
 Enable dragging of content from different domains across windows 
 Render legacy filters 
 Enable dragging of content from different domains within a window 
 Enable dragging of content from different domains across windows 
 Render legacy filters 
 Enable dragging of content from different domains within a window 
 Enable dragging of content from different domains across windows 
 Render legacy filters 
 Enable dragging of content from different domains within a window 
 Enable dragging of content from different domains across windows 
 Render legacy filters 
 Enable dragging of content from different domains within a window 
 Enable dragging of content from different domains across windows 
 Render legacy filters 
 Enable dragging of content from different domains within a window 
 Enable dragging of content from different domains across windows 
 Render legacy filters 
 Enable dragging of content from different domains within a window 
 Enable dragging of content from different domains across windows 
 Render legacy filters 
 Enable dragging of content from different domains within a window 
 Enable dragging of content from different domains across windows 
 Turn off Print Menu 
 Allow Internet Explorer to play media files that use alternative codecs 
 Prevent configuration of search on Address bar 
 Prevent configuration of top-result search on Address bar 
 Do not display the reveal password button 
 Turn off the WebSocket Object 
 Set the maximum number of WebSocket connections per server 
 Display tabs on a separate row 
 Turn on Suggested Sites 
 Establish InPrivate Filtering threshold 
 Establish Tracking Protection threshold 
 Turn off Tracking Protection 
 Use Policy List of Quirks Mode sites 
 Turn off ability to pin sites in Internet Explorer on the desktop 
 Set default storage limits for websites 
 Allow websites to store indexed databases on client computers 
 Set indexed database storage limits for individual domains 
 Set maximum indexed database storage limit for all domains 
 Allow websites to store application caches on client computers 
 Set application cache storage limits for individual domains 
 Set maximum application caches storage limit for all domains 
 Set application caches expiration time limit for individual domains 
 Set maximum application cache resource list size 
 Set maximum application cache individual resource size 
 Start Internet Explorer with tabs from last browsing session 
 Open Internet Explorer tiles on the desktop 
 Set how links are opened in Internet Explorer 
 Install new versions of Internet Explorer automatically 
 KDC support for claims, compound authentication and Kerberos armoring 
 Warning for large Kerberos tickets 
 Specify KDC proxy servers for Kerberos clients 
 Disable revocation checking for the SSL certificate of KDC proxy servers 
 Fail authentication requests when Kerberos armoring is not available 
 Support compound authentication 
 Set maximum Kerberos SSPI context token buffer size 
 Kerberos client support for claims, compound authentication and Kerberos armoring 
 Hash Version support for BranchCache 
 Turn off Windows Location Provider 
 Show first sign-in animation 
 Do not enumerate connected users on domain-joined computers 
 Enumerate local users on domain-joined computers 
 Turn off app notifications on the lock screen 
 Automatic Maintenance Activation Boundary 
 Automatic Maintenance Random Delay 
 Automatic Maintenance WakeUp Policy 
 Turn off shared components 
 Prevent embedded UI 
 Support Email Address 
 Friendly Name 
 User Interface 
 Prefer Local Names Allowed 
 DirectAccess Passive Mode 
 Corporate Resources 
 IPsec Tunnel Endpoints 
 Custom Commands 
 Specify passive polling 
 Do not use NetBIOS-based discovery for domain controller location when DNS-based discovery fails 
 Specify address lookup behavior for DC locator ping 
 Use urgent mode when pinging domain controllers 
 Internet proxy servers for apps 
 Intranet proxy servers for  apps 
 Private network ranges for  apps 
 Proxy definitions are authoritative 
 Subnet definitions are authoritative 
 Remove "Work offline" command 
 Remove "Work offline" command 
 Enable file synchronization on costed networks 
 Detect compatibility issues for applications and drivers 
 Enable Automatic Hosted Cache Discovery by Service Connection Point 
 Configure Client BranchCache Version Support 
 Configure Hosted Cache Servers 
 Set age for segments in the data cache 
 Turn on Module Logging 
 Set the default source path for Update-Help 
 Turn on Module Logging 
 Set the default source path for Update-Help 
 Isolate print drivers from applications 
 Always rasterize content to be printed using a software rasterizer 
 Do not allow v4 printer drivers to show printer extensions 
 Change Microsoft XPS Document Writer (MXDW) default output format to the legacy Microsoft XPS format (*.xps) 
 Turn off storage and display of search history 
 Always use automatic language detection when indexing content and properties 
 Do not sync 
 Do not sync app settings 
 Do not sync passwords 
 Do not sync personalize 
 Do not sync other Windows settings 
 Do not sync desktop personalization 
 Do not sync browser settings 
 Do not sync on metered connections 
 File Classification Infrastructure: Display Classification tab in File Explorer 
 File Classification Infrastructure: Specify classification properties list 
 Enable access-denied assistance on client for all file types 
 Clear history of tile notifications on exit 
 Prevent users from uninstalling applications from Start 
 Show "Run as different user" command on Start 
 Do not allow taskbars on more than one display 
 Set IP Stateless Autoconfiguration Limits State 
 Specify default connection URL 
 Limit maximum display resolution 
 Suspend user sign-in to complete app registration 
 Configure image quality for RemoteFX Adaptive Graphics 
 Configure RemoteFX Adaptive Graphics 
 Allow RDP redirection of other supported RemoteFX USB devices from this computer 
 Configure RemoteFX 
 Optimize visual experience when using RemoteFX 
 Enable RemoteFX encoding for RemoteFX clients designed for Windows Server 2008 R2 SP1 
 Select network detection on the server 
 Select RDP transport protocols 
 Turn Off UDP On Client 
 Turn off Fair Share CPU Scheduling 
 Use the hardware default graphics adapter for all Remote Desktop Services sessions 
 Configure image quality for RemoteFX Adaptive Graphics 
 Configure RemoteFX Adaptive Graphics 
 Enable Remote Desktop Protocol 8.0 
 Select network detection on the server 
 Select RDP transport protocols 
 Turn Off UDP On Client 
 Turn on TPM backup to Active Directory Domain Services 
 Configure the level of TPM owner authorization information available to the operating system 
 Standard User Lockout Duration 
 Standard User Individual Lockout Threshold 
 Standard User Total Lockout Threshold 
 User management of sharing user name, account picture, and domain information with apps (not desktop apps) 
 Download roaming profiles on primary computers only 
 Set user home folder 
 Choose drive encryption method and cipher strength 
 Configure use of passwords for operating system drives 
 Reset platform validation data after BitLocker recovery 
 Disallow standard users from changing the PIN or password 
 Use enhanced Boot Configuration Data validation profile 
 Enforce drive encryption type on operating system drives 
 Allow network unlock at startup 
 Enable use of BitLocker authentication requiring preboot keyboard input on slates 
 Allow Secure Boot for integrity validation 
 Enforce drive encryption type on fixed data drives 
 Enforce drive encryption type on removable data drives 
 Prohibit connection to non-domain networks when connected to domain authenticated network 
 Minimize the number of simultaneous connections to the Internet or a Windows Domain 
 Prohibit connection to roaming Mobile Broadband networks 
 Disable power management in connected standby mode 
 Location where all default Library definition files for users/machines reside. 
 Start File Explorer with ribbon minimized 
 Location where all default Library definition files for users/machines reside. 
 Configure Windows SmartScreen 
 Show lock in the user tile menu 
 Show sleep in the power options menu 
 Show hibernate in the power options menu 
 Do not show the 'new application installed' notification 
 Start File Explorer with ribbon minimized 
 Set a default associations configuration file 
 Allow the use of remote paths in file shortcut icons 
 Disallow WinRM from storing RunAs credentials 
 Require use of fast startup 
 Turn off the Store application 
 Turn off the Store application 
 Allow Store to install apps on Windows To Go workspaces 
 Turn off Automatic Download of updates 
 Set Cost 
 Turn off tile notifications 
 Turn off toast notifications 
 Turn off toast notifications on the lock screen 
 Turn off notifications network usage 
 Set 3G Cost 
 Set 4G Cost 

Windows 8.1

For full details, download the following file

image

 Policy Setting Name 
 
 Allow development of Windows Store apps without installing a developer license 
 Prevent enabling lock screen slide show 
 Prevent enabling lock screen camera 
 Force a specific background and accent color 
 Force a specific Start background 
 Force a specific default lock screen image 
 Allow users to select when a password is required when resuming from connected standby 
 Restrict delegation of credentials to remote servers 
 Prevent adding
 App switching 
 Charms 
 WinX 
 Automatically send memory dumps for OS-generated error reports 
 Automatically send memory dumps for OS-generated error reports 
 Configure Group Policy Caching 
 Configure Logon Script Delay 
 Turn off loading websites and content in the background to optimize performance 
 Turn on the swiping motion on Internet Explorer for the desktop 
 Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows 
 Allow Internet Explorer to use the SPDY/3 network protocol 
 Turn off phone number detection 
 Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar 
 Don't run antimalware programs against ActiveX controls 
 Don't run antimalware programs against ActiveX controls 
 Don't run antimalware programs against ActiveX controls 
 Don't run antimalware programs against ActiveX controls 
 Don't run antimalware programs against ActiveX controls 
 Don't run antimalware programs against ActiveX controls 
 Don't run antimalware programs against ActiveX controls 
 Don't run antimalware programs against ActiveX controls 
 Don't run antimalware programs against ActiveX controls 
 Don't run antimalware programs against ActiveX controls 
 Turn off loading websites and content in the background to optimize performance 
 Turn on the swiping motion on Internet Explorer for the desktop 
 Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows 
 Allow Internet Explorer to use the SPDY/3 network protocol 
 Turn off phone number detection 
 Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar 
 Don't run antimalware programs against ActiveX controls 
 Don't run antimalware programs against ActiveX controls 
 Don't run antimalware programs against ActiveX controls 
 Don't run antimalware programs against ActiveX controls 
 Don't run antimalware programs against ActiveX controls 
 Don't run antimalware programs against ActiveX controls 
 Don't run antimalware programs against ActiveX controls 
 Don't run antimalware programs against ActiveX controls 
 Don't run antimalware programs against ActiveX controls 
 Don't run antimalware programs against ActiveX controls 
 Prevent deleting ActiveX Filtering
 Prevent deleting ActiveX Filtering
 Allow cut
 Allow cut
 Allow cut
 Allow cut
 Allow cut
 Allow cut
 Allow cut
 Allow cut
 Allow cut
 Allow cut
 Allow cut
 Allow cut
 Allow cut
 Allow cut
 Allow cut
 Allow cut
 Allow cut
 Allow cut
 Allow cut
 Allow cut
 KDC support for claims
 Kerberos client support for claims
 Automatic Maintenance Random Delay 
 Use DNS name resolution when a single-label domain name is used
 At logoff
 Run Windows PowerShell scripts first at computer startup
 Run Windows PowerShell scripts first at user logon
 Run Windows PowerShell scripts first at user logon
 Disable indexing of removable drives 
 Don't search the web or display web results in Search 
 Don't search the web or display web results in Search over metered connections 
 Set what information is shared in Search 
 Set the SafeSearch setting for Search 
 Do not sync Apps 
 Do not sync start settings 
 
 
 
 Pin Apps to Start when installed 
 Start Screen Layout 
 Default 
 Default app 
 Default search 
 Sort 
 Multimon 
 Pin Apps to Start when installed 
 Start Screen Layout 
 Remove and prevent access to the Shut Down
 For tablet pen input
 For tablet pen input
 For touch input
 For touch input
 Include rarely used Chinese
 Include rarely used Chinese
 Set remote control session UAC desktop 
 Use advanced RemoteFX graphics for RemoteApp 
 Set remote control session UAC desktop 
 Set remote control permission request timeout 
 Enable Remote Desktop Protocol 8.0 
 User management of sharing user name
 Choose drive encryption method and cipher strength (Windows Vista
 Configure TPM platform validation profile (Windows Vista
 Allow antimalware service to startup with normal priority 
 Turn on virus definitions 
 Configure local administrator merge behavior for lists 
 Define addresses to bypass proxy server 
 Define proxy server for connecting to the network 
 Randomize scheduled task times 
 Allow antimalware service to remain running always 
 Extension Exclusions 
 Path Exclusions 
 Process Exclusions 
 Turn on protocol recognition 
 Turn on definition retirement 
 Define the rate of detection events for logging 
 IP address range Exclusions 
 Port number  Exclusions 
 Process Exclusions for outbound traffic 
 Threat ID Exclusions 
 Specify additional definition sets for network traffic inspection 
 Configure local setting override for the removal of items from Quarantine folder 
 Configure removal of items from Quarantine folder 
 Turn on behavior monitoring 
 Turn on Information Protection Control 
 Turn on network protection against exploits of known vulnerabilities 
 Scan all downloaded files and attachments 
 Monitor file and program activity on your computer 
 Turn on raw volume write notifications 
 Turn on process scanning whenever real-time protection is enabled 
 Define the maximum size of downloaded files and attachments to be scanned 
 Configure local setting override for turn on behavior monitoring 
 Configure local setting override for monitoring file and program activity on your computer 
 Configure local setting override to turn off Intrusion Prevention System 
 Configure local setting override for scanning all downloaded files and attachments 
 Configure local setting override to turn on real-time protection 
 Configure local setting override for monitoring for incoming and outgoing file activity 
 Configure monitoring for incoming and outgoing file and program activity 
 Configure local setting override for the time of day to run a scheduled full scan to complete remediation 
 Specify the day of the week to run a scheduled full scan to complete remediation 
 Specify the time of day to run a scheduled full scan to complete remediation 
 Configure time out for detections requiring additional action 
 Configure time out for detections in critically failed state 
 Configure Watson events 
 Configure time out for detections in non-critical failed state 
 Configure time out for detections in recently remediated state 
 Configure Windows software trace preprocessor components 
 Configure WPP tracing level 
 Allow users to pause scan 
 Specify the maximum depth to scan archive files 
 Specify the maximum size of archive files to be scanned 
 Specify the maximum percentage of CPU utilization during a scan 
 Scan archive files 
 Turn on catch-up full scan 
 Turn on catch-up quick scan 
 Turn on e-mail scanning 
 Turn on heuristics 
 Scan packed executables 
 Scan removable drives 
 Turn on reparse point scanning 
 Create a system restore point 
 Run full scan on mapped network drives 
 Scan network files 
 Configure local setting override for maximum percentage of CPU utilization 
 Configure local setting override for the scan type to use for a scheduled scan 
 Configure local setting override for schedule scan day 
 Configure local setting override for scheduled quick scan time 
 Configure local setting override for scheduled scan time 
 Turn on removal of items from scan history folder 
 Specify the interval to run quick scans per day 
 Start the scheduled scan only when computer is on but not in use 
 Specify the scan type to use for a scheduled scan 
 Specify the day of the week to run a scheduled scan 
 Specify the time for a daily quick scan 
 Specify the time of day to run a scheduled scan 
 Define the number of days before spyware definitions are considered out of date 
 Define the number of days before virus definitions are considered out of date 
 Define file shares for downloading definition updates 
 Turn on scan after signature update 
 Allow definition updates when running on battery power 
 Initiate definition update on startup 
 Define the order of sources for downloading definition updates 
 Allow definition updates from Microsoft Update 
 Allow real-time definition updates based on reports to Microsoft MAPS 
 Specify the day of the week to check for definition updates 
 Specify the time to check for definition updates 
 Allow notifications to disable definitions based reports to Microsoft MAPS 
 Define the number of days after which a catch-up definition update is required 
 Specify the interval to check for definition updates 
 Check for the latest virus and spyware definitions on startup 
 Configure local setting override for reporting to Microsoft MAPS 
 Specify threats upon which default action should not be taken when detected 
 Specify threat alert levels at which default action should not be taken when detected 
 Display notifications to clients when they need to perform actions 
 Display additional text to clients when they need to perform an action 
 Always automatically restart at the scheduled time 
 Specify Work Folders settings 
 Turn off tile notifications 
 Turn off toast notifications 
 Turn off toast notifications on the lock screen 
 Turn off notifications network usage 
 Turn off Quiet Hours 
 Set the time Quiet Hours begins each day 
 Set the time Quiet Hours ends each day 
 Turn off calls during Quiet Hours 
 Set 3G Cost 
 Set 4G Cost 
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • How to find Group Policy though? Search led me here, going to keep looking...

  • i'm trying to deploy 8.1 with a 2008 R2 server domain & no GP templates to control it!!????

  • @passerby

    Not really sure you mean 'How to find Group Policy'. Either modify local policy using gpedit.msc or open the GPMC from the 8.1 admin tools.

    @WTF_MS

    You'll need to copy the admx templates into the central store if you have one.

  • Great post, where's the best manual/book to master editing registry so to manage security policies on non-domain-bound field laptops; or an app like but better than manage engine desktop central? Coming from the Mac on a crash course with extreme curious interest. Many Thanks.

  • @McWin

    Not sure of any book, however if you want to apply GPO's to WORKGROUP computers, Security Compliance Manager (SCM) can perform this task.

    technet.microsoft.com/.../cc677002.aspx

    You could also use ConfigMgr Compliance Settings to modify the registry for non-domain joined machines if you're looking for a centralized solution.

    technet.microsoft.com/.../gg681958.aspx

  • There are multiple entries win Windows 8.1 for "Allow Cut" and "Don't run antimalware programs against ActiveX controls." Is that a misprint?

  • Is there a legend somewhere that tells me what green means? Orange? ping? blue?

  • how to restrict the background data in Windows 8.1.. while I connect 3G internet, it automatically use around 50 MB in 2 to 3 minutes in the background..please help me..

  • There are multiple entries win Windows 8.1 for "Allow Cut" and "Don't run antimalware programs against ActiveX controls." Is that a misprint? ** These came out of the updated GPO spreadsheets provided by the Product Group. I believe they're created using a script exporting all the policy settings, so I assume it’s caused by their script. Is there a legend somewhere that tells me what green means? Orange? ping? blue? ** This is my formatting to make it read easer. Each colour block is a different admx module, and there's no significance to what module is tagged with what colour. how to restrict the background data in Windows 8.1.. while I connect 3G internet, it automatically use around 50 MB in 2 to 3 minutes in the background..please help me.. ** I would suggest searching for all of the settings in both documents that contain the word "meter". Note that it is up to Modern App developers to make their Apps metered connection aware too! Matt

  • What is the color coding all about

  • fantastu work, just what I was looking for

  • @Anonymous

    It's just for formatting really. Each admx module I've colour coded so that it's easy to see what settings are related.

  • When my machines come out of sysprep without joining a domain it keeps installing the color printer in our subnet. Any Ideas?