If you enable this policy, users can’t set up the remote desktop sharing feature of NetMeeting. Thus, they also can’t use it to control their computers remotely.

If you enable this policy, when a user makes changes to a security zone, those changes apply to all users of that computer. If this policy is disabled, each user can set up their own security zone settings. A group of web sites with the same security level is a security zone.

If you enable this policy, users can’t change security zone settings the administrator has set up. A group of web sites with the same security level is a security zone.

If you enable this policy, users can’t add or remove sites from security zones. A group of web sites with the same security level is a security zone.

If you enable this policy, all users on a single computer can use the same proxy settings. If this policy is disabled, users can set their own proxy settings.

Enabling this policy ensures that Internet Explorer components aren’t automatically downloaded. This policy is recommended for administrators who wish to control the components that are downloaded onto their system.

Enabling this policy ensures that users aren’t notified if Microsoft Software Distribution Channel installs new components on their computer. This policy allows administrators to utilize the Software Distribution Channels to update their users’ programs without user intervention.

Enabling this policy ensures users can’t download new version of Internet Explorer components because they will not be automatically downloaded. This policy allows administrators to have version control across their system.

Enabling this policy ensures that the splash screen doesn’t appear for users on your system. The splash screen displays the program name, licensing, and copyright information.

When this policy is enabled, users can’t view or change the properties of an existing task, which simplifies task creation for beginning users. These properties may include the program the task runs, details of its schedule, idle time and power management settings, and its security context. Note that this policy appears in both the Computer Configuration and User Configuration folders, but the Computer Configuration folder takes precedence.

When this policy is enabled users can’t start or stop tasks manually. This means that users can’t force tasks to end before they are finished or start tasks manually. Note that this policy appears in both the Computer Configuration and User Configuration folders, but the Computer Configuration folder takes precedence.

When you enable this policy users can’t use the drag-and-drop method to move or copy programs in the Scheduled Tasks folder. This policy removes Cut, Copy, Paste, and Paste shortcut items on the context menu and the Edit menu in Scheduled Tasks. Note that this policy appears in both the Computer Configuration and User Configuration folders, but the Computer Configuration folder takes precedence.

When you enable this policy, users can’t create new tasks. This policy also prevents the system from responding when users try to move, paste, or drag programs or documents into the Scheduled Tasks folder. Note that this policy appears in both the Computer Configuration and User Configuration folders but the Computer Configuration folder takes precedence.

When you enable this policy, users can’t delete tasks from the Scheduled Tasks folder. Additionally, the system doesn’t respond if users try to cut or drag a task from the Scheduled Tasks folder. Note that this policy appears in both the Computer Configuration and User Configuration folders, but the Computer Configuration folder takes precedence.

When this policy is enabled, users can’t view or change the properties of newly created tasks, which simplifies task creation for beginning users. These properties may include the program the task runs, details of its schedule, idle time and power management settings, and its security context. Note that this policy appears in both the Computer Configuration and User Configuration folders, but the Computer Configuration folder takes precedence.

When this policy is enabled, users’ newly scheduled tasks are limited to items on the user’s Start menu, and users can’t change the scheduled program for existing tasks. Note that this policy appears in both the Computer Configuration and User Configuration folders, but the Computer Configuration folder takes precedence.

If you enable this policy, Windows Installer is disabled or restricted. You can use this policy to set up one of three installation policies: Never, For non-managed apps only, or Always.

Enabling this program directs Windows Installer to use system permissions when it installs any program on the system. This allows a user to install programs that require access to directories the user might not have permission to view or change. Note that this policy appears in both the Computer Configuration and User Configuration folders; the policy must be enabled in both folders to make the policy effective.

When this policy is enabled, Windows Installer doesn’t generate and save the files it needs to reverse an interrupted or unsuccessful installation; it is unable to record the original state of the computer. This policy reduces the amount of temporary disk space required to install programs.

If you enable this policy, users can’t search for installation files when they add features or components to an installed program. Thus, users’ only option is to choose an installation file source from the Use features from list. This list is configured by the system administrator.

If you enable this policy, users can’t install patches by using Windows Installer. Patches are program updates or upgrades that replace specific files.

If you enable this policy, a user on your system isn’t notified when web-based programs install software the user’s computer. By default, when web-based programs install software, users are warned and asked to select or refuse the installation.

Enabling this policy allows users to change installation options that are usually available only to system administrators. Note that this policy bypasses some Windows Installer security settings.

Enabling this policy allows users to search for installation files during privileged installations (installations with elevated privileges). System administrators usually perform this task because the default setting grants permission only to administrators.

If you enable this policy, users can use removable media, such as floppy disks and CD-ROMs, to install programs during privileged installations. System administrators usually perform this task because the default setting grants permission only to administrators.

If you enable this policy, users can upgrade programs during privileged installations. System administrators usually perform this task because the default setting grants permission only to administrators.

If you enable this policy, Terminal Services administrators can install and configure programs remotely. This policy enhances only the capabilities of system administrators; users can’t install and configure programs remotely.

Enabling this policy ensures that the transform file is saved in a secure location on the user’s computer. Usually transform files are saved into the user profile. This policy protects larger organizations that must safeguard transform files from unauthorized editing.

If you enable this policy, you can define which types of events the Windows Installer record. The list of events can be typed in any order and can include as many events as you choose.

Enabling this policy ensures that logon script processing is complete before the user starts working. If you enable this policy, the system waits for the logon scripts to finish running before it starts the Windows Explorer interface program and creates the desktop. Keep in mind that this policy can delay the appearance of the desktop.

If you enable this policy, the startup scripts’ (which are batch files) run simultaneously before the user is invited to log on to the system.

If you enable this policy, the startup scripts’ (which are batch files) instructions appear in a command window so that users can view them. This setting is recommended for advanced users only.

If you enable this policy, the shutdown scripts’ (which are batch files) instructions appear in a command window so that users can view them. This setting is recommended for advanced users only.

If you enable this policy, you can set the total time the system allows for all logon, startup, and shutdown scripts applied by Group Policy to finish running. The default setting lets scripts run for a total of 10 minutes.

If you enable this policy, the system doesn’t save a copy of a user’s roaming profile on the local computer’s hard drive when the user logs off. Be aware that you don’t want to use this policy if you are using the slow link detection feature of Windows 2000; that feature requires local copies of users’ roaming profiles.

If you enable this policy, the slow link detection feature is disabled. This feature measures the speed of the connection between a user’s computer and the remote server that stores the roaming user profile. Enabling this feature disables any system responses to a slow connection.

Enabling this policy allows you to set a threshold for slow connections for roaming user profiles. Note that if the “Do not detect slow network connections” policy is enabled it, this policy has no effect.

If you enable this policy, the system waits for the remote copy of the roaming user profile to load, regardless of how long loading takes. If you don’t enable this policy, the system loads the local copy of the roaming user profile when loading is slow.

Enabling this policy allows users to choose between two options when loading is slow: using a local copy of their user profile or waiting for the roaming user profile. If you don’t enable this policy, the local copy of the user profile is loaded automatically.

This policy allows you to specify how long the system should wait for a user response to a dialog box before the system uses a default value. The system’s default time is 30 seconds.

If you enable this policy, users are automatically logged off if the system can’t load their roaming user profile. This policy goes into effect if the system can’t find the roaming user profile, or if the profile has errors.

This policy allows you to specify how many times the system tries to unload and update the Registry portion of a user’s profile. The system’s default number of retries is 60. Setting the number to tells the system to try only once. This policy should be used with Terminal Services.

Enabling this policy provides disk quota management on all NTFS volumes of the computer. Administrators can’t change this setting if you enable the Enable disk quotas policy.

Enabling this policy ensures that users’ disk quota limits are enforced. The system responds as though the physical space on the volume were exhausted when a user reaches his or her disk quota limit. User settings that enable or disable quota enforcement on their volumes are superseded by this policy.

Enabling this policy allows you to set the default disk quota limit and the warning level for new users of the volume. The disk space users have at their disposal isn’t limited if you don’t configure this policy, or if you disable it. User settings that enable or disable quota enforcement on their volumes are superseded by this policy.

This policy ensures that when users reach their disk quota limit on a volume, an event is recorded in the Application log. If you don’t configure this policy, or if you disable it, the user’s disk quota status in the Quota Entries window changes, but an event isn’t recorded when the disk quota limit is met.

This policy ensures that when users reach their disk quota warning level on a volume, an event is recorded in the Application log. If you don’t configure this policy, or if you disable it, the user’s disk quota status in the Quota Entries window changes, but an event isn’t recorded when the disk quota warning level is met.

If you enable this policy, the disk quota policies in this folder also applies to NTFS filesystem volumes on removable media. The disk quota policies in this folder apply to fixed-media NTFS volumes only if you don’t configure this policy, or if you disable it.

Enabling this policy allows you to define primary Domain Name System (DNS) suffix for all affected computers. This suffix is used in DNS name registration and name resolution. If you enable this policy, users and administrators can’t change the suffix you choose.

If you enable this policy, Group Policy isn’t updated while the computer is in use. When the user logs off, the system updates the computer and user policies. If you disable it, updates can be applied while users are working.

If you enable this policy, the system can invite users to log on before Group Policy updates complete. Thus, the Windows interface could appear to be ready before computer Group Policy is applied.

If you enable this policy, the system can display the Windows desktop before user Group Policy complete. Thus, the Windows interface can appear to be ready before computer Group Policy is updated.

Enabling this policy allows you to set how often the Group Policy is updated on domain controllers while the computer is in use (the update occurs in the background). This policy’s updates occur in addition to the updates that occur on system startup. The default rate for updates is every five minutes.

Enabling this policy allows you to set how often the Group Policy for computers updates while the computer is in use (the update occurs in the background). This policy applies only to Group Policies in the Computer Configuration folder. The default rate for updates is every 90 minutes, with a random offset of to 30 minutes.

Enabling this policy allows you to direct the system to apply the set of Group Policy objects for the computer to any user who logs on to a computer affected by this policy. This policy is designed for computers used by many users, such as computers in libraries, classrooms, and so on.

Enabling this policy allows you to define a slow connection for purposes of applying and updating Group Policy for your system. Connection speed is determined by the rate at which data is transferred from the domain controller providing a policy update to the computers in the group. After you define the slow connection speed, the system interprets a slow connection as one that exceeds your specification.

Enabling this policy allows you to define when the policies in the Administrative Templates folder and any other policies that store values in the Registry are updated. This policy lets you select or ignore two options: Do not apply during periodic background processing and Process even if the Group Policy objects have not changed.

Enabling this policy allows you to define when disk quota policies are updated. This policy supersedes any customized settings the Internet Explorer Maintenance policy set when it was installed. This policy lets you select or ignore three options: Allow processing across a slow network connection, Do not apply during periodic background processing, and Process even if the Group Policy objects have not changed.

Enabling this policy allows you to define when software installation polices are updated. This policy supersedes any customized settings the program implementing the software installation policy set when it was installed. This policy lets you select or ignore two options: Allow processing across a slow network connection and Process even if the Group Policy objects have not changed.

Enabling this policy allows you to define when folder redirection policies are updated. This policy lets you select or ignore two options: Allow processing across a slow network connection and Process even if the Group Policy objects have not changed.

Enabling this policy allows you to define when policies that assign shared scripts are updated. This policy lets you select or ignore three options: Allow processing across a slow network connection, Do not apply during periodic background processing, and Process even if the Group Policy objects have not changed.

Enabling this policy allows you to define when security policies are updated. This policy lets you select or ignore three options: Allow processing across a slow network connection, Do not apply during periodic background processing, and Process even if the Group Policy objects have not changed.

Enabling this policy allows you to define when IP security polices are updated. This policy lets you select or ignore three options: Allow processing across a slow network connection, Do not apply during periodic background processing, and Process even if the Group Policy objects have not changed.

Enabling this policy allows you to define when encryption polices are updated. This policy lets you select or ignore three options: Allow processing across a slow network connection, Do not apply during periodic background processing, and Process even if the Group Policy objects have not changed.

Enabling this policy allows you to define when disk quota policies are updated. This policy lets you select or ignore three options: Allow processing across a slow network connection, Do not apply during periodic background processing, and Process even if the Group Policy objects have not changed.

Enabling this policy ensures that Windows File Protection enumerate and scan all system files for changes. This policy allows you to set up Windows File Protection to scan files more often. Files are scanned only during setup by default.

Enabling this policy ensures that the file scan progress window is hidden to users. This policy is recommended for organizations with beginning users; they are sometimes confused by this window.

You can use this policy to define the maximum amount of disk space the Windows File Protection file cache uses. You can select 4294967295 as the maximum amount of disk space if you wish to have an unlimited cache size.

You can use this policy to set up a location for the Windows File Protection cache that is different than the default. The default location is in the SystemrootSystem32Dllcache directory.

Controls whether the Offline Files feature is enabled or disabled. Once the Offline Files feature is set, users can’t change whether the feature is enabled or disabled.

This feature locks down the configuration you establish because it prevents users from disabling, enabling, or changing the configuration of the offline files.

Controls whether offline files are fully synchronized or quickly synchronized each night. If you don’t configure this policy, the system performs a quick synchronization by default, and users can change this setting.

Allows you to set the percentage of disk space that can store automatically cached offline files. If you don’t set this policy, by default the system limits the space that automatically cached files occupy to 10%.

Allows you to determine whether or not a network computer has access to network files if the computer is disconnected from the server. You can use the Action box to set the number of computers this policy applies to.

Controls how specific computers respond when they are disconnected from particular offline file servers. This policy supersedes the Action on server disconnect policy. Also, this policy can be set in the Computer Configuration and User Configuration folders; the Computer Configuration folder overrides the User Configuration folder setting.

Enabling this policy ensures that users can’t make network files and folders available offline. Be aware that this policy doesn’t prevent the system from saving local copies of files that reside on network shares designated for automatic caching. This policy appears in both the Computer Configuration and User Configuration folders; the Computer Configuration folder takes precedence.

Enabling this policy disables the Offline Files folder, and users can’t view or open copies of network files stored on their computer via the Offline Files Folder. This policy appears in both the Computer Configuration and User Configuration folders; the Computer Configuration folder takes precedence.

Enabling this policy allows you to list the types of files that can’t be used offline and exclude certain types of files from automatic and manual caching for offline use. This policy ensures that files that can’t be separated, such as database components, are safe.

Enabling this policy allows you to list the types of network files and folders that are always available for offline use. Also, users can access the specified files and folders offline. This policy appears in both the Computer Configuration and User Configuration folders; the Computer Configuration folder takes precedence.

Enabling this policy removes reminder balloons, which are enabled by default if offline files are enabled. This policy appears in both the Computer Configuration and User Configuration folders; the Computer Configuration folder takes precedence.

Enabling this policy allows you to specify how often reminder balloon updates appear. This policy allows you to change the update interval for reminders. This policy appears in both the Computer Configuration and User Configuration folders; the Computer Configuration folder takes precedence.

Enabling this policy allows you to specify how long the first reminder balloon for a network status change is displayed. The first reminder is 30 seconds long by default. This policy appears in both the Computer Configuration and User Configuration folders; the Computer Configuration folder takes precedence.

Enabling this policy allows you to change the duration of the update reminder from the default of 30 seconds for the first reminder and 15 seconds thereafter. This policy appears in both the Computer Configuration and User Configuration folders; the Computer Configuration folder takes precedence.

If you enable this policy, local copies of the user’s offline files are deleted when the user logs off. Be aware that files aren’t synchronized before they’re deleted. Changes to local files since the last synchronization are lost as a result.

Enabling this policy allows you to specify which events are recorded in the event log by the Offline Files feature. This policy allows you to add events to those recorded by default. Offline Files records an event only when the offline files storage cache is corrupted by default. This policy appears in both the Computer Configuration and User Configuration folders; the Computer Configuration folder takes precedence.

Enabling this policy ensures that subfolders are always available offline when their parent folder is made available offline. When you make a folder available offline, this policy makes all folders within that folder available offline. New folders that you create within a folder that is available offline are available offline after the parent folder is synchronized.

This policy determines whether administrators and power users can enable, disable, and configure the Internet Connection Sharing feature of a dial-up connection. Users can configure their system as an Internet gateway for a small network through Internet Connection Sharing. This policy appears in both the Computer Configuration and User Configuration folders; the Computer Configuration folder takes precedence.