System Policies and Restrictions

You can specify desktop, shell, and security settings across your organization.

Internet content providers, Internet service providers, and corporate administrators can specify default settings for their users.

Corporate administrators can customize and restrict numerous settings, ranging from whether users can delete printers to whether or not they can add items to their desktops.

For more information, see Understanding Settings and Restrictions.

You should understand the impact of the security settings on your users, especially if you have roaming users who share computers with other users. For more information, see the note below.

To set system policies and restrictions

1. Double-click each category to display the options.
2. Select or clear the check boxes you want.

Notes

• The settings displayed in the wizard are contained in administration (.adm) files that come with the IEAK. If you are familiar with .adm files, you can use the wizard to set the policies and restrictions you have set up in your own .adm files by clicking Import.
• If you remove the Run command from the Start menu setting for the Web Desktop, the initial start page (Start.htm) on a CD installation will not work properly.
• To ensure that the Trusted Publishers setting for the Security section of Internet Restrictions is effective, you should verify that security zones and policies are correctly set up.

User settings can be stored in a central location and then follow users from computer to computer as they log on. This could be useful, for example, for a user who needs low security settings but who uses a computer that is typically operated by someone whose security settings are very restrictive.

Customizing security settings

You can allow three typical levels of customization for security settings:

• Control, or "lock down," all settings.

  To lock down all settings

  1. Click Internet Restrictions, and then click Security.
  2. Select the Use only machine settings for security zones check box.
• Control user settings while allowing profiles for roaming users to be downloaded.

  You can specify that settings can't be changed, without locking out roaming users who have different profiles. The Windows roaming user feature allows users to download their settings from a server.

  To restrict a user from changing policies for a zone

  1. Click Internet Restrictions, and then click Security.
  2. Select the Do not allow users to change policies for any security zone check box.

  To restrict a user from adding or deleting sites

  1. Click Internet Restrictions, and then click Security.
  2. Select the Do not allow users to add/delete sites from a security zone check box.
• Customize initial settings, but allow user to modify them.

  In this stage of the wizard, you can customize many user settings, including security levels and ratings. Customizing the settings in this stage doesn't determine whether the user can control the settings.