AD_EnableFilter="Enable filter in Find dialog box"
AD_EnableFilter_Help="Displays the filter bar above the results of an Active Directory search. The filter bar consists of buttons for applying additional filters to search results.\n\nIf you enable this setting, the filter bar appears when the Active Directory Find dialog box opens, but users can hide it.\n\nIf you disable this setting or do not configure it, the filter bar does not appear, but users can display it by selecting "Filter" on the "View" menu.\n\nTo see the filter bar, open My Network Places, click Entire Network, and then click Directory. Right-click the name of a Windows domain, and click Find. Type the name of an object in the directory, such as "Administrator." If the filter bar does not appear above the resulting display, on the View menu, click Filter."
AD_HideDirectoryFolder="Hide Active Directory folder"
AD_HideDirectoryFolder_Help="Hides the Active Directory folder in My Network Places.\n\nThe Active Directory folder displays Active Directory objects in a browse window.\n\nIf you enable this setting, the Active Directory folder does not appear in the My Network Places folder.\n\nIf you disable this setting or do not configure it, the Active Directory folder appears in the My Network Places folder.\n\nThis setting is designed to let users search Active Directory but not tempt them to casually browse Active Directory."
AD_QueryLimit="Maximum size of Active Directory searches"
AD_QueryLimit_Box="Number of objects returned: "
AD_QueryLimit_Help="Specifies the maximum number of objects the system displays in response to a command to browse or search Active Directory. This setting affects all browse displays associated with Active Directory, such as those in Local Users and Groups, Active Directory Users and Computers, and dialog boxes used to set permissions for user or group objects in Active Directory.\n\nIf you enable this setting, you can use the "Number of objects returned" box to limit returns from an Active Directory search.\n\nIf you disable this setting or do not configure it, the system displays up to 10,000 objects. This consumes approximately 2 MB of memory or disk space.\n\nThis setting is designed to protect the network and the domain controller from the effect of expansive searches."
AddAdminGroupToRUP="Add the Administrators security group to roaming user profiles"
AddAdminGroupToRUP_Help="This setting adds the Administrator security group to the roaming user profile share.\n\nOnce an administrator has configured a users' roaming profile, the profile will be created at the user's next login. The profile is created at the location that is specified by the administrator.\n\nFor the Windows 2000 Professional and Windows XP Professional operating systems, the default file permissions for the newly generated profile are full control, or read and write access for the user, and no file access for the administrators group.\n\nBy configuring this setting, you can alter this behavior.\n\nIf you enable this setting, the administrator group is also given full control to the user's profile folder.\n\nIf you disable or do not configure it, only the user is given full control of their user profile, and the administrators group has no file system access to this folder.\n\nNote: If the setting is enabled after the profile is created, the setting has no effect.\n\nNote: The setting must be configured on the client computer, not the server, for it to have any effect, because the client computer sets the file share permissions for the roaming profile at creation time.\n\nNote: In the default case, administrators have no file access to the user's profile, but they may still take ownership of this folder to grant themselves file permissions.\n\nNote: The behavior when this setting is enabled is exactly the same behavior as in Windows NT 4.0."
AdminComponents_Help="Adds and deletes specified Web content items.\n\nYou can use the "Add" box in this setting to add particular Web-based items or shortcuts to users' desktops. Users can close or delete the items (if settings allow), but the items are added again each time the setting is refreshed.\n\nYou can also use this setting to delete particular Web-based items from users' desktops. Users can add the item again (if settings allow), but the item is deleted each time the setting is refreshed.\n\nNote: Removing an item from the "Add" list for this setting is not the same as deleting it. Items that are removed from the "Add" list are not removed from the desktop. They are simply not added again.\n\nNote: For this setting to take affect, you must log off and log on to the system."
AdministrativeServices="System"
ALLDrives="Restrict all drives"
AllowBrowse="Prohibit Browse"
AllowBrowseHelp="Limits newly scheduled to items on the user's Start menu, and prevents the user from changing the scheduled program for existing tasks.\n\nThis setting removes the Browse button from the Schedule Task Wizard and from the Task tab of the properties dialog box for a task. Also, users cannot edit the "Run" box or the "Start in" box that determine the program and path for a task.\n\nAs a result, when users create a task, they must select a program from the list in the Scheduled Task Wizard, which displays only the tasks that appear on the Start menu and its submenus. Once a task is created, users cannot change the program a task runs.\n\nImportant: This setting does not prevent users from creating a new task by pasting or dragging any program into the Scheduled Tasks folder. To prevent this action, use the "Prohibit Drag-and-Drop" setting.\n\nNote: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration."
AllowLockdownBrowse_Help="Allows users to search for installation files during privileged installations.\n\nThis setting enables the Browse button in the "Use feature from" dialog box. As a result, users can search for installation files, even when the installation program is running with elevated system privileges. By default, only system administrators can browse during installations with elevated privileges, such as installations offered on the desktop or displayed in Add or Remove Programs.\n\nBecause the installation is running with elevated system privileges, users can browse through directories that their own permissions would not allow.\n\nThis setting does not affect installations that run in the user's security context. Also, see the "Remove browse dialog box for new source" setting."
AllowLockdownBrowse="Enable user to browse for source while elevated"
AllowLockdownMedia_Help="Allows users to install programs from removable media, such as floppy disks and CD-ROMs, during privileged installations.\n\nThis setting permits all users to install programs from removable media, even when the installation program is running with elevated system privileges. By default, users can install programs from removable media only when the installation runs in the user's security context. During privileged installations, such as those offered on the desktop or displayed in Add or Remove Programs, only system administrators can install from removable media.\n\nThis setting does not affect installations that run in the user's security context. By default, users can install from removable media when the installation runs in their own security context.\n\nAlso, see the "Prevent removable media source for any install" setting in User Configuration\Administrative Templates\Windows Components\Windows Installer."
AllowLockdownMedia="Enable user to use media source while elevated"
AllowLockdownPatch_Help="Allows users to upgrade programs during privileged installations.\n\nThis setting permits all users to install patches, even when the installation program is running with elevated system privileges. Patches are updates or upgrades that replace only those program files that have changed. Because patches can easily be vehicles for malicious programs, some installations prohibit their use.\n\nBy default, only system administrators can apply patches during installations with elevated privileges, such as installations offered on the desktop or displayed in Add or Remove Programs.\n\nThis setting does not affect installations that run in the user's security context. By default, users can install patches to programs that run in their own security context. Also, see the "Prohibit patching" setting."
AllowLockdownPatch="Enable user to patch elevated products"
AllowWebPrinting_Help="Determines whether Internet printing is activated on this server.\n\nInternet printing lets you display printers on Web pages so the printers can be viewed, managed, and used across the Internet or an intranet.\n\nInternet printing is and extension of the Internet Information Server. IIS must be installed and the printing support must be enabled in order to use Internet Printing as well as this policy.\n\nNote: This setting affects the server side of Internet printing only. It does not prevent the print client on the computer from printing across the Internet.\n\nAlso, see the "Custom support URL in the Printers folder's left pane" setting in this folder and the "Browse a common web site to find printers" setting in User Configuration\Administrative Templates\Control Panel\Printers."
AllowWebPrinting="Web-based printing"
AllowWebPrinting_SupportedOn="Windows 2000 or later, running IIS. Not supported on Windows Server 2003"
AllowX-ForestPolicy-and-RUP ="Allow Cross-Forest User Policy and Roaming User Profiles"
AllowX-ForestPolicy-and-RUP_Help="Allows User based policy processing, Roaming User Profiles and User Object logon scripts for cross forest interactive logons.\n\nThis setting affects all user accounts interactively logging on to a computer in a different forest when a Cross Forest or 2-Way Forest trust exists.\n\nWhen this setting is Not Configured:\n- No user based policy settings are applied from the user's forest\n- User will not receive their roaming profiles, they will receive a local profile on the computer from the local forest. A warning message will be shown to the user, and an Event Log message (1529) will be posted.\n- Loopback Group Policy processing will be applied, using the Group Policy Objects scoped to the machine.\n- An Event Log message (1109) will be posted stating that Loopback was invoked in replace mode.\n\nWhen this setting is Enabled, the behavior is exactly the same as with Windows 2000 Server Family, User policy is applied and a roaming user profile is allowed from the trusted forest.\n\nWhen this setting is Disabled, the behavior is the same as Not Configured."
AlwaysInstallElevated_Help="Directs Windows Installer to use system permissions when it installs any program on the system.\n\nThis setting extends elevated privileges to all programs. These privileges are usually reserved for programs that have been assigned to the user (offered on the desktop), assigned to the computer (installed automatically), or made available in Add or Remove Programs in Control Panel. This setting lets users install programs that require access to directories that the user might not have permission to view or change, including directories on highly restricted computers.\n\nIf you disable this setting or do not configure it, the system applies the current user's permissions when it installs programs that a system administrator does not distribute or offer.\n\nNote: This setting appears both in the Computer Configuration and User Configuration folders. To make this setting effective, you must enable the setting in both folders.\n\nCaution: Skilled users can take advantage of the permissions this setting grants to change their privileges and gain permanent access to restricted files and folders. Note that the User Configuration version of this setting is not guaranteed to be secure."
AlwaysInstallElevated="Always install with elevated privileges"
AppCompat="Application Compatibility"
AppCompat_Help=""
AppCompatTurnOffEngine="Turn Off Application Compatibility Engine"
AppCompat_TurnOffEngine_Help=" This policy controls the state of the application compatibility engine in the system.\n\nThe engine is part of the loader and looks through a compatibility database every time an application is started on the system. If a match for the application is found it provides either run-time solutions or compatibility fixes, or displays an Application Help message if the application has a know problem.\n\nTurning off the application compatibility engine will boost system performance. However, this will degrade the compatibility of many popular legacy applications, and will not block known incompatible applications from installing. (For Instance: This may result in a blue screen if an old anti-virus application is installed.)\n\nThis option is useful to server administrators who require faster performance and are aware of the compatibility of the applications they are using. It is particularly useful for a web server where applications may be launched several hundred times a second, and the performance of the loader is essential."
AppCompatTurnOffProgramCompatWizard="Turn Off Program Compatibility Wizard"
AppCompat_TurnOffProgramCompatWizard_Help="This policy controls the state of the Program Compatibility Wizard.\n\nWhen enabled, this policy disables the start page of the wizard in the Help and Support Center, and in the Start Menu.\n\nThese entry points will still exist but the first page of the Help and Support Center wizard will let the user know that this option has been disabled."
AppCompatRemoveProgramCompatPropPage="Remove Program Compatibility Property Page"
AppCompat_RemoveProgramCompatPropPage_Help="This policy controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file.\n\nThe compatibility property page displays a list of options that can be selected and applied to the application to resolve the most common issues affecting legacy applications. Enabling this policy setting removes the property page from the context-menus, but does not affect previous compatibility settings applied to application using this interface."
AppCompatTurnOffAppLogEvents="Turn On Application Help Log Events"
AppCompat_TurnOffAppLogEvents_Help="The Application Help features blocks known incompatible applications and displays a dialog to the end-user regarding the problem. This dialog may include links to the web for downloading updates for the application, manual steps to work around an issue, or basic incompatibility information.\n\nEnabling this option turns on logging of Application Help events to the Application log."
AppCompatPrevent16Bit="Prevent access to 16-bit applications"
AppCompat_Prevent16Bit_Help="Specifies whether to prevent the MS-DOS subsystem (ntvdm.exe) from running for all users. This setting affects the launching of 16-bit applications in the operating system. By default, the MS-DOS subsystem runs for all users.\n\nYou can use this setting to turn off the MS-DOS subsystem, which will reduce resource usage and prevent users from running 16-bit applications. To run any 16-bit application or any application with 16-bit components, ntvdm.exe must be allowed to run. The MS-DOS subsystem starts when the first 16-bit application is launched. While the process is running, any subsequent 16-bit applications launch faster, but overall resource usage on the system is increased.\n\nIf the status is set to Enabled, ntvdm.exe is prevented from running, which then prevents any 16-bit applications from running. In addition, any 32-bit applications with 16-bit installers or other 16-bit components cannot run.\n\nIf the status is set to Disabled, the default setting applies and the MS-DOS subsystem runs for all users.\n\nIf the status is set to Not Configured, the default applies and ntvdm.exe runs for all users. However, if an administrator sets the registry DWORD value HKLM\System\CurrentControlSet\Control\WOW\DisallowedPolicyDefault to 1, the default changes to prevent all 16-bit applications from running.\n\nNote: This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting overrides."
AppCompatPrevent16BitMach="Prevent access to 16-bit applications"
AppCompat_Prevent16BitMach_Help="Specifies whether to prevent the MS-DOS subsystem (ntvdm.exe) from running on this computer. This setting affects the launching of 16-bit applications in the operating system. By default, the MS-DOS subsystem runs for all users on this computer.\n\nYou can use this setting to turn off the MS-DOS subsystem, which will reduce resource usage and prevent users from running 16-bit applications. To run any 16-bit application or any application with 16-bit components, ntvdm.exe must be allowed to run. The MS-DOS subsystem starts when the first 16-bit application is launched. While the MS-DOS subsystem is running, any subsequent 16-bit applications launch faster, but overall resource usage on the system is increased.\n\nIf the status is set to Enabled, ntvdm.exe is prevented from running, which then prevents any 16-bit applications from running. In addition, any 32-bit applications with 16-bit installers or other 16-bit components cannot run.\n\nIf the status is set to Disabled, the default setting applies and the MS-DOS subsystem runs for all users on this computer.\n\nIf the status is set to Not Configured, the default applies and ntvdm.exe runs for all users. However, if an administrator sets the registry DWORD value HKLM\System\CurrentControlSet\Control\WOW\DisallowedPolicyDefault to 1, the default changes to prevent all 16-bit applications from running.\n\nNote: This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting overrides."
AppMgmt_COM_SearchForCLSID="Download missing COM components"
AppMgmt_COM_SearchForCLSID_Help="Directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.\n\nMany Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM. These programs cannot perform all of their functions unless Windows has internally registered the required components.\n\nIf you enable this setting and a component registration is missing, the system searches for it in Active Directory and if it is found, downloads it. The resulting searches might make some programs start or run slowly.\n\nIf you disable this setting or do not configure it, the program continues without the registration. As a result, the program might not perform all of its functions, or it might stop.\n\nThis setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration."
ARP="Add or Remove Programs"
ATC_NoComponents_Help="Removes Active Desktop content and prevents users from adding Active Desktop content. \n\nThis setting removes all Active Desktop items from the desktop. It also removes the Web tab from Display in Control Panel. As a result, users cannot add Web pages or pictures from the Internet or an intranet to the desktop.\n\nNote: This setting does not disable Active Desktop. Users can still use image formats, such as JPEG and GIF, for their desktop wallpaper."
AutoPublishing_Help="Determines whether the Add Printer Wizard automatically publishes the computer's shared printers in Active Directory.\n\nIf you enable this setting or do not configure it, the Add Printer Wizard automatically publishes all shared printers.\n\nIf you disable this setting, the Add Printer Wizard does not automatically publish printers. However, you can publish shared printers manually.\n\nThe default behavior is to automatically publish shared printers in Active Directory. \n\nNote: This setting is ignored if the "Allow printers to be published" setting is disabled."
AutoPublishing="Automatically publish new printers in Active Directory"
Autorun_Box="Turn off Autoplay on:"
Autorun_NoCD="CD-ROM drives"
Autorun_None="All drives"
Autorun_Help="Turns off the Autoplay feature.\n\nAutoplay begins reading from a drive as soon as you insert media in the drive. As a result, the setup file of programs and the music on audio media start immediately.\n\nBy default, Autoplay is disabled on removable drives, such as the floppy disk drive (but not the CD-ROM drive), and on network drives.\n\nIf you enable this setting, you can also disable Autoplay on CD-ROM drives or disable Autoplay on all drives.\n\nThis setting disables Autoplay on additional types of drives. You cannot use this setting to enable Autoplay on drives on which it is disabled by default.\n\nNote: This setting appears in both the Computer Configuration and User Configuration folders. If the settings conflict, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nNote: This setting does not prevent Autoplay for music CDs."
Autorun="Turn off Autoplay"
Blank=" "
BITS_Job_Timeout="Background Intelligent Transfer Service (BITS) inactive job timeout"
BITS_Job_Timeout_Time="Inactive Job Timeout in Days:"
BITS_Job_Timeout_Help="The number of days a pending BITS job can remain inactive before being considered abandoned by the requestor.\n\nOnce a job is determined to be abandoned, it is removed by the system and any downloaded files pertaining to the job are deleted from the disk. Any property changes for the job or any successful download action resets this timer.\n\nIf the computer remains offline for a long period of time, no activity for the job will be recorded.\n\nYou might want to increase this value if computers tend to stay offline for a longer period of time and still have pending jobs. You might want to decrease this value if you are concerned about orphaned jobs occupying disk space.\n\nIf you enable this setting, you can configure the inactive job time-out to specified number of days. If you disable or do not configure this setting, the default value of 90 will be used for the inactive job time-out."
CADOptions="Ctrl+Alt+Del Options"
Cat_OfflineFiles="Offline Files"
Catname="Administrative Alerts"
ClassicShell_Help="This setting allows you to remove the Active Desktop and Web view features. If you enable this setting, it will disable the Active Desktop and Web view. Also, users cannot configure their system to open items by single-clicking (such as in Mouse in Control Panel). As a result, the user interface looks and operates like the interface for Windows NT 4.0, and users cannot restore the new features.\n\nNote: This setting takes precedence over the "Enable Active Desktop" setting. If both policies are enabled, Active Desktop is disabled.\n\nAlso, see the "Disable Active Desktop" setting in User Configuration\Administrative Templates\Desktop\Active Desktop and the "Remove the Folder Options menu item from the Tools menu" setting in User Configuration\Administrative Templates\Windows Components\Windows Explorer."
ClassicShell="Turn on Classic Shell"
ClearRecentDocsOnExit_Help="Clear history of recently opened documents on exit.\n\nIf you enable this setting, the system deletes shortcuts to recently used document files when the user logs off. As a result, the Documents menu on the Start menu is always empty when the user logs on.\n\nIf you disable or do not configure this setting, the system retains document shortcuts, and when a user logs on the Documents menu appears just as it did when the user logged off.\n\nNote: The system saves document shortcuts in the user profile in the System-drive\Documents and Settings\User-name\Recent folder.\n\nAlso, see the "Remove Documents menu from Start Menu" and "Do not keep history of recently opened documents" policies in this folder. The system only uses this setting when neither of these related settings are selected.\n\nThis setting does not clear the list of recent files that Windows programs display at the bottom of the File menu. See the "Do not keep history of recently opened documents" setting.\n\nThis policy setting also does not hide document shortcuts displayed in the Open dialog box. See the "Hide the dropdown list of recent files" setting."
ClearRecentDocsOnExit="Clear history of recently opened documents on exit"
Comdlg="Common Open File Dialog"
ComdlgSub="Common Open File Dialog Restrictions"
CompatibleRUPSecurity="Do not check for user ownership of Roaming Profile Folders"
CompatibleRUPSecurity_Help="This setting disables the more secure default setting for the user’s roaming user profile folder.\n\nOnce an administrator has configured a users' roaming profile, the profile will be created at the user's next login. The profile is created at the location that is specified by the administrator.\n\nFor Windows 2000 Professional pre-SP4 and Windows XP pre-SP1 operating systems, the default file permissions for the newly generated profile are full control access for the user and no file access for the administrators group. No checks are made for the correct permissions if the profile folder already exists. For Windows Server 2003 family, Windows 2000 Professional SP4 and Windows XP SP1, the default behavior is to check the folder for the correct permissions if the profile folder already exists, and not copy files to or from the roaming folder if the permissions are not correct.\n\nBy configuring this setting, you can alter this behavior.\n\nIf you enable this setting Windows will not check the permissions for the folder in the case where the folder exists.\n\nIf you disable or do not configure this setting AND the roaming profile folder exists AND the user or administrators group not the owner of the folder, Windows will NOT copy files to or from the roaming folder. The user will be shown an error message and an entry will be written to the event log. The user’s cached profile will be used, or a temporary profile issued if no cached profile exists. \n\nNote: The setting must be configured on the client computer not the server for it to have any effect because the client computer sets the file share permissions for the roaming profile at creation time.\n\nNote: The behavior when this setting is enabled is exactly the same behavior as in Windows 2000 Professional pre-SP4 and Windows XP Professional"
ConfirmFileDelete="Display confirmation dialog when deleting files"
ConfirmFileDelete_Help="Allows you to have Windows Explorer display a confirmation dialog whenever a file is deleted or moved to the Recycle Bin.\n\nIf you enable this setting, a confirmation dialog is displayed when a file is deleted or moved to the Recycle Bin by the user.\n\nIf you disable or do not configure this setting, the default behavior of not displaying a confirmation dialog occurs."
COnly="Restrict C drive only"
Connect_HomeDir_ToRoot_Explain="Restores the definitions of the %HOMESHARE% and %HOMEPATH% environment variables to those used in Windows NT 4.0 and earlier.\n\nIf you enable this setting, the system uses the Windows NT 4.0 definitions. If you disable this setting or do not configure it, the system uses the new definitions designed for the Windows 2000 operating system.\n\nAlong with %HOMEDRIVE%, these variables define the home directory of a user profile. The home directory is a persistent mapping of a drive letter on the local computer to a local or remote directory.\n\nBy default, in Windows 2000 Server Family, %HOMESHARE% stores the fully qualified path to the home directory (such as \\server\share\dir1\dir2\homedir). Users can access the home directory and any of its subdirectories from the home drive letter, but they cannot see or access its parent directories. %HOMEPATH% stores a final backslash and is included for compatibility with earlier systems.\n\nOn Windows NT 4.0 and earlier, %HOMESHARE% stores only the network share (such as \\server\share). %HOMEPATH% stores the remainder of the fully qualified path to the home directory (such as \dir1\dir2\homedir). As a result, users can access any directory on the home share by using the home directory drive letter.\n\nTip: To specify a home directory in Windows 2000 Server Family, in Active Directory Users and Computers or Local Users and Groups, right-click the name of a user account, click Properties, click the Profile tab, and in the "Home folder" section, select the "Connect" option and select a drive letter and home directory.\n\nExample: Drive Z is mapped to \\server\share\dir1\dir2\homedir.\n\nIf this setting is disabled or not configured (Windows 2000 Server Family behavior):\n\n-- %HOMEDRIVE% = Z: (mapped to \\server\share\dir1\dir2\homedir)\n\n-- %HOMESHARE% = \\server\share\dir1\dir2\homedir\n\n-- %HOMEPATH% = \\n\nIf the setting is enabled (Windows NT 4.0 behavior):\n\n-- %HOMEDRIVE% = Z: (mapped to \\server\share)\n\n-- %HOMESHARE% = \\server\share\n\n-- %HOMEPATH% = \dir1\dir2\homedir"
Connect_HomeDir_ToRoot="Connect home directory to root of the share"
ControlPanel="Control Panel"
CPL_Display_Disable="Remove Display in Control Panel"
CPL_Display_HideAppearance="Hide Appearance and Themes tab"
CSE_AppMgmt_Help="Determines when software installation policies are updated.\n\nThis setting affects all policies that use the software installation component of Group Policy, such as policies in Software Settings\Software Installation. You can set software installation policy only for Group Policy objects stored in Active Directory, not for Group Policy objects on the local computer.\n\nThis policy overrides customized settings that the program implementing the software installation policy set when it was installed.\n\nIf you enable this setting, you can use the check boxes provided to change the options. If you disable this setting or do not configure it, it has no effect on the system.\n\nThe "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.\n\nThe "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it."
CSE_DiskQuota="Disk Quota policy processing"
CSE_DiskQuota_Help="Determines when disk quota policies are updated.\n\nThis setting affects all policies that use the disk quota component of Group Policy, such as those in Computer Configuration\Administrative Templates\System\Disk Quotas.\n\nIt overrides customized settings that the program implementing the disk quota policy set when it was installed.\n\nIf you enable this setting, you can use the check boxes provided to change the options. If you disable this setting or do not configure it, it has no effect on the system.\n\nThe "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.\n\nThe "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. Background updates can disrupt the user, cause a program to stop or operate abnormally, and, in rare cases, damage data.\n\nThe "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it."
CSE_EFSRecovery="EFS recovery policy processing"
CSE_EFSRecovery_Help="Determines when encryption policies are updated.\n\nThis setting affects all policies that use the encryption component of Group Policy, such as policies related to encryption in Windows Settings\Security Settings.\n\nIt overrides customized settings that the program implementing the encryption policy set when it was installed.\n\nIf you enable this setting, you can use the check boxes provided to change the options. If you disable this setting or do not configure it, it has no effect on the system.\n\nThe "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.\n\nThe "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. Background updates can disrupt the user, cause a program to stop or operate abnormally, and, in rare cases, damage data.\n\nThe "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it."
CSE_FolderRedirection_Help="Determines when folder redirection policies are updated.\n\nThis setting affects all policies that use the folder redirection component of Group Policy, such as those in WindowsSettings\Folder Redirection. You can only set folder redirection policy for Group Policy objects, stored in Active Directory, not for Group Policy objects on the local computer.\n\nThis setting overrides customized settings that the program implementing the folder redirection policy set when it was installed.\n\nIf you enable this setting, you can use the check boxes provided to change the options. If you disable this setting or do not configure it, it has no effect on the system.\n\nThe "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.\n\nThe "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it."
CSE_IEM="Internet Explorer Maintenance policy processing"
CSE_IEM_Help="Determines when Internet Explorer Maintenance policies are updated.\n\nThis setting affects all policies that use the Internet Explorer Maintenance component of Group Policy, such as those in Windows Settings\Internet Explorer Maintenance.\n\nIt overrides customized settings that the program implementing the Internet Explorer Maintenance policy set when it was installed.\n\nIf you enable this setting, you can use the check boxes provided to change the options. If you disable this setting or do not configure it, it has no effect on the system.\n\nThe "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.\n\nThe "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. Background updates can disrupt the user, cause a program to stop or operate abnormally, and, in rare cases, damage data.\n\nThe "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it."
CSE_IPSecurity="IP Security policy processing"
CSE_IPSecurity_Help="Determines when IP security policies are updated.\n\nThis setting affects all policies that use the IP security component of Group Policy, such as policies in Computer Configuration\Windows Settings\Security Settings\IP Security Policies on Local Machine.\n\nIt overrides customized settings that the program implementing the IP security policy set when it was installed.\n\nIf you enable this setting, you can use the check boxes provided to change the options. If you disable this setting or do not configure it, it has no effect on the system.\n\nThe "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.\n\nThe "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. Background updates can disrupt the user, cause a program to stop or operate abnormally, and, in rare cases, damage data.\n\nThe "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it."
CSE_NOCHANGES="Process even if the Group Policy objects have not changed"
CSE_NOBACKGROUND="Do not apply during periodic background processing"
CSE_Registry="Registry policy processing"
CSE_Registry_Help="Determines when registry policies are updated.\n\nThis setting affects all policies in the Administrative Templates folder and any other policies that store values in the registry.\n\nIt overrides customized settings that the program implementing a registry policy set when it was installed.\n\nIf you enable this setting, you can use the check boxes provided to change the options. If you disable this setting or do not configure it, it has no effect on the system.\n\nThe "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. Background updates can disrupt the user, cause a program to stop or operate abnormally, and, in rare cases, damage data.\n\nThe "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it."
CSE_Security="Security policy processing"
CSE_Security_Help="Determines when security policies are updated.\n\nThis setting affects all policies that use the security component of Group Policy, such as those in Windows Settings\Security Settings.\n\nIt overrides customized settings that the program implementing the security policy set when it was installed.\n\nIf you enable this setting, you can use the check boxes provided to change the options. If you disable this setting or do not configure it, it has no effect on the system.\n\nThe "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. Background updates can disrupt the user, cause a program to stop or operate abnormally, and in rare cases, damage data.\n\nThe "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they be updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it."
CSE_Scripts="Scripts policy processing"
CSE_Scripts_Help="Determines when policies that assign shared scripts are updated.\n\nThis setting affects all policies that use the scripts component of Group Policy, such as those in WindowsSettings\Scripts.\n\nIt overrides customized settings that the program implementing the scripts policy set when it was installed.\n\nIf you enable this policy, you can use the check boxes provided to change the options. If you disable this setting or do not configure it, it has no effect on the system.\n\nThe "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.\n\nThe "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. Background updates can disrupt the user, cause a program to stop or operate abnormally, and, in rare cases, damage data.\n\nThe "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it."
CSE_SLOWLINK="Allow processing across a slow network connection"
CSE_Wireless="Wireless policy processing"
CSE_Wireless_Help="Determines when policies that assign wireless network settings are updated.\n\nThis setting affects all policies that use the wireless network component of Group Policy, such as those in WindowsSettings\Wireless Network Policies.\n\nIt overrides customized settings that the program implementing the wireless network set when it was installed.\n\nIf you enable this policy, you can use the check boxes provided to change the options. If you disable this setting or do not configure it, it has no effect on the system.\n\nThe "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.\n\nThe "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. Background updates can disrupt the user, cause a program to stop or operate abnormally, and, in rare cases, damage data.\n\nThe "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it."
CustomizedSupportUrl_Help="Adds a customized Web page link to the Printers folder.\n\nBy default, the Printers folder includes a link to the Microsoft Support Web page called "Get help with printing". It can also include a link to a Web page supplied by the vendor of the currently selected printer.\n\nYou can use this setting to replace the "Get help with printing" default link with a link to a Web page customized for your enterprise.\n\nIf you disable this setting or do not configure it, or if you do not enter an alternate Internet address, the default link will appear in the Printers folder.\n\nNote: Web pages links only appear in the Printers folder when Web view is enabled. If Web view is disabled, the setting has no effect. (To enable Web view, open the Printers folder, and, on the Tools menu, click Folder Options, click the General tab, and then click "Enable Web content in folders.")\n\nAlso, see the "Web-based printing" setting in this setting folder and the "Browse a common web site to find printers" setting in User Configuration\Administrative Templates\Control Panel\Printers.\n\nWeb view is affected by the "Turn on Classic Shell" and "Remove the Folder Options menu item from the Tools menu" settings in User Configuration\Administrative Templates\Windows Components\Windows Explorer, and by the "Enable Active Desktop" setting in User Configuration\Administrative Templates\Desktop\Active Desktop."
CustomizedSupportUrl_Link="URL"
CustomizedSupportUrl_Tip1="Specify the URL. For example, the url would: http://www.microsoft.com/support"
CustomizedSupportUrl="Custom support URL in the Printers folder's left pane"
DefaultDirectoryScope_Help="Determines which information source is the default starting point when users search for people.\n\nThis setting specifies the information source that appears in the "Look in" box in the Find People dialog box when the dialog box opens. (To open the Find People dialog box, click Start, click Search, and then click "For people.") Users can search in the default information source or use the drop-down list beside "Look in" to change the source. If users change the source, the last source used appears in the "Look in" box the next time it opens.\n\nIf you disable this setting or do not configure it, the source listed first in alphabetical order appears in the "Look in" box when it opens. By default, Address Book appears first.\n\nTo use this setting, type the DNS-friendly name or the NetBIOS name of the server that is hosting the source you want to list first.\n\nThis setting appears in the Computer Configuration and User Configuration folders. If these settings conflict, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nNote: This setting establishes a default value that users can change. It does not limit user actions or change system features."
DefaultDirectoryScope="Default directory scope"
DefaultExcludeMessage="Local Settings;Temporary Internet Files;History;Temp"
DefaultSizeMessage="You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage."
DefaultCategory_Help="Specifies the category of programs that appears when users open the "Add New Programs" page.\n\nIf you enable this setting, only the programs in the category you specify are displayed when the "Add New Programs" page opens. Users can use the Category box on the "Add New Programs" page to display programs in other categories.\n\nTo use this setting, type the name of a category in the Category box for this setting. You must enter a category that is already defined in Add or Remove Programs. To define a category, use Software Installation.\n\nIf you disable this setting or do not configure it, all programs (Category: All) are displayed when the "Add New Programs" page opens.\n\nYou can use this setting to direct users to the programs they are most likely to need.\n\nNote: This setting is ignored if either the "Remove Add or Remove Programs" setting or the "Hide Add New Programs page" setting is enabled."
DefaultCategory="Specify default category for Add New Programs"
DefaultCategoryBox="Category:"
DeleteRoamingCachedProfiles_Help="Determines whether the system saves a copy of a user’s roaming profile on the local computer's hard drive when the user logs off.\n\nThis setting, and related settings in this folder, together describe a strategy for managing user profiles residing on remote servers. In particular, they tell the system how to respond when a remote profile is slow to load.\n\nRoaming profiles reside on a network server. By default, when users with roaming profiles log off, the system also saves a copy of their roaming profile on the hard drive of the computer they are using in case the server that stores the roaming profile is unavailable when the user logs on again. The local copy is also used when the remote copy of the roaming user profile is slow to load.\n\nIf you enable this setting, any local copies of the user’s roaming profile are deleted when the user logs off. The roaming profile still remains on the network server that stores it.\n\nImportant: Do not enable this setting if you are using the slow link detection feature of Windows 2000 Professional and Windows XP Professional. To respond to a slow link, the system requires a local copy of the user’s roaming profile."
DeleteRoamingCachedProfiles="Delete cached copies of roaming profiles"
DenyRsopToInteractiveUser_Help="This setting controls the ability of users to view their Resultant Set of Policy (RSoP) data.\n\nBy default, interactively logged on users can view their own Resultant Set of Policy (RSoP) data.\n\nIf this setting is enabled, interactive users cannot generate RSoP data.\n\nIf this setting is not configured or disabled, interactive Users can generate RSoP.\n\nNote: This setting does not affect administrators. If this setting is enabled or disabled, by default, administrators can view RSoP data.\n\nNote: To view RSoP data on a client computer, use the RSoP snap-in for the Microsoft Management Console. You can launch the RSoP snap-in from the command line by typing RSOP.msc\n\nNote: This setting exists as both a User Configuration and Computer Configuration setting.\n\nAlso, see the "Turn off Resultant set of Policy Logging" setting in Computer Configuration\Administrative Templates\System\GroupPolicy."
DenyRsopToInteractiveUser="Disallow Interactive Users from generating Resultant Set of Policy data"
Desktop="Desktop"
DesktopDisplay="Desktop and Display"
DesktopSub="General Desktop"
DFSDiscoverDC="Sets how often a DFS Client discovers DC's"
DFSDiscoverDC_Help="Allows you to configure how often a Distributed File System (DFS) client attempts to discover domain controllers on their network.\n\nBy default, a DFS client attempts to discover domain controllers every 15 minutes.\n\nIf you enable this setting, you can configure how often a DFS client attempts to discover domain controllers. This value is specified in minutes.\n\nIf you disable this setting or do not configure it, the default value of 15 minutes applies.\n\nNote: The minimum value you can select is 15 minutes. If you try to set this setting to a value less then 15 minutes, the default value of 15 minutes is applied."
DFSDiscoverDialog="Time in minutes:"
DisableAdvanced="Hide Advanced Properties Checkbox in Add Scheduled Task Wizard"
DisableAdvancedHelp="This setting removes the "Open advanced properties for this task when I click Finish" checkbox from the last page of the Scheduled Task Wizard. This policy is only designed to simplify task creation for beginning users.\n\nThe checkbox, when checked, instructs Task Scheduler to automatically open the newly created task's property sheet upon completion of the "Add Scheduled Task" wizard. The task's property sheet allows users to change task characteristics such as: the program the task runs, details of its schedule, idle time and power management settings, and its security context. Beginning users will often not be interested or confused by having the property sheet displayed automatically. Note that the checkbox is not checked by default even if this setting is Disabled or Not Configured.\n\nNote: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration."
DisableAlways="Always"
DisableAutoADMUpdate="Turn off automatic update of ADM files"
DisableAutoADMUpdate_Help="Prevents the system from updating the Administrative Templates source files automatically when you open the Group Policy Object Editor. Administrators may want to use this if they are concerned about the amount of space used on the system volume of a DC.\n\nBy default, when you start the Group Policy Object Editor, a timestamp comparison is performed on the source files in the local %SYSTEMROOT%\inf directory and the source files stored in the GPO. If the local files are newer, they are copied into the GPO.\n\nChanging the status of this setting to Enabled will keep any source files from copying to the GPO.\n\nChanging the status of this setting to Disabled will enforce the default behavior. Files will always be copied to the GPO if they have a later timestamp.\n\nNOTE: If the Computer Configuration policy setting, "Always use local ADM files for the Group Policy Object Editor" is enabled, the state of this setting is ignored and always treated as Enabled."
DisableBackgroundPolicy_Help="Prevents Group Policy from being updated while the computer is in use. This setting applies to Group Policy for computers, users, and domain controllers.\n\nIf you enable this setting, the system waits until the current user logs off the system before updating the computer and user settings.\n\nIf you disable this setting, updates can be applied while users are working. The frequency of updates is determined by the "Group Policy refresh interval for computers" and "Group Policy refresh interval for users" settings.\n\nNote: If you make changes to this setting, you must restart your computer for it to take effect."
DisableBackgroundPolicy="Turn off background refresh of Group Policy"
DisableBrowse_Help="Prevents users from searching for installation files when they add features or components to an installed program.\n\nThis setting disables the Browse button beside the "Use feature from" list in the Windows Installer dialog box. As a result, users must select an installation file source from the "Use features from" list that the system administrator configures.\n\nThis setting applies even when the installation is running in the user's security context.\n\nIf you disable this setting or do not configure it, the Browse button is enabled when an installation is running in the user's security context. But only system administrators can browse when an installation is running with elevated system privileges, such as installations offered on the desktop or in Add or Remove Programs.\n\nThis setting affects Windows Installer only. It does not prevent users from selecting other browsers, such as Windows Explorer or My Network Places, to search for installation files.\n\nAlso, see the "Enable user to browse for source while elevated" setting."
DisableBrowse="Remove browse dialog box for new source"
DisableChangePassword_Help="Prevents users from changing their Windows password on demand.\n\nThis setting disables the "Change Password" button on the Windows Security dialog box (which appears when you press Ctrl+Alt+Del).\n\nHowever, users are still able to change their password when prompted by the system. The system prompts users for a new password when an administrator requires a new password or their password is expiring."
DisableChangePassword="Remove Change Password"
DisableCMD_Help="Prevents users from running the interactive command prompt, Cmd.exe. This setting also determines whether batch files (.cmd and .bat) can run on the computer.\n\nIf you enable this setting and the user tries to open a command window, the system displays a message explaining that a setting prevents the action.\n\nNote: Do not prevent the computer from running batch files if the computer uses logon, logoff, startup, or shutdown batch file scripts, or for users that use Terminal Services."
DisableCMD="Prevent access to the command prompt"
DisableCMDScripts="Disable the command prompt script processing also?"
DisableCMD_YES="Yes"
DisableCMD_NO="No"
DisableExplorerRunLegacy_Help="Ignores the customized run list.\n\nYou can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows XP Professional, Windows 2000 Professional, Windows NT Workstation 4.0 and earlier. These programs are added to the standard run list of programs and services that the system starts.\n\nIf you enable this setting, the system ignores the run list for Windows NT Workstation 4.0, Windows 2000 Professional, and Windows XP Professional.\n\nIf you disable or do not configure this setting, Windows 2000 adds any customized run list configured for Windows NT 4.0 and earlier to its run list.\n\nThis setting appears in the Computer Configuration and User Configuration folders. If both policies are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nNote: To create a customized run list by using a policy, use the "Run these applications at startup" setting.\n\nThe customized run lists for Windows NT 4.0 and earlier are stored in the registry in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run. They can be configured by using the "Run" setting in System Policy Editor for Windows NT 4.0 and earlier.\n\nAlso, see the "Do not process the run once list" setting."
DisableExplorerRunLegacy="Do not process the legacy run list"
DisableExplorerRunOnceLegacy_Help="Ignores customized run-once lists.\n\nYou can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.\n\nIf you enable this setting, the system ignores the run-once list.\n\nIf you disable this setting or do not configure it, the system runs the programs in the run-once list.\n\nThis setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nNote: Customized run-once lists are stored in the registry in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce.\n\nAlso, see the "Do not process the legacy run list" setting."
DisableExplorerRunOnceLegacy="Do not process the run once list"
DisableFRAdminPin="Do not automatically make redirected folders available offline"
DisableFRAdminPin_Help="All redirected shell folders, such as My Documents, Desktop, Start Menu, and Application Data, are available offline by default. This setting allows you to change this behavior so that redirected shell folders are not automatically available for offline use. However, users can still choose to make files and folders available offline themselves.\n\nIf you enable this setting, the users must manually select the files they wish to be made available offline.\n\nIf you disable this setting or do not configure it, redirected shell folders are automatically made available offline. All subfolders within the redirected folders are also made available offline.\n\nNote: This setting does not prevent files from being automatically cached if the network share is configured for "Automatic Caching", nor does it affect the availability of the "Make Available Offline" menu option in the user interface.\n\nNote: Do not enable this setting unless you are certain that users will not need access to all of their redirected files in the event that the network or server holding the redirected files becomes unavailable."
DisableLockComputer_Help="Prevents users from locking the system.\n\nWhile locked, the desktop is hidden and the system cannot be used. Only the user who locked the system or the system administrator can unlock it.\n\nTip:To lock a computer without configuring a setting, press Ctrl+Alt+Delete, and then click "Lock Computer.""
DisableLockComputer="Remove Lock Computer"
DisableLogoff="Remove Logoff"
DisableMedia_Help="Prevents users from installing programs from removable media.\n\nIf a user tries to install a program from removable media, such as CD-ROMs, floppy disks, and DVDs, a message appears, stating that the feature cannot be found.\n\nThis setting applies even when the installation is running in the user's security context.\n\nIf you disable this setting or do not configure it, users can install from removable media when the installation is running in their own security context, but only system administrators can use removable media when an installation is running with elevated system privileges, such as installations offered on the desktop or in Add or Remove Programs.\n\nAlso, see the "Enable user to use media source while elevated setting" in Computer Configuration\Administrative Templates\Windows Components\Windows Installer.\n\nAlso, see the "Hide the 'Add a program from CD-ROM or floppy disk' option" setting in User Configuration\Administrative Templates\Control Panel\Add or Remove Programs."
DisableMedia="Prevent removable media source for any install"
DisableMSI_Help="Disables or restricts the use of Windows Installer.\n\nThis setting can prevent users from installing software on their systems or permit users to install only those programs offered by a system administrator.\n\nIf you enable this setting, you can use the options in the Disable Windows Installer box to establish an installation setting.\n\n-- The "Never" option indicates Windows Installer is fully enabled. Users can install and upgrade software. This is the default behavior for Windows Installer on Windows 2000 Professional and Windows XP Professional when the policy is not configured.\n\n-- The "For non-managed apps only" option permits users to install only those programs that a system administrator assigns (offers on the desktop) or publishes (adds them to Add or Remove Programs). This is the default behavior of Windows Installer on Windows Server 2003 family when the policy is not configured.\n\n-- The "Always" option indicates that Windows Installer is disabled.\n\nThis setting affects Windows Installer only. It does not prevent users from using other methods to install and upgrade programs."
DisableMSI="Disable Windows Installer"
DisableNever="Never"
DisableNonManaged="For non-managed apps only"
DisableOnline="Prevent Windows Media DRM Internet Access"
DisableOnlineExplain="Prevents Windows Media Digital Rights Management (DRM) from accessing the Internet (or intranet).\n\nWhen enabled, Windows Media DRM is prevented from accessing the Internet (or intranet) for license acquisition and security upgrades.\n\nWhen this policy is enabled, programs are not able to acquire licenses for secure content, upgrade Windows Media DRM security components, or restore backed up content licenses. Secure content that is already licensed to the local computer will continue to play. Users are also able to protect music that they copy from a CD and play this protected content on their computer, since the license is generated locally in this scenario.\n\nWhen this policy is either disabled or not configured, Windows Media DRM functions normally and will connect to the Internet (or intranet) to acquire licenses, download security upgrades, and perform license restoration."
DisablePatch_Help="Prevents users from using Windows Installer to install patches.\n\nPatches are updates or upgrades that replace only those program files that have changed. Because patches can be easy vehicles for malicious programs, some installations prohibit their use.\n\nNote: This setting applies only to installations that run in the user's security context. By default, users who are not system administrators cannot apply patches to installations that run with elevated system privileges, such as those offered on the desktop or in Add or Remove Programs.\n\nAlso, see the "Enable user to patch elevated products" setting."
DisablePatch="Prohibit patching"
DisablePersonalDirChange_Help="Prevents users from changing the path to the My Documents folder.\n\nBy default, a user can change the location of the My Documents folder by typing a new path in the Target box of the My Documents Properties dialog box.\n\nIf you enable this setting, users are unable to type a new location in the Target box."
DisablePersonalDirChange="Prohibit user from changing My Documents path"
DisableRegedit_Help="Disables the Windows registry editor Regedit.exe.\n\nIf this setting is enabled and the user tries to start a registry editor, a message appears explaining that a setting prevents the action.\n\nTo prevent users from using other administrative tools, use the "Run only allowed Windows applications" setting."
DisableRegedit="Prevent access to registry editing tools"
DisableRollback_Help="Prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.\n\nThis setting prevents Windows Installer from recording the original state of the system and sequence of changes it makes during installation. It also prevents Windows Installer from retaining files it intends to delete later. As a result, Windows Installer cannot restore the computer to its original state if the installation does not complete.\n\nThis setting is designed to reduce the amount of temporary disk space required to install programs. Also, it prevents malicious users from interrupting an installation to gather data about the internal state of the computer or to search secure system files. However, because an incomplete installation can render the system or a program inoperable, do not use this setting unless it is essential.\n\nThis setting appears in the Computer Configuration and User Configuration folders. If the setting is enabled in either folder, it is considered be enabled, even if it is explicitly disabled in the other folder."
DisableRollback="Prohibit rollback"
DisableStatusMessages_Help="Suppresses system status messages.\n\nIf you enable this setting, the system does not display a message reminding users to wait while their system starts or shuts down, or while users log on or off."
DisableStatusMessages="Remove Boot / Shutdown / Logon / Logoff status messages"
DisableSystemPolicy_Help="Disables System Policy designed for Windows NT 4.0 and earlier.\n\nIn Windows 2000 Professional and Windows XP Professional, Group Policy replace the System Policy that System Policy Editor created on Windows NT 4.0 and earlier. However, Windows 2000 Professional and Windows XP Professional continues to support System Policy for installations that use them.\n\nIf you enable this setting, the system does not recognize or implement System Policy. However, it continues its full support for Group Policy. Note: If a computer is a member of an Active Directory, it will also not process System Policy."
DisableSystemPolicy="Disable System Policy (use Group Policy only)"
DisableTaskMgr_Help="Prevents users from starting Task Manager (Taskmgr.exe).\n\nIf this setting is enabled and users try to start Task Manager, a message appears explaining that a policy prevents the action.\n\nTask Manager lets users start and stop programs; monitor the performance of their computers; view and monitor all programs running on their computers, including system services; find the executable names of programs; and change the priority of the process in which programs run."
DisableTaskMgr="Remove Task Manager"
DisableUsersFromMachGP="Remove users ability to invoke machine policy refresh"
DisableUsersFromMachGP_Help="This setting allows you to control a user's ability to invoke a computer policy refresh.\n\nIf you enable this setting, users may not invoke a refresh of computer policy. Computer policy will still be applied at startup or when an official policy refresh occurs.\n\nIf you disable or do not configure this setting, the default behavior applies. By default, computer policy is applied when the computer starts up. It also applies at a specified refresh interval or when manually invoked by the user.\n\nNote: This setting only applies to non-administrators. Administrators can still invoke a refresh of computer policy at any time, no matter how this policy is configured.\n\nAlso, see the "Group Policy refresh interval for computers" setting to change the policy refresh interval.\n\nNote: If you make changes to this setting, you must restart your computer for it to take effect."
DisallowApps_Help="Prevents Windows from running the programs you specify in this setting.\n\nIf you enable this setting, users cannot run programs that you add to the list of disallowed applications.\n\nThis setting only prevents users from running programs that are started by the Windows Explorer process. It does not prevent users from running programs, such as Task Manager, that are started by the system process or by other processes. Also, if you permit users to gain access to the command prompt, Cmd.exe, this setting does not prevent them from starting programs in the command window that they are not permitted to start by using Windows Explorer. Note: To create a list of disallowed applications, click Show, click Add, and then enter the application executable name (e.g., Winword.exe, Poledit.exe, Powerpnt.exe)."
DisallowApps_Tip1=" "
DisallowApps_Tip2="To create a list of disallowed applications, click Show,"
DisallowApps_Tip3="then Add, and enter the application executable name"
DisallowApps="Don't run specified Windows applications"
DisallowAppsList="List of disallowed applications"
DisallowCpls_Help="Hides specified Control Panel items and folders.\n\nThis setting removes Control Panel items (such as Display) and folders (such as Fonts) from the Control Panel window and the Start menu. It can remove Control Panel items you have added to your system, as well as Control Panel items included in Windows 2000 Professional and Windows XP Professional.\n\nTo hide a Control Panel item, type the file name of the item, such as Ncpa.cpl (for Network). To hide a folder, type the folder name, such as Fonts.\n\nThis setting affects the Start menu and Control Panel window only. It does not prevent users from running Control Panel items.\n\nAlso, see the "Remove Display in Control Panel" setting in User Configuration\Administrative Templates\Control Panel\Display.\n\nIf both the "Hide specified Control Panel applets" setting and the "Show only specified Control Panel applets" setting are enabled, and the same item appears in both lists, the "Show only specified Control Panel applets" setting is ignored.\n\nNote: To find the file name of a Control Panel item, search for files with the .cpl file name extension in the %Systemroot%\System32 directory. Note: To create a list of disallowed Control Panel applets, click Show, click Add, and then enter the Control Panel file name (ends with .cpl) or the name displayed under that item in the Control Panel. (e.g., desk.cpl, powercfg.cpl, Printers and Faxes)\n\nNote: This setting does not affect the Categories that are displayed in the new Control Panel Category view in Windows XP. If you want to control which items are displayed in Control Panel, enable the "Force classic Control Panel Style" setting to remove the Category view, and then use this setting to control which .cpls are not displayed."
DisallowCpls="Hide specified Control Panel applets"
DisallowCplsList="List of disallowed Control Panel applets"
Display="Display"
DisplayErrors="Display error messages"
DLT_AllowDomainMode="Allow Distributed Link Tracking clients to use domain resources"
DLT_AllowDomainMode_Explain="Specifies that Distributed Link Tracking clients in this domain may use the Distributed LInk Tracking (DLT) server, which runs on domain controllers. The DLT client enables programs to track linked files that are moved within an NTFS volume, to another NTFS volume on the same computer, or to an NTFS volume on another computer. The DLT client can more reliably track links when allowed to use the DLT server. This policy should not be set unless the DLT server is running on all domain controllers in the domain."
DNS_RegistrationRefreshInterval_Help="Specifies the Registration Refresh Interval of A and PTR resource records for computers to which this setting is applied. This setting may be applied to computers using dynamic update only.\n\nComputers running Windows 2000 Professional and Windows XP Professional, and configured to perform dynamic DNS registration of A and PTR resource records, periodically reregister their records with DNS servers, even if their records’ data has not changed. This reregistration is required to indicate to DNS servers configured to automatically remove (scavenge) stale records that these records are current and should be preserved in the database.\n\nWarning: If the DNS resource records are registered in zones with scavenging enabled, the value of this setting should never be longer than the Refresh Interval configured for these zones. Setting the Registration Refresh Interval to longer than the Refresh Interval of the DNS zones might result in the undesired deletion of A and PTR resource records.\n\nTo specify the Registration Refresh Interval, click Enable, and then enter a value larger than 1800. Remember, this value specifies the Registration Refresh Interval in seconds, for example, 1800 seconds is 30 minutes.\n\nIf this setting is not configured, it is not applied to any computers, and computers use their local configuration."
DNS_RegistrationRefreshIntervalLabel="Seconds:"
DNS_RegistrationEnabled="Dynamic Update"
DNS_RegistrationEnabled_Help="Determines if dynamic update is enabled.\n\nComputers configured for dynamic update automatically register and update their DNS resource records with a DNS server.\n\nIf you enable this setting, the computers to which this setting is applied may use dynamic DNS registration on each of their network connections, depending on the configuration of each individual network connection. For a dynamic DNS registration to be enabled on a specific network connection, it is necessary and sufficient that both computer-specific and connection-specific configurations allow dynamic DNS registration. This setting controls the computer-specific property controlling dynamic DNS registration. If you enable this setting, you allow dynamic update to be set individually for each of the network connections.\n\nIf you disable this setting, the computers to which this setting is applied may not use dynamic DNS registration for any of their network connections, regardless of the configuration for individual network connections.\n\nIf this setting is not configured, it is not applied to any computers, and computers use their local configuration."
DNS_RegistrationOverwritesInConflict="Replace Addresses In Conflicts"
DNS_RegistrationOverwritesInConflict_Help="Determines whether a DNS client that attempts to register its A resource record should overwrite an existing A resource record or records containing conflicting IP addresses.\n\nThis setting is designed for computers that register A resource records in DNS zones that do not support Secure Dynamic Update. Secure Dynamic Update preserves ownership of resource records and does not allow a DNS client to overwrite records that are registered by other computers.\n\nDuring dynamic update of a zone that does not use Secure Dynamic Update, a DNS client may discover that an existing A resource record associates the client’s host DNS name with an IP address of a different computer. According to the default configuration, the DNS client attempts to replace the existing A resource record with an A resource record associating the DNS name with the client’s IP address.\n\nIf you enable this setting, DNS clients attempt to replace conflicting A resource records during dynamic update.\n\nIf you disable this setting, the DNS client still performs the dynamic update of A resource records, but if the DNS client attempts to update A resource records containing conflicts, this attempt fails and an error is recorded in the Event Viewer log.\n\nIf this setting is not configured, it is not applied to any computers, and computers use their local configuration."
DNS_RegisterReverseLookup="Register PTR Records"
DNS_RegisterReverseLookup_Help="Determines whether the registration of PTR resource records is enabled for the computers to which this policy is applied.\n\nBy default, DNS clients configured to perform dynamic DNS registration attempt PTR resource record registration only if they successfully registered the corresponding A resource record. "A" resource records map a host DNS name to the host IP address, and "PTR" resource records map the host IP address to the host DNS name.\n\nTo enable this setting, click Enable, and then select one of the following values:\n\nDo not register - computers never attempt PTR resource records registration.\n\nRegister - computers attempt PTR resource records registration regardless of the success of the A records registration.\n\nRegister only if A record registration succeeds – computers attempt PTR resource records registration only if they successfully registered the corresponding A resource records.\n\nIf this setting is not configured, it is not applied to any computers, and computers use their local configuration."
DNS_RegisterReverseLookup_DoNotRegister="Do not register"
DNS_RegisterReverseLookup_RegisterOnlyIfASucceeds="Register only if A record registration succeeds "
DNS_Domain="Connection-Specific DNS Suffix"
DNS_Domain_Help="Specifies a connection-specific DNS suffix. This setting supersedes the connection-specific DNS suffixes set on the computers to which this setting is applied, those configured locally and those configured using DHCP.\n\nWarning: A connection-specific DNS suffix specified in this setting is applied to all the network connections used by multihomed computers to which this setting is applied.\n\nTo use this setting, click Enable, and then enter a string value representing the DNS suffix in the available field.\n\nIf this setting is not configured, it is not applied to any computers, and computers use their local or DHCP-configuration parameters."
DNS_DomainLabel="DNS Suffix:"
DNS_RegisterAdapterName="Register DNS records with connection-specific DNS suffix"
DNS_RegisterAdapterName_Help="Determines if a computer performing dynamic registration may register A and PTR resource records with a concatenation of its Computer Name and a connection-specific DNS suffix, in addition to registering these records with a concatenation of its Computer Name and the Primary DNS suffix.\n\nWarning: Enabling of this group setting is applied to all the network connections of multihomed computers to which this setting is applied.\n\nBy default, a DNS client performing dynamic DNS registration registers A and PTR resource records with a concatenation of its Computer Name and the primary DNS suffix. For example, a concatenation of a Computer Name, such as "mycomputer", and the primary DNS suffix, such as "microsoft.com", would result in "mycomputer.microsoft.com".\n\nIf this setting were enabled, a computer would register A and PTR resource records with its connection-specific DNS suffix in addition to registering A and PTR resource records with the primary DNS suffix. For example, a concatenation of a Computer Name "mycomputer" and the connection specific DNS suffix "VPNconnection" would be used when registering A and PTR resource records, resulting in "mycomputer.VPNconnection". Notice that if dynamic DNS registration is disabled on a computer to which this setting is applied, then, regardless of this setting’s settings, a computer does not attempt dynamic DNS registration of A and PTR records containing a concatenation of its Computer Name and a connection-specific DNS suffix. If dynamic DNS registration is disabled on a specific network connection of a computer to which this setting is applied, then, regardless of this setting’s settings, a computer does not attempt dynamic DNS registration of A and PTR records containing a concatenation of its Computer Name and a connection-specific DNS suffix on that network connection.\n\nIf this setting is disabled, a DNS client does not register A and PTR resource records with its connection-specific DNS suffix.\n\nIf this setting is not configured, it is not applied to any computers, and computers use their local configuration."
DNS_NameServer="DNS Servers"
DNS_NameServer_Help="Defines the DNS servers to which a computer sends queries when it attempts to resolve names.\n\nWarning: The list of the DNS servers defined in this setting supersedes DNS servers configured locally and those configured using DHCP. The list of DNS servers is applied to all network connections of multihomed computers to which this setting is applied.\n\nTo use this setting, click Enable, and then enter a space-delimited list of IP addresses (in dotted decimal format) in the available field. If you enable this setting, you must enter at least one IP address.\n\nIf this setting is not configured, it is not applied to any computers, and computers use their local or DHCP-configured parameters."
DNS_NameServerLabel="IP Addresses:"
DNS_SearchList="DNS Suffix Search List"
DNS_SearchList_Help="Determines the DNS suffixes to attach to an unqualified single-label name before submission of a DNS query for that name.\n\nAn unqualified single-label name contains no dots, such as "example". This is different from a fully qualified domain name, such as "example.microsoft.com.".\n\nWith this setting enabled, when a user submits a query for a single-label name, such as "example", a local DNS client attaches a suffix, such as "microsoft.com", resulting in the query "example.microsoft.com", before sending the query to a DNS server.\n\nIf you enable this setting, you can specify the DNS suffixes to attach before submission of a query for an unqualified single-label name. The values of the DNS suffixes in this setting may be set using comma-separated strings, such as "microsoft.com,serverua.microsoft.com,office.microsoft.com". One DNS suffix is attached for each submission of a query. If a query is unsuccessful, a new DNS suffix is added in place of the failed suffix, and this new query is submitted. The values are used in the order they appear in the string, starting with the leftmost value and preceding to the right.\n\nIf you enable this setting, you must specify at least one suffix.\n\nIf you disable this setting, the primary DNS suffix and network connection-specific DNS suffixes are appended to the unqualified queries.\n\nIf this setting is not configured, it is not applied to any computers, and computers use their local configuration."
DNS_SearchListLabel="DNS Suffixes:"
DNS_UseDomainNameDevolution="Primary DNS Suffix Devolution"
DNS_UseDomainNameDevolution_Help="Determines whether the DNS client performs primary DNS suffix devolution in a name resolution process.\n\nWhen a user submits a query for a single-label name, such as "example", a local DNS client attaches a suffix, such as "microsoft.com", resulting in the query "example.microsoft.com", before sending the query to a DNS server.\n\nIf a DNS Suffix Search List is not specified, the DNS client attaches the Primary DNS Suffix to a single-label name, and, if this query fails, the Connection-Specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the Primary DNS Suffix of the computer (drops the leftmost label of the Primary DNS Suffix), attaches this devolved Primary DNS suffix to the single-label name, and submits this new query to a DNS server.\n\nFor example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label), and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further and the query example.microsoft.com is submitted. If this query fails, devolution continues and the query example.microsoft.com is submitted. The primary DNS suffix would not be devolved further because the DNS suffix has two labels, "microsoft.com". The primary DNS suffix cannot be devolved to less than two labels.\n\nIf this setting is enabled, DNS clients on the computers to which this setting is applied attempt to resolve names that are concatenations of the single-label name to be resolved and the devolved Primary DNS Suffix.\n\nIf this setting is disabled, DNS clients on the computers to which this setting is applied donot attempt to resolve names that are concatenations of the single-label name to be resolved and the devolved Primary DNS Suffix.\n\nIf this setting is not configured, it is not applied to any computers, and computers use their local configuration."
DNS_PrimaryDnsSuffix_Help="Specifies the primary Domain Name System (DNS) suffix for all affected computers. The primary DNS suffix is used in DNS name registration and DNS name resolution.\n\nThis setting lets you specify a primary DNS suffix for a group of computers and prevents users, including administrators, from changing it.\n\nIf you disable this setting or do not configure it, each computer uses its local primary DNS suffix, which is usually the DNS name of Active Directory domain to which it is joined. However, administrators can use System in Control Panel to change the primary DNS suffix of a computer.\n\nTo use this setting, in the text box provided, type the entire primary DNS suffix you want to assign. For example, microsoft.com.\n\nThis setting does not disable the DNS Suffix and NetBIOS Computer Name dialog box that administrators use to change the primary DNS suffix of a computer. However, if administrators enter a suffix, that suffix is ignored while this setting is enabled.\n\nImportant: To make changes to this setting effective, you must restart Windows on all computers affected by the setting.\n\nNote: To change the primary DNS suffix of a computer without setting a setting, click System in Control Panel, click the Network Identification tab, click Properties, click More, and then enter a suffix in the "Primary DNS suffix of this computer" box.\n\nFor more information about DNS, see "Domain Name System (DNS)" in Help."
DNS_PrimaryDnsSuffix="Primary DNS Suffix"
DNS_PrimaryDnsSuffixBox="Enter a primary DNS suffix:"
DNS_RegistrationTtl="TTL Set in the A and PTR records"
DNS_RegistrationTtl_Help="Specifies the value for the Time-To-Live (TTL) field in A and PTR resource records registered by the computers to which this setting is applied.\n\nTo specify the TTL, click Enable, and then enter a value in seconds (for example, the value 900 is 15 minutes).\n\nIf this setting is not configured, it is not applied to any computer."
DNS_RegistrationTtlLabel="Seconds:"
DNS_UpdateSecurityLevel="Update Security Level"
DNS_UpdateSecurityLevel_Help="Specifies whether the computers to which this setting is applied use secure dynamic update or standard dynamic update for registration of DNS records.\n\nTo enable this setting, click Enable, and then choose one of the following values.\n\nUnsecure followed by secure - if this option is chosen, computers send secure dynamic updates only when nonsecure dynamic updates are refused.\n\nOnly Unsecure - if this option is chosen, computers send only nonsecure dynamic updates.\n\nOnly Secure - if this option is chosen, computers send only secure dynamic updates.\n\nIf this setting is not configured, it is not applied to any computers, and computers use their local configuration."
DNS_UpdateSecurityLevel_UnsecureFollowedBySecure="Unsecure followed by Secure"
DNS_AppendToMultiLabelName="Append DNS Suffixes to resolve multi-label names"
DNS_AppendToMultiLabelName_Help="Determines whether local a DNS client should attach DNS suffixes to a multi-label, non-dot-terminated name prior to submission of a DNS query for that name.\n\nA multi-label, non-dot-terminated name contains at least one dot, but not as its first or last character, for example, "www.microsoft.com".\n\nWith this setting enabled, when a user submits a query for a multi-label, non-dot-terminated name, such as "www.microsoft.com", a local DNS client attempts to resolve the name as is, that is, as "www.microsoft.com." or "www.hr". If such name resolution fails, then DNS client attaches a suffix, such as "microsoft.com" or "example.net", resulting in the query "www.microsoft.com.microsoft.com." or "www.hr.example.net", and sends the query to a DNS server.\n\nWith this setting disabled, when a user submits a query for a multi-label, non-dot-terminated name, such as "www.microsoft.com" or "www.hr", a local DNS client attempts to resolve the name only as is, that is, as "www.microsoft.com." or "www.hr". Regardless of the query result, the DNS client does not attempt to attach any DNS suffix to the specified name, and it resolves the query for the concatenated name.\n\nIf this setting is not configured, it is not applied to any computers, and computers use their local configuration.
DNS_UpdateTopLevelDomainZones="Update Top Level Domain Zones"
DNS_UpdateTopLevelDomainZones_Help="Specifies whether the computers to which this setting is applied may send dynamic updates to the zones named with a single label name, also known as top-level domain zones, for example, "com".\n\nBy default, a DNS client configured to perform dynamic DNS update sends dynamic updates to the DNS zone that is authoritative for its DNS resource records, unless the authoritative zone is a top-level domain and root zone.\n\nIf this setting is enabled, computers to which this policy is applied send dynamic updates to any zone that is authoritative for the resource records that the computer needs to update, except the root zone.\n\nIf this setting is disabled, computers to which this policy is applied do not send dynamic updates to the root and/or top-level domain zones that are authoritative for the resource records that the computer needs to update.\n\nIf this setting is not configured, it is not applied to any computers, and computers use their local configuration."
DOnly="Restrict D drive only"
DownlevelBrowse_Help="Allows users to use the Add Printer Wizard to search the network for shared printers.\n\nIf you enable this setting or do not configure it, when users choose to add a network printer by selecting the "A network printer, or a printer attached to another computer" radio button on Add Printer Wizard's page 2, and also check the "Connect to this printer (or to browse for a printer, select this option and click Next)" radio button on Add Printer Wizard's page 3, and do not specify a printer name in the adjacent "Name" edit box, then Add Printer Wizard displays the list of shared printers on the network and invites to choose a printer from the shown list.\n\nIf you disable this setting, the network printer browse page is removed from within the Add Printer Wizard, and users cannot search the network but must type a printer name.\n\nNote: This setting affects the Add Printer Wizard only. It does not prevent users from using other programs to search for shared printers or to connect to network printers."
DownlevelBrowse="Browse the network to find printers"
Do_not_display_Manage_Your_Server_page="Do not display Manage Your Server page at logon"
Do_not_display_Manage_Your_Server_page_Explain="Specifies whether to turn off the automatic display of the Manage Your Server page.\n\n If the status is set to Enabled, the Manage Your Server page does not appear each time an administrator logs on to the server.\n\n If the status is set to Disabled or Not Configured, the Manage Your Server page does appear each time an administrator logs on to the server. However, if the administrator has selected the “Don’t display this page at logon” check box at the bottom of the Manage Your Server page, the page will not appear.\n\n Regardless of this setting's status, the Manage Your Server page is still available from the Start menu."
DQ_Enable_Help="Enables and disables disk quota management on all NTFS volumes of the computer, and prevents users from changing the setting.\n\nIf you enable this setting, disk quota management is enabled, and users cannot disable it.\n\nIf you disable the setting, disk quota management is disabled, and users cannot enable it.\n\nIf this setting is not configured, disk quota management is disabled by default, but administrators can enable it.\n\nTo prevent users from changing the setting while a setting is in effect, the system disables the "Enable quota management" option on the Quota tab of NTFS volumes.\n\nNote: This setting enables disk quota management but does not establish or enforce a particular disk quota limit. To specify a disk quota limit, use the "Default quota limit and warning level" setting. Otherwise, the system uses the physical space on the volume as the quota limit.\n\nNote: To enable or disable disk quota management without specifying a setting, in My Computer, right-click the name of an NTFS volume, click Properties, click the Quota tab, and then click the "Enable quota management" option."
DQ_Enable="Enable disk quotas"
DQ_Enforce_Help="Determines whether disk quota limits are enforced and prevents users from changing the setting.\n\nIf you enable this setting, disk quota limits are enforced. If you disable this setting, disk quota limits are not enforced. When you enable or disable the setting, the system disables the "Deny disk space to users exceeding quota limit" option on the Quota tab so administrators cannot make changes while the setting is in effect.\n\nIf the setting is not configured, the disk quota limit is not enforced by default, but administrators change the setting.\n\nEnforcement is optional. When users reach an enforced disk quota limit, the system responds as though the physical space on the volume were exhausted. When users reach an unenforced limit, their status in the Quota Entries window changes, but they can continue to write to the volume as long as physical space is available.\n\nNote: This setting overrides user settings that enable or disable quota enforcement on their volumes.\n\nNote: To specify a disk quota limit, use the "Default quota limit and warning level" setting. Otherwise, the system uses the physical space on the volume as the quota limit."
DQ_Enforce="Enforce disk quota limit"
DQ_Limit_Help="Specifies the default disk quota limit and warning level for new users of the volume.\n\nThis setting determines how much disk space can be used by each user on each of the NTFS file system volumes on a computer. It also specifies the warning level, the point at which the user's status in the Quota Entries window changes to indicate that the user is approaching the disk quota limit.\n\nThis setting overrides new users’ settings for the disk quota limit and warning level on their volumes, and it disables the corresponding options in the "Select the default quota limit for new users of this volume" section on the Quota tab.\n\nThis setting applies to all new users as soon as they write to the volume. It does not affect disk quota limits for current users or affect customized limits and warning levels set for particular users (on the Quota tab in Volume Properties).\n\nIf you disable this setting or do not configure it, the disk space available to users is not limited. The disk quota management feature uses the physical space on each volume as its quota limit and warning level.\n\nWhen you select a limit, remember that the same limit applies to all users on all volumes, regardless of actual volume size. Be sure to set the limit and warning level so that it is reasonable for the range of volumes in the group.\n\nThis setting is effective only when disk quota management is enabled on the volume. Also, if disk quotas are not enforced, users can exceed the quota limit you set. When users reach the quota limit, their status in the Quota Entries window changes, but users can continue to write to the volume."
DQ_Limit="Default quota limit and warning level"
DQ_LimitLabel="Default quota limit:"
DQ_LimitTip1="Specify a quota limit and warning level applied to users when"
DQ_LimitTip2="they first write to a quota-enabled volume."
DQ_LimitUnits="Units"
DQ_LimitValue="Value"
DQ_LogEventOverLimit_Help="Determines whether the system records an event in the local Application log when users reach their disk quota limit on a volume, and prevents users from changing the logging setting.\n\nIf you enable this setting, the system records an event when the user reaches their limit. If you disable this setting, no event is recorded. Also, when you enable or disable this setting, the system disables the "Log event when a user exceeds their quota limit" option on the Quota tab, so administrators cannot change the setting while a setting is in effect.\n\nIf the setting is not configured, no events are recorded, but administrators can use the Quota tab option to change the setting.\n\nThis setting is independent of the enforcement settings for disk quotas. As a result, you can direct the system to log an event, regardless of whether or not you choose to enforce the disk quota limit.\n\nAlso, this setting does not affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they have reached their limit, because their status in the Quota Entries window changes.\n\nNote: To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click the Quota tab."
DQ_LogEventOverLimit="Log event when quota limit exceeded"
DQ_LogEventOverThreshold_Help="Determines whether the system records an event in the Application log when users reach their disk quota warning level on a volume.\n\nIf you enable this setting, the system records an event. If you disable this setting, no event is recorded. When you enable or disable the setting, the system disables the corresponding "Log event when a user exceeds their warning level" option on the Quota tab, so that administrators cannot change logging while a setting is in effect.\n\nIf the setting is not configured, no event is recorded, but administrators can use the Quota tab option to change the logging setting.\n\nThis setting does not affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they have reached their warning level because their status in the Quota Entries window changes.\n\nNote: To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click the Quota tab."
DQ_LogEventOverThreshold="Log event when quota warning level exceeded"
DQ_RemovableMedia_Help="Extends the disk quota policies in this folder to NTFS file system volumes on removable media.\n\nIf you disable this setting or do not configure it, the disk quota policies established in this folder apply to fixed-media NTFS volumes only. Note: When this setting is applied, the computer will apply the disk quota to both fixed and removable media."
DQ_RemovableMedia="Apply policy to removable media"
DQ_ThresholdLabel="Default warning level:"
DQ_ThresholdUnits="Units"
DQ_ThresholdValue="Value"
DQ_UnitsEB="EB"
DQ_UnitsGB="GB"
DQ_UnitsKB="KB"
DQ_UnitsMB="MB"
DQ_UnitsPB="PB"
DQ_UnitsTB="TB"
DragAndDrop="Prohibit Drag-and-Drop"
DragAndDropHelp="Prevents users from adding or removing tasks by moving or copying programs in the Scheduled Tasks folder.\n\nThis setting disables the Cut, Copy, Paste, and Paste shortcut items on the context menu and the Edit menu in Scheduled Tasks. It also disables the drag-and-drop features of the Scheduled Tasks folder.\n\nAs a result, users cannot add new scheduled tasks by dragging, moving, or copying a document or program into the Scheduled tasks folder.\n\nThis setting does not prevent users from using other methods to create new tasks, and it does not prevent users from deleting tasks.\n\nNote: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration."
DriverSearchPlaces_Help="This setting configures the location that Windows searches for drivers when a new piece of hardware is found.\n\nBy default, Windows searches the following places for drivers: local installation, floppy drives, CD-ROM drives, Windows Update.\n\nUsing this setting, you may remove any or all of these from the search algorithm.\n\nIf you enable this setting, you can remove any of the three locations by selecting the associated check box beside the location name.\n\nIf you disable or do not configure this setting, Windows searches the location installation, floppy drives, CD-ROM drives, and Windows Update for drivers."
DriverSearchPlaces_Floppies="Don't search floppy disk drives"
DriverSearchPlaces_WindowsUpdate="Don't search Windows Update"
DriverSign_Block="Block"
DriverSign_None="Ignore"
DriverSign_Warn="Warn"
DriverSigning_Help="Determines how the system responds when a user tries to install device driver files that are not digitally signed.\n\nThis setting establishes the least secure response permitted on the systems of users in the group. Users can use System in Control Panel to select a more secure setting, but when this setting is enabled, the system does not implement any setting less secure than the one the setting established.\n\nWhen you enable this setting, use the drop-down box to specify the desired response.\n\n-- "Ignore" directs the system to proceed with the installation even if it includes unsigned files.\n\n-- "Warn" notifies the user that files are not digitally signed and lets the user decide whether to stop or to proceed with the installation and whether to permit unsigned files to be installed. "Warn" is the default.\n\n-- "Block" directs the system to refuse to install unsigned files. As a result, the installation stops, and none of the files in the driver package are installed.\n\nTo change driver file security without specifying a setting, use System in Control Panel. Right-click My Computer, click Properties, click the Hardware tab, and then click the Driver Signing button."
DriverSigning="Code signing for device drivers"
DriverSigningOp="When Windows detects a driver file without a digital signature:"
EE_EnablePersistentTimeStamp="Enable Persistent Time Stamp"
EE_EnablePersistentTimeStamp_Help="The Persistent System Timestamp allows the system to detect the time of unexpected shutdowns by writing the current time to disk on a schedule controlled by the Timestamp Interval.\n\nIf you enable this setting, the Persistent System Timestamp will be refreshed according to the Timestamp Interval.\n\nIf you disable this setting, the Persistent System Timestamp will be turned off and the timing of unexpected shutdowns will not be detected.\n\nIf you do not configure this setting, the default behavior will occur.\n\nNote: By default, the Persistent System Timestamp is refreshed every 60 seconds on the Windows Server 2003 family. This feature may interfere with power configuration settings that turn off hard disks after a period of inactivity. These power settings may be accessed in the Power Options Control Panel."
EE_EnablePersistentTimeStamp_Desc1="The setting allows you to customize how often the
EE_EnablePersistentTimeStamp_Desc2="Persistent System Time Stamp is written to the disk."
EE_EnablePersistentTimeStamp_Desc3="The range is 1 to 86400 seconds (1 day).
EE_EnablePersistentTimeStamp_Desc4="Seconds: "
EnableAdminTSRemote_Help="Allows Terminal Services administrators to install and configure programs remotely.\n\nBy default, system administrators can install programs only when system administrators are logged on to the computer on which the program is being installed. This setting creates a special exception for computers running Terminal Services.\n\nThis setting affects system administrators only. Other users cannot install programs remotely."
EnableAdminTSRemote="Allow admin to install from Terminal Services session"
EnableSlowLinkDetect_Help="Disables the slow link detection feature.\n\nSlow link detection measures the speed of the connection between a user's computer and the remote server that stores the roaming user profile. When the system detects a slow link, the related settings in this folder tell the system how to respond.\n\nIf you enable this setting, the system does not detect slow connections or recognize any connections as being slow. As a result, the system does not respond to slow connections to user profiles, and it ignores the settings that tell the system how to respond to a slow connection.\n\nIf you disable this setting or do not configure it, slow link detection is enabled. The system measures the speed of the connection between the user's computer and profile server. If the connection is slow (as defined by the "Slow network connection timeout for user profiles" setting), the system applies the other settings set in this folder to determine how to proceed. By default, when the connection is slow, the system loads the local copy of the user profile."
EnableSlowLinkDetect="Do not detect slow network connections"
EnableSlowLinkUI="Prompt user when slow link is detected"
EnableSlowLinkUI_Help="Notifies users when their roaming profile is slow to load. The notice lets users decide whether to use a local copy or to wait for the roaming user profile.\n\nIf you disable this setting or do not configure it, when a roaming user profile is slow to load, the system does not consult the user. Instead, it loads the local copy of the profile. If you have enabled the "Wait for remote user profile" setting, the system loads the remote copy without consulting the user.\n\nThis setting and related settings in this folder together define the system's response when roaming user profiles are slow to load.\n\nTo adjust the time within which the user must respond to this notice, use the "Timeout for dialog boxes" setting.\n\nImportant: If the "Do not detect slow network connections" setting is enabled, this setting is ignored. Also, if the "Delete cached copies of roaming profiles" setting is enabled, there is no local copy of the roaming profile to load when the system detects a slow connection."
EnableUserControl_Help="Permits users to change installation options that typically are available only to system administrators.\n\nThis setting bypasses some of the security features of Windows Installer. It permits installations to complete that otherwise would be halted due to a security violation.\n\nThe security features of Windows Installer prevent users from changing installation options typically reserved for system administrators, such as specifying the directory to which files are installed. If Windows Installer detects that an installation package has permitted the user to change a protected option, it stops the installation and displays a message. These security features operate only when the installation program is running in a privileged security context in which it has access to directories denied to the user.\n\nThis setting is designed for less restrictive environments. It can be used to circumvent errors in an installation program that prevents software from being installed."
EnableUserControl="Enable user control over installs"
EnforcePoliciesOnly="Enforce Show Policies Only"
EnforcePoliciesOnly_Help="Prevents administrators from viewing or using Group Policy preferences.\n\nA Group Policy administration (.adm) file can contain both true settings and preferences. True settings, which are fully supported by Group Policy, must use registry entries in the Software\Policies or Software\Microsoft\Windows\CurrentVersion\Policies registry subkeys. Preferences, which are not fully supported, use registry entries in other subkeys.\n\nIf you enable this setting, the "Show Policies Only" command is turned on, and administrators cannot turn it off. As a result, Group Policy Object Editor displays only true settings; preferences do not appear.\n\nIf you disable this setting or do not configure it, the "Show Policies Only" command is turned on by default, but administrators can view preferences by turning off the "Show Policies Only" command.\n\nNote: To find the "Show Policies Only" command, in Group Policy Object Editor, click the Administrative Templates folder (either one), right-click the same folder, and then point to "View."\n\nIn Group Policy Object Editor, preferences have a red icon to distinguish them from true settings, which have a blue icon."
EnforceShellExtensionSecurity_Help="This setting is designed to ensure that shell extensions can operate on a per-user basis. If you enable this setting, Windows is directed to only run those shell extensions that have either been approved by an administrator or that will not impact other users of the machine.\n\nA shell extension only runs if there is an entry in at least one of the following locations in registry.\n\nFor shell extensions that have been approved by the administrator and are available to all users of the computer, there must be an entry at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved.\n\nFor shell extensions to run on a per-user basis, there must be an entry at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved."
EnforceShellExtensionSecurity="Allow only per user or approved shell extensions"
Exclude_Tip1="You can enter multiple directory names, semi-colon separated,"
Exclude_Tip2="all relative to the root of the user's profile"
ExcludeDirectories_Help="Lets you add to the list of folders excluded from the user's roaming profile.\n\nThis setting lets you exclude folders that are normally included in the user's profile. As a result, these folders do not need to be stored by the network server on which the profile resides and do not follow users to other computers.\n\nBy default, the History, Local Settings, Temp, and Temporary Internet Files folders are excluded from the user's roaming profile.\n\nIf you enable this setting, you can exclude additional folders.\n\nIf you disable this setting or do not configure it, only the default folders are excluded.\n\nNote: You cannot use this setting to include the default folders in a roaming user profile."
ExcludeDirectories="Exclude directories in roaming profile"
ExcludeMessage="Prevent the following directories from roaming with the profile:"
Execution="Prevent Task Run or End"
ExecutionHelp="Prevents users from starting and stopping tasks manually.\n\nThis setting removes the Run and End Task items from the context menu that appears when you right-click a task. As a result, users cannot start tasks manually or force tasks to end before they are finished.\n\nNote: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration."
ExplorerWindow="Windows Explorer window"
ForceActiveDesktopOn_Help="Enables Active Desktop and prevents users from disabling it.\n\nThis setting prevents users from trying to enable or disable Active Desktop while a policy controls it.\n\nIf you disable this setting or do not configure it, Active Desktop is disabled by default, but users can enable it.\n\nNote: If both the "Enable Active Desktop" setting and the "Disable Active Desktop" setting are enabled, the "Disable Active Desktop" setting is ignored. If the "Turn on Classic Shell" setting ( in User Configuration\Administrative Templates\Windows Components\Windows Explorer) is enabled, Active Desktop is disabled, and both of these policies are ignored."
ForceActiveDesktopOn_Tip="Allows HTML and JPEG Wallpaper"
ForceActiveDesktopOn="Enable Active Desktop"
ForceClassicControlPanel="Force classic Control Panel Style"
ForceClassicControlPanel_Help="This setting affects the visual style and presentation of the Control Panel.\n\nIt allows you to disable the new style of Control Panel, which is task-based, and use the Windows 2000 style, referred to as the "classic" Control Panel. The new Control Panel, referred to as the "simple" Control Panel, simplifies how users interact with settings by providing easy-to-understand tasks that help users get their work done quickly. The Control Panel allows the users to configure their computer, add or remove programs, and change settings.\n\nIf you enable this setting, Control Panel sets the classic Control Panel. The user cannot switch to the new simple style.\n\nIf you disable this setting, Control Panel is set to the task-based style. The user cannot switch to the classic Control Panel style.\n\nIf you do not configure it, the default is the task-based style, which the user can change."
ForceStartMenuLogoff_Help="Adds the "Log Off <username>" item to the Start menu and prevents users from removing it.\n\nIf you enable this setting, the Log Off <username> item appears in the Start menu. This setting also removes the Display Logoff item from Start Menu Options. As a result, users cannot remove the Log Off <username> item from the Start Menu.\n\nIf you disable this setting or do not configure it, users can use the Display Logoff item to add and remove the Log Off item.\n\nThis setting affects the Start menu only. It does not affect the Log Off item on the Windows Security dialog box that appears when you press Ctrl+Alt+Del.\n\nNote: To add or remove the Log Off item on a computer, click Start, click Settings, click Taskbar and Start Menu, click the Start Menu Options tab, and then, in the Start Menu Settings box, click Display Logoff.\n\nAlso, see "Remove Logoff" in User Configuration\Administrative Templates\System\Logon/Logoff."
ForceStartMenuLogoff="Add Logoff to the Start Menu"
DiskQuota="Disk Quotas"
GPDCOptionAny="Use any available domain controller"
GPDCOptionInherit="Inherit from Active Directory Snap-ins"
GPDCOptions_Help="Determines which domain controller the Group Policy Object Editor snap-in uses.\n\n-- "Use the Primary Domain Controller" indicates that the Group Policy Object Editor snap-in reads and writes changes to the domain controller designated as the PDC Operations Master for the domain.\n\n-- "Inherit from Active Directory Snap-ins" indicates that the Group Policy Object Editor snap-in reads and writes changes to the domain controller that Active Directory Users and Computers or Active Directory Sites and Services snap-ins use.\n\n-- "Use any available domain controller" indicates that the Group Policy Object Editor snap-in can read and write changes to any available domain controller.\n\nIf you disable this setting or do not configure it, the Group Policy Object Editor snap-in uses the domain controller designated as the PDC Operations Master for the domain.\n\nNote: To change the PDC Operations Master for a domain, in Active Directory Users and Computers, right-click a domain, and then click "Operations Masters.""
GPDCOptionsDesc="When Group Policy Object Editor is selecting a domain controller to use, it should:"
GPOnly_Tip1="The System.adm file you have loaded requires Group Policy Object Editor"
GPOnly_Tip2="You cannot use the System Policy Editor"
GPOnly_Tip3="to display Group Policy settings."
GPOnly_Tip4=" "
GPOnly_Tip5="Refer to the Group Policy White Paper for more information."
GPOnly="Unsupported Administrative Templates"
GPOnlyPolicy="System.adm"
GPO_Script_Tip="Range is 0 to 32000, use 0 for infinite wait time"
GPRefreshRate_C_Desc1="This setting allows you to customize how often Group Policy is applied"
GPRefreshRate_C_Desc2="to computers. The range is 0 to 64800 minutes (45 days)."
GPRefreshRate_DC_Desc1="This setting allows you to customize how often Group Policy is applied"
GPRefreshRate_DC_Desc2="to domain controllers. The range is 0 to 64800 minutes (45 days)."
GPRefreshRate_U_Desc1="This setting allows you to customize how often Group Policy is applied"
GPRefreshRate_U_Desc2="to users. The range is 0 to 64800 minutes (45 days)."
GPRefreshRate="Minutes:"
GPRefreshRateOffset_Desc1="This is a random time added to the refresh interval to prevent"
GPRefreshRateOffset_Desc2="all clients from requesting Group Policy at the same time."
GPRefreshRateOffset_Desc3="The range is 0 to 1440 minutes (24 hours)"
GPRefreshRateOffset="Minutes:"
GPTransferRate_Help="Defines a slow connection for purposes of applying and updating Group Policy.\n\nIf the rate at which data is transferred from the domain controller providing a policy update to the computers in this group is slower than the rate specified by this setting, the system considers the connection to be slow.\n\nThe system's response to a slow policy connection varies among policies. The program implementing the policy can specify the response to a slow link. Also, the policy processing settings in this folder lets you override the programs' specified responses to slow links.\n\nTo use this setting, in the "Connection speed" box, type a decimal number between 0 and 4,294,967,200 (0xFFFFFFA0), indicating a transfer rate in kilobits per second. Any connection slower than this rate is considered to be slow. If you type 0, all connections are considered to be fast.\n\nIf you disable this setting or do not configure it, the system uses the default value of 500 kilobits per second.\n\nThis setting appears in the Computer Configuration and User Configuration folders. The setting in Computer Configuration defines a slow link for policies in the Computer Configuration folder. The setting in User Configuration defines a slow link for settings in the User Configuration folder.\n\nAlso, see the "Do not detect slow network connections" and related policies in Computer Configuration\Administrative Templates\System\User Profile. Note: If the profile server has IP connectivity, the connection speed setting is used. If the profile server does not have IP connectivity, the SMB timing is used."
GPTransferRate="Group Policy slow link detection"
GreyMSIAds="Gray unavailable Windows Installer programs Start Menu shortcuts"
GreyMSIAds_Help="Displays Start menu shortcuts to partially installed programs in gray text.\n\nThis setting makes it easier for users to distinguish between programs that are fully installed and those that are only partially installed.\n\nPartially installed programs include those that a system administrator assigns using Windows Installer and those that users have configured for full installation upon first use.\n\nIf you disable this setting or do not configure it, all Start menu shortcuts appear as black text.\n\nNote: Enabling this setting can make the Start menu slow to open."
GroupPolicyRefreshRate_Help="Specifies how often Group Policy for computers is updated while the computer is in use (in the background). This setting specifies a background update rate only for Group Policies in the Computer Configuration folder.\n\nIn addition to background updates, Group Policy for the computer is always updated when the system starts.\n\nBy default, computer Group Policy is updated in the background every 90 minutes, with a random offset of 0 to 30 minutes.\n\nYou can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals are not appropriate for most installations.\n\nIf you disable this setting, Group Policy is updated every 90 minutes (the default). To specify that Group Policy should never be updated while the computer is in use, select the "Turn off background refresh of Group Policy" policy.\n\nThe Group Policy refresh interval for computers policy also lets you specify how much the actual update interval varies. To prevent clients with the same update interval from requesting updates simultaneously, the system varies the update interval for each client by a random number of minutes. The number you type in the random time box sets the upper limit for the range of variance. For example, if you type 30 minutes, the system selects a variance of 0 to 30 minutes. Typing a large number establishes a broad range and makes it less likely that client requests overlap. However, updates might be delayed significantly.\n\nThis setting establishes the update rate for computer Group Policy. To set an update rate for user policies, use the "Group Policy refresh interval for users" setting (located in User Configuration\Administrative Templates\System\Group Policy).\n\nThis setting is only used when the "Turn off background refresh of Group Policy" setting is not enabled.\n\nNote: Consider notifying users that their policy is updated periodically so that they recognize the signs of a policy update. When Group Policy is updated, the Windows desktop is refreshed; it flickers briefly and closes open menus. Also, restrictions imposed by Group Policies, such as those that limit the programs users can run, might interfere with tasks in progress."
GroupPolicyRefreshRate="Group Policy refresh interval for computers"
GroupPolicyRefreshRateDC_Help="Specifies how often Group Policy is updated on domain controllers while they are running (in the background). The updates specified by this setting occur in addition to updates performed when the system starts.\n\nBy default, Group Policy on the domain controllers is updated every five minutes.\n\nYou can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the domain controller tries to update Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals are not appropriate for most installations.\n\nIf you disable this setting, the domain controller updates Group Policy every 5 minutes (the default). To specify that Group Policies for users should never be updated while the computer is in use, select the "Turn off background refresh of Group Policy" setting.\n\nThis setting also lets you specify how much the actual update interval varies. To prevent domain controllers with the same update interval from requesting updates simultaneously, the system varies the update interval for each controller by a random number of minutes. The number you type in the random time box sets the upper limit for the range of variance. For example, if you type 30 minutes, the system selects a variance of 0 to 30 minutes. Typing a large number establishes a broad range and makes it less likely that update requests overlap. However, updates might be delayed significantly.\n\nNote: This setting is used only when you are establishing policy for a domain, site, organizational unit (OU), or customized group. If you are establishing policy for a local computer only, the system ignores this setting."
GroupPolicyRefreshRateDC="Group Policy refresh interval for domain controllers"
GroupPolicyRefreshRateUser_Help="Specifies how often Group Policy for users is updated while the computer is in use (in the background). This setting specifies a background update rate only for the Group Policies in the User Configuration folder.\n\nIn addition to background updates, Group Policy for users is always updated when users log on.\n\nBy default, user Group Policy is updated in the background every 90 minutes, with a random offset of 0 to 30 minutes.\n\nYou can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update user Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals are not appropriate for most installations.\n\nIf you disable this setting, user Group Policy is updated every 90 minutes (the default). To specify that Group Policy for users should never be updated while the computer is in use, select the "Turn off background refresh of Group Policy" setting.\n\nThis setting also lets you specify how much the actual update interval varies. To prevent clients with the same update interval from requesting updates simultaneously, the system varies the update interval for each client by a random number of minutes. The number you type in the random time box sets the upper limit for the range of variance. For example, if you type 30 minutes, the system selects a variance of 0 to 30 minutes. Typing a large number establishes a broad range and makes it less likely that client requests overlap. However, updates might be delayed significantly.\n\nImportant: If the "Turn off background refresh of Group Policy" setting is enabled, this setting is ignored.\n\nNote: This setting establishes the update rate for user Group Policies. To set an update rate for computer Group Policies, use the "Group Policy refresh interval for computers" setting (located in Computer Configuration\Administrative Templates\System\Group Policy).\n\nTip: Consider notifying users that their policy is updated periodically so that they recognize the signs of a policy update. When Group Policy is updated, the Windows desktop is refreshed; it flickers briefly and closes open menus. Also, restrictions imposed by Group Policies, such as those that limit the programs a user can run, might interfere with tasks in progress."
GroupPolicyRefreshRateUser="Group Policy refresh interval for users"
HelpQualifiedRootDir_Comp="Restrict potentially unsafe HTML Help functions to specified folders"
HelpQualifiedRootDir="Restrict potentially unsafe HTML Help functions to specified folders"
HelpQualifiedRootDir_Edit="Enter folder names separated by semi-colons:"
HelpQualifiedRootDir_Help="With this policy, you can restrict certain HTML Help commands to function only in HTML Help (.chm) files within specified folders and their subfolders. Alternatively, you can disable these commands on the entire system. It is strongly recommended that only folders requiring administrative privileges be added to this policy.\n\nThe "Shortcut" command is used to add a link to a Help topic, and runs executables that are external to the Help file. The "WinHelp" command is used to add a link to a Help topic, and runs a WinHLP32.exe Help (.hlp) file.\n\nWhen this policy is disabled, or not configured, these commands are fully functional for all Help files. \n\nWhen this policy is enabled, the commands will function only for .chm files in the specified folders and their subfolders. \n\nTo restrict the commands to one or more folders, enable the policy and enter the desired folders in the text box on the settings tab of the Policy Properties dialog box. Use a semicolon to separate folders. For example, to restrict the commands to only .chm files in the %windir%\help folder and D:\somefolder, add the following string to the edit box: "%windir%\help;D:\somefolder".\n\nTo disallow the "Shortcut" and "WinHelp" commands on the entire local system, enable the policy and leave the text box on the settings tab of the Policy Properties dialog box blank.\n\nNote: An environment variable may be used, (for example, %windir%), so long as it is defined on the system. For example, %programfiles% is not defined on some early versions of Windows.\n\nNote: Only folders on the local computer can be specified in this policy. You cannot use this policy to enable the "Shortcut" and "WinHelp" commands for .chm files that are stored on mapped drives or accessed using UNC paths.\n\nFor additional options, see the "Restrict these programs from being launched from Help" policy."
HSS_HelpCenterPolicies="Help and Support Center"
HSS_HeadlinesPolicy="Do not allow "Did you know" content to appear"
HSS_HeadlinesPolicy_Explain="Specifies whether to display the dynamically updated "Did you know" content on the home page of Help and Support Center. \n\nThis policy lets you remove the "Did you know" section of content from the home page of Help and Support Center. This content is dynamically updated when users are connected to the Internet, and provides up-to-date information about Windows, the computer, or other helpful topics. \n\nIf you enable this policy, Help and Support Center will no longer display the "Did you know" content. \n\nIf you disable this policy or do not configure it, Help and Support Center displays the "Did you know" content according to the system’s setting. \n\nYou might want to enable this policy for users who do not have Internet access, as the content in the "Did you know" section will remain static indefinitely without an Internet connection."
IIS="Internet Information Services"
ImmortalPrintQueue_Help="Determines whether the domain controller can prune (delete from Active Directory) the printers published by this computer.\n\nBy default, the pruning service on the domain controller prunes printer objects from Active Directory if the computer that published them does not respond to contact requests. When the computer that published the printers restarts, it republishes any deleted printer objects.\n\nIf you enable this setting or do not configure it, the domain controller prunes this computer's printers when the computer does not respond.\n\nIf you disable this setting, the domain controller does not prune this computer's printers. This setting is designed to prevent printers from being pruned when the computer is temporarily disconnected from the network.\n\nNote: You can use the "Directory Pruning Interval" and "Directory Pruning Retry" settings to adjust the contact interval and number of contact attempts."
ImmortalPrintQueue="Allow pruning of published printers"
IncludeRegInProQuota="Include registry in file list"
Intellimenus_Help="Disables personalized menus.\n\nWindows personalizes long menus by moving recently used items to the top of the menu and hiding items that have not been used recently. Users can display the hidden items by clicking an arrow to extend the menu.\n\nIf you enable this setting, the system does not personalize menus. All menu items appear and remain in standard order. Also, this setting removes the "Use Personalized Menus" option so users do not try to change the setting while a setting is in effect.\n\nNote: Personalized menus require user tracking. If you enable the "Turn off user tracking" setting, the system disables user tracking and personalized menus and ignores this setting.\n\nTip: To Turn off personalized menus without specifying a setting, click Start, click Settings, click Taskbar and Start Menu, and then, on the General tab, clear the "Use Personalized Menus" option."
Intellimenus="Turn off personalized menus"
IntranetPrintersUrl_Help="Adds a link to an Internet or intranet Web page to the Add Printer Wizard.\n\nYou can use this setting to direct users to a Web page from which they can install printers.\n\nIf you enable this setting and type an Internet or intranet address in the text box, the system adds a Browse button to the "Specify a Printer" page in the Add Printer Wizard. The Browse button appears beside the "Connect to a printer on the Interner or on a home or office network" option. When users click Browse, the system opens an Internet browser and navigates to the specified URL address to display the available printers.\n\nThis setting makes it easy for users to find the printers you want them to add.\n\nAlso, see the "Custom support URL in the Printers folder's left pane" and "Web-based printing" settings in Computer Configuration\Administrative Templates\Printers."
IntranetPrintersUrl_Link="Printers Page URL"
IntranetPrintersUrl_Tip1="Enable this option to add a browse button for Internet printers "
IntranetPrintersUrl_Tip2="in the Add Printer Wizard. Use this setting to allow users browsing "
IntranetPrintersUrl_Tip3="the company's Intranet for printers. For example, you can "
IntranetPrintersUrl_Tip4="specify a URL like: http://www.company.com/printers. "
IntranetPrintersUrl_Tip5="To enable this option, the edit box below should not be empty."
IntranetPrintersUrl="Browse a common web site to find printers"
KMPrintersAreBlocked_Help="Determines whether printers using kernel-mode drivers may be installed on the local computer. Kernel-mode drivers have access to system-wide memory, and therefore poorly-written kernel-mode drivers can cause stop errors.\n\nIf you disable this setting, or do not configure it, then printers using a kernel-mode drivers may be installed on the local computer running Windows XP Home Edition and Windows XP Professional.\n\nIf you do not configure this setting on Windows Server 2003 family products, the installation of kernel-mode printer drivers will be blocked.\n\nIf you enable this setting, installation of a printer using a kernel-mode driver will not be allowed. \n\nNote: By applying this policy, existing kernel-mode drivers will be disabled upon installation of service packs or reinstallation of the Windows XP operating system. This policy does not affect 64-bit Itanium computers, because kernel-mode drivers cannot be installed on Intel 64-bit Itanium computers."
KMPrintersAreBlocked="Disallow installation of printers using kernel-mode drivers"
Lbl_AlwaysPinSubFoldersHelp1="Ensures all subfolders are available offline when a folder is made"
Lbl_AlwaysPinSubFoldersHelp2="available for offline use."
Lbl_AssignedOfflineFilesHelp1="Specify network files and folders that are always available offline."
Lbl_AssignedOfflineFilesHelp2="In the name field, type a fully-qualified UNC path for each file or folder. "
Lbl_AssignedOfflineFilesHelp3="Do not enter a value for the item."
Lbl_AssignedOfflineFilesList="Files and Folders: "
Lbl_CustomGoOfflineActionsHelp1="Specify non-default actions for servers that become unavailable."
Lbl_CustomGoOfflineActionsHelp2="Enter a server name paired with an action value listed below."
Lbl_CustomGoOfflineActionsHelp3="Values:"
Lbl_CustomGoOfflineActionsHelp4="0 = Work offline. Server's files are available to local computer"
Lbl_CustomGoOfflineActionsHelp5="1 = Never go offline. Server's files are unavailable to local computer"
Lbl_EventLoggingLevelHelp4="3 = Level 2 + log 'server available for reconnection'"
Lbl_EventLoggingLevelSpin="Enter [0-3]: "
Lbl_ExtExclusionListEdit="Extensions: "
Lbl_ExtExclusionListHelp1="Files may be excluded from caching on auto-cache shared folders based"
Lbl_ExtExclusionListHelp2="on their extension. Enter a list of extensions to be excluded. Extensions"
Lbl_ExtExclusionListHelp3="must be preceded by an asterisk and period. "e.g. *.dbf;*.ndx;*.lnk"
Lbl_Fail="Never go offline"
Lbl_FullSync="Full"
Lbl_GoOfflineActionCombo="Action: "
Lbl_GoOfflineActionHelp1="Specify how the system is to respond when a network server"
Lbl_GoOfflineActionHelp2="becomes unavailable."
Lbl_GoOfflineActionHelp3="Never go offline = Server's files are unavailable to local computer"
Lbl_GoOfflineActionHelp4="Work offline = Server's files are available to local computer"
Lbl_NoConfigCacheHelp1="Prevents users from changing any cache configuration settings."
Lbl_NoPinFilesHelp1="Click on Show and enter a UNC path for each file or folder"
Lbl_NoPinFilesList="Files and Folders: "
Lbl_PurgeOnlyAutoCachedFiles="Delete only the temporary offline files."
Lbl_PurgeAtLogoffHelp1="Causes the local copy of any offline file accessed by the user"
Lbl_PurgeAtLogoffHelp2="to be deleted when the user logs off of the computer."
Lbl_QuickSync="Quick"
Lbl_ReminderFreqHelp1="Number of minutes between reminder balloons"
Lbl_ReminderFreqSpin="Minutes: "
Lbl_ReminderInitTimeoutHelp1="Sets the lifetime of the initial notification balloon displayed"
Lbl_ReminderInitTimeoutHelp2="when an Offline Files event occurs."
Lbl_ReminderInitTimeoutSpin="Seconds: "
Lbl_ReminderTimeoutHelp1="Sets the lifetime of the balloon displayed periodically reminding"
Lbl_ReminderTimeoutHelp2="users of the current condition of Offline Files."
Lbl_ReminderTimeoutSpin="Seconds: "
Lbl_SlowLinkSpeed_Help1="Value entered is [ bps / 100 ] --> Example: 128,000bps, enter 1280"
Lbl_SlowLinkSpeedSpin="Value: "
Lbl_WorkOffline="Work offline"
LimitSize_Help="Sets the maximum size of each user profile and determines the system's response when a user profile reaches the maximum size.\n\nIf you disable this setting or do not configure it, the system does not limit the size of user profiles.\n\nIf you enable this setting, you can do the following:\n\n-- Set a maximum permitted user profile size;\n\n-- Determine whether the registry files are included in the calculation of the profile size;\n\n-- Determine whether users are notified when the profile exceeds the permitted maximum size;\n\n-- Specify a customized message notifying users of the oversized profile;\n\n-- Determine how often the customized message is displayed.\n\nNote: This setting affects both local and roaming profiles."
LimitSize="Limit profile size"
LinkResolveIgnoreLinkInfo_Help="Determines whether Windows traces shortcuts back to their sources when it cannot find the target on the user's system.\n\nShortcut files typically include an absolute path to the original target file as well as the relative path to the current target file. When the system cannot find the file in the current target path, then, by default, it searches for the target in the original path. If the shortcut has been copied to a different computer, the original path might lead to a network computer, including external resources, such as an Internet server.\n\nIf you enable this setting, Windows only searches the current target path. It does not search for the original path even when it cannot find the target file in the current target path."
LinkResolveIgnoreLinkInfo="Do not track Shell shortcuts during roaming"
LoadBalance="Load balancing"
LocalProfile="Only allow local user profiles"
LocalProfile_Help="This setting determines if roaming user profiles are available on a particular computer. By default, when roaming profile users log on to a computer, their roaming profile is copied down to the local computer. If they have already logged on to this computer in the past, the roaming profile is merged with the local profile. Similarly, when the user logs off this computer, the local copy of their profile, including any changes they have made, is merged with the server copy of their profile.\n\nUsing the setting, you can prevent users configured to use roaming profiles from receiving their profile on a specific computer.\n\nIf you enable this setting, the following occurs on the affected computer: At first logon, the user receives a new local profile, rather than the roaming profile. At logoff, changes are saved to the local profile. All subsequent logons use the local profile. \n\nIf you disable this setting or do not configure it, the default behavior occurs, as indicated above.\n\nIf you enable both the "Prevent Roaming Profile changes from propagating to the server" setting and the "Only allow local user profiles" setting, roaming profiles are disabled.\n\nNote: This setting only affects roaming profile users."
LockTaskbar="Lock the Taskbar"
LockTaskbar_Help="This setting effects the taskbar, which is used to switch between running applications.\n\nThe taskbar includes the Start button, list of currently running tasks, and the notification area. By default, the taskbar is located at the bottom of the screen, but it can be dragged to any side of the screen. When it is locked, it cannot be moved or resized.\n\nIf you enable this setting, it prevents the user from moving or resizing the taskbar. While the taskbar is locked, auto-hide and other taskbar options are still available in Taskbar properties.\n\nIf you disable this setting or do not configure it, the user can configure the taskbar position.\n\nNote: Enabling this setting also locks the quicklaunch bar and any other toolbars that the user has on their taskbar. The toolbar's position is locked, and the user cannot show and hide various toolbars using the taskbar context menu."
Logon="Logon"
LogonType="Always use classic logon"
LogonType_Help="This setting forces the user to log on to the computer using the classic logon screen. By default, a workgroup is set to use the simple logon screen. This setting only works when the computer is not on a domain."
Readonlyuserprofile="Prevent Roaming Profile changes from propagating to the server"
Readonlyuserprofile_Help="This setting determines if the changes a user makes to their roaming profile are merged with the server copy of their profile.\n\nBy default, when a roaming profile user logs on to a computer, their roaming profile is copied down to the local computer. If they have already logged on to this computer in the past, the roaming profile is merged with the local profile. Similiarly, when the user logs off this computer, the local copy of their profile, including any changes they have made, is merged with the server copy of their profile.\n\nUsing the setting, you can prevent changes made to a roaming profile on a particular computer from being persisted.\n\nIf you enable this setting, the following occurs on the affected computer: At login, the user receives their roaming profile. But, any changes a user makes to their profile will not be merged to their roaming profile when they log off.\n\nIf this setting is disabled or not configured, the default behavior occurs, as indicated above.\n\nNote: This setting only affects roaming profile users."
MaxGPOScriptWait="Seconds:"
MaxGPOScriptWaitPolicy_Help="Determines how long the system waits for scripts applied by Group Policy to run.\n\nThis setting limits the total time allowed for all logon, startup, and shutdown scripts applied by Group Policy to finish running. If the scripts have not finished running when the specified time expires, the system stops script processing and records an error event.\n\nBy default, the system lets the combined set of scripts run for up to 600 seconds (10 minutes), but you can use this setting to adjust this interval.\n\nTo use this setting, in the Seconds box, type a number from 1 to 32,000 for the number of seconds you want the system to wait for the set of scripts to finish. To direct the system to wait until the scripts have finished, no matter how long they take, type 0.\n\nThis interval is particularly important when other system tasks must wait while the scripts complete. By default, each startup script must complete before the next one runs. Also, you can use the "Run logon scripts synchronously" setting to direct the system to wait for the logon scripts to complete before loading the desktop.\n\nAn excessively long interval can delay the system and inconvenience users. However, if the interval is too short, prerequisite tasks might not be done, and the system can appear to be ready prematurely."
MaxGPOScriptWaitPolicy="Maximum wait time for Group Policy scripts"
MaxRecentDocs_Help="Determines how many shortcuts the system can display in the Documents menu on the Start menu.\n\nThe Documents menu contains shortcuts to the nonprogram files the user has most recently opened. By default, the system displays shortcuts to the 10 most recently opened documents."
MaxRecentDocs="Maximum number of recent documents"
MemCheckBoxInRunDlg_Help="Lets users run a 16-bit program in a dedicated (not shared) Virtual DOS Machine (VDM) process.\n\nAll DOS and 16-bit programs run on Windows 2000 Professional and Windows XP Professional in the Windows Virtual DOS Machine program. VDM simulates a 16-bit environment, complete with the DLLs required by 16-bit programs. By default, all 16-bit programs run as threads in a single, shared VDM process. As such, they share the memory space allocated to the VDM process and cannot run simultaneously.\n\nEnabling this setting adds a check box to the Run dialog box, giving users the option of running a 16-bit program in its own dedicated NTVDM process. The additional check box is enabled only when a user enters a 16-bit program in the Run dialog box."
MemCheckBoxInRunDlg="Add "Run in Separate Memory Space" check box to Run dialog box"
MMC_ActiveDirDomTrusts="Active Directory Domains and Trusts"
MMC_ActiveDirSitesServices="Active Directory Sites and Services"
MMC_ActiveDirUsersComp="Active Directory Users and Computers"
MMC_GroupPolicyTab="Group Policy tab for Active Directory Tools"
MMC_GroupPolicyTab_Explain="Permits or prohibits use of the Group Policy tab in property sheets for the Active Directory Users and Computers and Active Directory Sites and Services snap-ins.\n\nIf you enable this setting, the Group Policy tab is displayed in the property sheet for a site, domain, or organizational unit diplayed by the Active Directory Users and Computers and Active Directory Sites and Services snap-ins. If you disable the setting, the Group Policy tab is not displayed in those snap-ins.\n\nIf this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this tab is displayed.\n\n-- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users will not have access to the Group Policy tab.\n\n To explicitly permit use of the Group Policy tab, enable this setting. If this setting is not configured (or disabled), the Group Policy tab is inaccessible.\n\n-- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users will have access to the Group Policy tab.\n\n To explicitly prohibit use of the Group Policy tab, disable this setting. If this setting is not configured (or enabled), the Group Policy tab is accessible.\n\nWhen the Group Policy tab is inaccessible, it does not appear in the site, domain, or organizational unit property sheets."
MMC_GroupPolicy_RSoPSnapin="Resultant Set of Policy snap-in extensions"
MMC_LogicalMappedDrives="Logical and Mapped Drives"
MMC_OSPFRouting="OSPF Routing"
MMC_PerfLogsAlerts="Performance Logs and Alerts"
MMC_PublicKey="Public Key Policies"
MMC_QoSAdmission="QoS Admission Control"
MMC_RRA="Routing and Remote Access"
MMC_RAS_DialinUser="RAS Dialin - User Node"
MMC_RemoteAccess="Remote Access"
MMC_RemStore="Removable Storage"
MMC_Restrict_Author="Restrict the user from entering author mode"
MMC_restrict_Author_Explain="Prevents users from entering author mode.\n\nThis setting prevents users from opening the Microsoft Management Console (MMC) in author mode, explicitly opening console files in author mode, and opening any console files that open in author mode by default.\n\nAs a result, users cannot create console files or add or remove snap-ins. Also, because they cannot open author-mode console files, they cannot use the tools that the files contain.\n\nThis setting permits users to open MMC user-mode console files, such as those on the Administrative Tools menu in Windows 2000 Server family or Windows Server 2003 family. However, users cannot open a blank MMC console window on the Start menu. (To open the MMC, click Start, click Run, and type mmc.) Users also cannot open a blank MMC console window from a command prompt.\n\nIf you disable this setting or do not configure it, users can enter author mode and open author-mode console files."
MMC_Restrict_Explain="Permits or prohibits use of this snap-in.\n\nIf you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited.\n\nIf this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.\n\n-- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted.\n\n To explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or disabled), this snap-in is prohibited.\n\n-- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited.\n\n To explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear."
MMC_Restrict_To_Permitted_Snapins="Restrict users to the explicitly permitted list of snap-ins"
MMC_restrict_To_Permitted_Snapins_Explain="Lets you selectively permit or prohibit the use of Microsoft Management Console (MMC) snap-ins.\n\n-- If you enable this setting, all snap-ins are prohibited, except those that you explicitly permit. Use this setting if you plan to prohibit use of most snap-ins.\n\n To explicitly permit a snap-in, open the Restricted/Permitted snap-ins setting folder and enable the settings representing the snap-in you want to permit. If a snap-in setting in the folder is disabled or not configured, the snap-in is prohibited.\n\n-- If you disable this setting or do not configure it, all snap-ins are permitted, except those that you explicitly prohibit. Use this setting if you plan to permit use of most snap-ins.\n\n To explicitly prohibit a snap-in, open the Restricted/Permitted snap-ins setting folder and then disable the settings representing the snap-ins you want to prohibit. If a snap-in setting in the folder is enabled or not configured, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.\n\nNote: If you enable this setting, and you do not enable any settings in the Restricted/Permitted snap-ins folder, users cannot use any MMC snap-ins."
MMC_RESTRICT="Restricted/Permitted snap-ins"
MMC_ResultantSetOfPolicySnapIn="Resultant Set of Policy snap-in"
MSILogging_Help="Specifies the types of events that Windows Installer records in its transaction log for each installation. The log, Msi.log, appears in the Temp directory of the system volume.\n\nWhen you enable this setting, you can specify the types of events you want Windows Installer to record. To indicate that an event type is recorded, type the letter representing the event type. You can type the letters in any order and list as many or as few event types as you want.\n\nTo disable logging, delete all of the letters from the box.\n\nIf you disable this setting or do not configure it, Windows Installer logs the default event types, represented by the letters "iweap.""
MSILogging="Logging"
MSILoggingT1="To activate logging, enter one or more of the modes below."
MSILoggingT10="m - Out-of-memory"
MSILoggingT11="p - Terminal properties"
MSILoggingT12="v - Verbose output"
MSILoggingT13="o - Out of disk space messages"
MSILoggingT2=""iwearucmpvo" will log everything but adds time to the install."
MSILoggingT3="i - Status messages"
MSILoggingT4="w - Non-fatal warnings"
MSILoggingT5="e - All error messages"
MSILoggingT6="a - Start up of actions"
MSILoggingT7="r - Action-specific records"
MSILoggingT8="u - User requests"
MSILoggingT9="c - Initial UI parameters"
MSI_AllowUser="Allow User Installs"
MSI_DisableUserInstalls="Prohibit User Installs"
MSI_DisableUserInstalls_Help="This setting allows you to configure user installs. To configure this setting, set it to enabled and use the drop-down list to select the behavior you want.\n\nIf this setting is not configured, or if the setting is enabled and "Allow User Installs" is selected, the installer allows and makes use of products that are installed per user, and products that are installed per computer. If the installer finds a per-user install of an application, this hides a per-computer installation of that same product.\n\nIf this setting is enabled and "Hide User Installs" is selected, the installer ignores per-user applications. This causes a per-computer installed application to be visible to users, even if those users have a per-user install of the product registered in their user profile.\n\nIf this setting is enabled and "Prohibit User Installs" is selected, the installer prevents applications from being installed per user, and it ignores previously installed per-user applications. An attempt to perform a per-user installation causes the installer to display an error message and stop the installation. This setting is useful in environments where the administrator only wants per-computer applications installed, such as on a kiosk or a Windows Terminal Server."
MSI_DisAllowUser="Prohibit User Installs"
MSI_DisableSRCheckPoints="Turn off creation of System Restore Checkpoints"
MSI_DisableSRCheckPoints_Help="System Restore enables users, in the event of a problem, to restore their computers to a previous state without losing personal data files. By default, the Windows Installer automatically creates a System Restore checkpoint each time an application is installed, so that users can restore their computer to the state it was in before installing the application.\n\nIf you enable this setting, the windows Installer does not generate System Restore checkpoints when installing applications.\n\nIf you disable this setting or do not configure it, the Windows Installer automatically creates a System Restore checkpoint each time an application is installed.\n\nNote: This setting only applies to Windows XP Professional."
NC_RenameConnection_Help="Determines whether users can rename LAN or all user remote access connections.\n\nIf you enable this setting, the Rename option is enabled for all users. Users can rename connections by clicking the icon representing a connection or by using the File menu.\n\nIf you disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Rename option for LAN and all user remote access connections is disabled for all users (including Administrators and Network Configuration Operators).\n\nImportant: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf this setting is not configured, only Administrators and Network Configuration Operators have the right to rename LAN or all user remote access connections.\n\nNote: When configured, this setting always takes precedence over the "Ability to rename LAN connections" and "Ability to rename all user remote access connections" settings.\n\nNote: This setting does not prevent users from using other programs, such as Internet Explorer, to rename remote access connections."
NC_RenameConnection="Ability to rename LAN connections or remote access connections available to all users"
NC_LanChangeProperties_Help="Determines whether Administrators and Network Configuration Operators can change the properties of components used by a LAN connection.\n\nThis setting determines whether the Properties button for components of a LAN connection is enabled.\n\nIf you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties button is disabled for Administrators. Network Configuration Operators are prohibited from accessing connection components, regardless of the "Enable Network Connections settings for Administrators" setting.\n\nImportant: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting does not apply to administrators on post-Windows 2000 computers.\n\nIf you disable this setting or do not configure it, the Properties button is enabled for administrators and Network Configuration Operators.\n\nThe Local Area Connection Properties dialog box includes a list of the network components that the connection uses. To view or change the properties of a component, click the name of the component, and then click the Properties button beneath the component list.\n\nNote: Not all network components have configurable properties. For components that are not configurable, the Properties button is always disabled.\n\nNote: When the "Prohibit access to properties of a LAN connection" setting is enabled, users are blocked from accessing the Properties button for LAN connection components.\n\nNote: Network Configuration Operators only have permission to change TCP/IP properties. Properties for all other components are unavailable to these users.\n\nNote: Nonadministrators are already prohibited from accessing properties of components for a LAN connection, regardless of this setting."
NC_LanChangeProperties="Prohibit access to properties of components of a LAN connection"
NC_RasChangeProperties_Help="Determines whether users can view and change the properties of components used by a private or all-user remote access connection.\n\nThis setting determines whether the Properties button for components used by a private or all-user remote access connection is enabled.\n\nIf you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties button is disabled for all users (including administrators).\n\nImportant: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting does not apply to administrators on post-Windows 2000 computers.\n\nIf you disable this setting or do not configure it, the Properties button is enabled for all users.\n\nThe Networking tab of the Remote Access Connection Properties dialog box includes a list of the network components that the connection uses. To view or change the properties of a component, click the name of the component, and then click the Properties button beneath the component list.\n\nNote: Not all network components have configurable properties. For components that are not configurable, the Properties button is always disabled.\n\nNote: When the "Ability to change properties of an all user remote access connection" or "Prohibit changing properties of a private remote access connection" settings are set to deny access to the Remote Access Connection Properties dialog box, the Properties button for remote access connection components is blocked.\n\nNote: This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting."
NC_RasChangeProperties="Prohibit access to properties of components of a remote access connection"
NC_ShowSharedAccessUI_Help="Determines whether administrators can enable and configure the Internet Connection Sharing (ICS) feature of an Internet connection and if the ICS service can run on the computer.\n\nImportant: This setting is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed, this setting does not apply.\n\nICS lets administrators configure their system as an Internet gateway for a small network and provides network services, such as name resolution and addressing through DHCP, to the local private network.\n\nIf you enable this setting, ICS cannot be enabled or configured by administrators, and the ICS service cannot run on the computer. The Advanced tab in the Properties dialog box for a LAN or remote access connection is removed. The Internet Connection Sharing page is removed from the New Connection Wizard. The Network Setup Wizard is disabled.\n\nIf you disable this setting or do not configure it and have two or more connections, administrators can enable ICS. The Advanced tab in the properties dialog box for a LAN or remote access connection is available. In addition, the user is presented with the option to enable Internet Connection Sharing in the Network Setup Wizard and Make New Connection Wizard. (The Network Setup Wizard is available only in Windows XP Professional.)\n\nBy default, ICS is disabled when you create a remote access connection, but administrators can use the Advanced tab to enable it. When running the New Connection Wizard or Network Setup Wizard, administrators can choose to enable ICS.\n\nNote: Internet Connection Sharing is only available when two or more network connections are present.\n\nNote: When the "Prohibit access to properties of a LAN connection," "Ability to change properties of an all user remote access connection," or "Prohibit changing properties of a private remote access connection" settings are set to deny access to the Connection Properties dialog box, the Advanced tab for the connection is blocked.\n\nNote: Nonadministrators are already prohibited from configuring Internet Connection Sharing, regardless of this setting."
NC_ShowSharedAccessUI="Prohibit use of Internet Connection Sharing on your DNS domain network"
NC_PersonalFirewallConfig_Help="Prohibits use of Internet Connection Firewall on your DNS domain network.\n\nDetermines whether users can enable the Internet Connection Firewall feature on a connection, and if the Internet Connection Firewall service can run on a computer.\n\nImportant: This setting is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed, this setting does not apply.\n\nThe Internet Connection Firewall is a stateful packet filter for home and small office users to protect them from Internet network security threats.\n\nIf you enable this setting, Internet Connection Firewall cannot be enabled or configured by users (including administrators), and the Internet Connection Firewall service cannot run on the computer. The option to enable the Internet Connection Firewall through the Advanced tab is removed. In addition, the Internet Connection Firewall is not enabled for remote access connections created through the Make New Connection Wizard. The Network Setup Wizard is disabled.\n\nIf you disable this setting or do not configure it, the Internet Connection Firewall is disabled when a LAN Connection or VPN connection is created, but users can use the Advanced tab in the connection properties to enable it. The Internet Connection Firewall is enabled by default on the connection for which Internet Connection Sharing is enabled. In addition, remote access connections created through the Make New Connection Wizard have the Internet Connection Firewall enabled."
NC_PersonalFirewallConfig="Prohibit use of Internet Connection Firewall on your DNS domain network"
NC_AllowNetBridge_NLA="Prohibit installation and configuration of Network Bridge on your DNS domain network"
NC_AllowNetBridge_NLA_Help="Determines whether a user can install and configure the Network Bridge.\n\nImportant: This settings is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed, this setting does not apply.\n\nThe Network Bridge allows users to create a layer 2 MAC bridge, enabling them to connect two or more network segements together. This connection appears in the Network Connections folder.\n\nIf you disable this setting or do not configure it, the user will be able to create and modify the configuration of a Network Bridge. Enabling this setting does not remove an existing Network Bridge from the user's computer."
NC_AllowAdvancedTCPIPConfig_Help="Determines whether users can configure advanced TCP/IP settings.\n\nIf you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Advanced button on the Internet Protocol (TCP/IP) Properties dialog box is disabled for all users (including administrators). As a result, users cannot open the Advanced TCP/IP Settings Properties page and modify IP settings, such as DNS and WINS server information.\n\nImportant: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf you disable this setting, the Advanced button is enabled, and all users can open the Advanced TCP/IP Setting dialog box.\n\nNote: This setting is superseded by settings that prohibit access to properties of connections or connection components. When these policies are set to deny access to the connection properties dialog box or Properties button for connection components, users cannot gain access to the Advanced button for TCP/IP configuration.\n\nNote: Nonadministrators (excluding Network Configuration Operators) do not have permission to access TCP/IP advanced configuration for a LAN connection, regardless of this setting.\n\nTip: To open the Advanced TCP/IP Setting dialog box, in the Network Connections folder, right-click a connection icon, and click Properties. For remote access connections, click the Networking tab. In the "Components checked are used by this connection" box, click Internet Protocol (TCP/IP), click the Properties button, and then click the Advanced button.\n\nNote: Changing this setting from Enabled to Not Configured does not enable the Advanced button until the user logs off."
NC_AdvancedSettings_Help="Determines whether the Advanced Settings item on the Advanced menu in Network Connections is enabled for administrators.\n\nThe Advanced Settings item lets users view and change bindings and view and change the order in which the computer accesses connections, network providers, and print providers.\n\nIf you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Advanced Settings item is disabled for administrators.\n\nImportant: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf you disable this setting or do not configure it, the Advanced Settings item is enabled for administrators.\n\nNote: Nonadministrators are already prohibited from accessing the Advanced Settings dialog box, regardless of this setting."
NC_AdvancedSettings="Prohibit access to the Advanced Settings item on the Advanced menu"
NC_AddRemoveComponents_Help="Determines whether administrators can add and remove network components for a LAN or remote access connection. This setting has no effect on nonadministrators.\n\nIf you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Install and Uninstall buttons for components of connections are disabled, and administrators are not permitted to access network components in the Windows Components Wizard.\n\nImportant: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf you disable this setting or do not configure it, the Install and Uninstall buttons for components of connections in the Network Connections folder are enabled. Also, administrators can gain access to network components in the Windows Components Wizard.\n\nThe Install button opens the dialog boxes used to add network components. Clicking the Uninstall button removes the selected component in the components list (above the button).\n\nThe Install and Uninstall buttons appear in the properties dialog box for connections. These buttons are on the General tab for LAN connections and on the Networking tab for remote access connections.\n\nNote: When the "Prohibit access to properties of a LAN connection", "Ability to change properties of an all user remote access connection", or "Prohibit changing properties of a private remote access connection" settings are set to deny access to the connection properties dialog box, the Install and Uninstall buttons for connections are blocked.\n\nNote: Nonadministrators are already prohibited from adding and removing connection components, regardless of this setting."
NC_AddRemoveComponents="Prohibit adding and removing components for a LAN or remote access connection"
NC_LanProperties_Help="Determines whether users can change the properties of a LAN connection.\n\nThis setting determines whether the Properties menu item is enabled, and thus, whether the Local Area Connection Properties dialog box is available to users.\n\nIf you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties menu items are disabled for all users, and users cannot open the Local Area Connection Properties dialog box.\n\nImportant: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf you disable this setting or do not configure it, a Properties menu item appears when users right-click the icon representing a LAN connection. Also, when users select the connection, Properties is enabled on the File menu.\n\nNote: This setting takes precedence over settings that manipulate the availability of features inside the Local Area Connection Properties dialog box. If this setting is enabled, nothing within the properties dialog box for a LAN connection is available to users.\n\nNote: Nonadministrators have the right to view the properties dialog box for a connection but not to make changes, regardless of this setting."
NC_LanProperties="Prohibit access to properties of a LAN connection"
NC_ChangeBindState_Help="Determines whether administrators can enable and disable the components used by LAN connections.\n\nIf you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the check boxes for enabling and disabling components are disabled. As a result, administrators cannot enable or disable the components that a connection uses.\n\nImportant: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf you disable this setting or do not configure it, the Properties dialog box for a connection includes a check box beside the name of each component that the connection uses. Selecting the check box enables the component, and clearing the check box disables the component.\n\nNote: When the "Prohibit access to properties of a LAN connection" setting is enabled, users are blocked from accessing the check boxes for enabling and disabling the components of a LAN connection.\n\nNote: Nonadministrators are already prohibited from enabling or disabling components for a LAN connection, regardless of this setting."
NC_ChangeBindState="Prohibit Enabling/Disabling components of a LAN connection"
NC_RasAllUserProperties_Help="Determines whether a user can view and change the properties of remote access connections that are available to all users of the computer.\n\nTo create an all-user remote access connection, on the Connection Availability page in the New Connection Wizard, click the "For all users" option.\n\nThis setting determines whether the Properties menu item is enabled, and thus, whether the Remote Access Connection Properties dialog box is available to users.\n\nIf you enable this setting, a Properties menu item appears when any user right-clicks the icon for a remote access connection. Also, when any user selects the connection, Properties appears on the File menu.\n\nIf you disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties menu items are disabled, and users (including administrators) cannot open the remote access connection properties dialog box.\n\nImportant: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf you do not configure this setting, only Administrators and Network Configuration Operators can change properties of all-user remote access connections.\n\nNote: This setting takes precedence over settings that manipulate the availability of features inside the Remote Access Connection Properties dialog box. If this setting is disabled, nothing within the properties dialog box for a remote access connection will be available to users.\n\nNote: This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting."
NC_RasAllUserProperties="Ability to change properties of an all user remote access connection"
NC_RasMyProperties_Help="Determines whether users can view and change the properties of their private remote access connections.\n\nPrivate connections are those that are available only to one user. To create a private connection, on the Connection Availability page in the New Connection Wizard, click the "Only for myself" option.\n\nThis setting determines whether the Properties menu item is enabled, and thus, whether the Remote Access Connection Properties dialog box for a private connection is available to users.\n\nIf you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties menu items are disabled, and no users (including administrators) can open the Remote Access Connection Properties dialog box for a private connection.\n\nImportant: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf you disable this setting or do not configure it, a Properties menu item appears when any user right-clicks the icon representing a private remote access connection. Also, when any user selects the connection, Properties appears on the File menu.\n\nNote: This setting takes precedence over settings that manipulate the availability of features in the Remote Access Connection Properties dialog box. If this setting is enabled, nothing within the properties dialog box for a remote access connection will be available to users.\n\nNote: This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting."
NC_RasMyProperties="Prohibit changing properties of a private remote access connection"
NC_DeleteConnection_Help="Determines whether users can delete remote access connections.\n\nIf you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), users (including administrators) cannot delete any remote access connections. This setting also disables the Delete option on the context menu for a remote access connection and on the File menu in the Network Connections folder.\n\nImportant: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf you disable this setting or do not configure it, all users can delete their private remote access connections. Private connections are those that are available only to one user. (By default, only Administrators and Network Configuration Operators can delete connections available to all users, but you can change the default by using the "Ability to delete all user remote access connections" setting.)\n\nImportant: When enabled, this setting takes precedence over the "Ability to delete all user remote access connections" setting. Users cannot delete any remote access connections, and the "Ability to delete all user remote access connections" setting is ignored.\n\nNote: LAN connections are created and deleted automatically when a LAN adapter is installed or removed. You cannot use the Network Connections folder to create or delete a LAN connection.\n\nNote: This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting."
NC_DeleteConnection="Prohibit deletion of remote access connections"
NC_DeleteAllUserConnection_Help="Determines whether users can delete all user remote access connections.\n\nTo create an all-user remote access connection, on the Connection Availability page in the New Connection Wizard, click the "For all users" option.\n\nIf you enable this setting, all users can delete shared remote access connections. In addition, if your file system is NTFS, users need to have Write access to Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk to delete a shared remote access connection.\n\nIf you disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), users (including administrators) cannot delete all-user remote access connections. (By default, users can still delete their private connections, but you can change the default by using the "Prohibit deletion of remote access connections" setting.)\n\nImportant: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf you do not configure this setting, only Administrators and Network Configuration Operators can delete all user remote access connections.\n\nImportant: When enabled, the "Prohibit deletion of remote access connections" setting takes precedence over this setting. Users (including administrators) cannot delete any remote access connections, and this setting is ignored.\n\nNote: LAN connections are created and deleted automatically by the system when a LAN adapter is installed or removed. You cannot use the Network Connections folder to create or delete a LAN connection.\n\nNote: This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting."
NC_DeleteAllUserConnection="Ability to delete all user remote access connections"
NC_RasConnect_Help="Determines whether users can connect and disconnect remote access connections.\n\nIf you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), double-clicking the icon has no effect, and the Connect and Disconnect menu items are disabled for all users (including administrators).\n\nImportant: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf you disable this setting or do not configure it, the Connect and Disconnect options for remote access connections are available to all users. Users can connect or disconnect a remote access connection by double-clicking the icon representing the connection, by right-clicking it, or by using the File menu."
NC_RasConnect="Prohibit connecting and disconnecting a remote access connection"
NC_LanConnect_Help="Determines whether users can enable/disable LAN connections.\n\nIf you enable this setting, the Enable and Disable options for LAN connections are available to users (including nonadministrators). Users can enable/disable a LAN connection by double-clicking the icon representing the connection, by right-clicking it, or by using the File menu.\n\nIf you disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), double-clicking the icon has no effect, and the Enable and Disable menu items are disabled for all users (including administrators).\n\nImportant: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf you do not configure this setting, only Administrators and Network Configuration Operators can enable/disable LAN connections.\n\nNote: Administrators can still enable/disable LAN connections from Device Manager when this setting is disabled."
NC_LanConnect="Ability to Enable/Disable a LAN connection"
NC_NewConnectionWizard_Help="Determines whether users can use the New Connection Wizard, which creates new network connections.\n\nIf you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Make New Connection icon does not appear in the Start Menu on in the Network Connections folder. As a result, users (including administrators) cannot start the New Connection Wizard.\n\nImportant: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf you disable this setting or do not configure it, the Make New Connection icon appears in the Start menu and in the Network Connections folder for all users. Clicking the Make New Connection icon starts the New Connection Wizard.\n\nNote: Changing this setting from Enabled to Not Configured does not restore the Make New Connection icon until the user logs off or on. When other changes to this setting are applied, the icon does not appear or disappear in the Network Connections folder until the folder is refreshed.\n\nNote: This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting."
NC_NewConnectionWizard="Prohibit access to the New Connection Wizard"
NC_RenameLanConnection_Help="Determines whether nonadministrators can rename a LAN connection.\n\nIf you enable this setting, the Rename option is enabled for LAN connections. Nonadministrators can rename LAN connections by clicking an icon representing the connection or by using the File menu.\n\nIf you disable this setting, the Rename option is disabled for nonadministrators only.\n\nIf you do not configure this setting, only Administrators and Network Configuration Operators can rename LAN connections\n\nNote: This setting does not apply to Administrators.\n\nNote: When the "Ability to rename LAN connections or remote access connections available to all users" setting is configured (set to either enabled or disabled), this setting does not apply."
NC_RenameLanConnection="Ability to rename LAN connections"
NC_RenameAllUserRasConnection_Help="Determines whether nonadministrators can rename all-user remote access connections.\n\nTo create an all-user connection, on the Connection Availability page in the New Connection Wizard, click the "For all users" option.\n\nIf you enable this setting, the Rename option is enabled for all-user remote access connections. Any user can rename all-user connections by clicking an icon representing the connection or by using the File menu.\n\nIf you disable this setting, the Rename option is disabled for nonadministrators only.\n\nIf you do not configure the setting, only Administrators and Network Configuration Operators can rename all-user remote access connections.\n\nNote: This setting does not apply to Administrators\n\nNote: When the "Ability to rename LAN connections or remote access connections available to all users" setting is configured (set to either Enabled or Disabled), this setting does not apply.\n\nNote: This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting."
NC_RenameAllUserRasConnection="Ability to rename all user remote access connections"
NC_RenameMyRasConnection_Help="Determines whether users can rename their private remote access connections.\n\nPrivate connections are those that are available only to one user. To create a private connection, on the Connection Availability page in the New Connection Wizard, click the "Only for myself" option.\n\nIf you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Rename option is disabled for all users (including administrators).\n\nImportant: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf you disable this setting or do not configure it, the Rename option is enabled for all users' private remote access connections. Users can rename their private connection by clicking an icon representing the connection or by using the File menu.\n\nNote: This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting."
NC_DialupPrefs_Help="Determines whether the Remote Acccess Preferences item on the Advanced menu in Network Connections folder is enabled.\n\nThe Remote Access Preferences item lets users create and change connections before logon and configure automatic dialing and callback features.\n\nIf you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Remote Access Preferences item is disabled for all users (including administrators).\n\nImportant: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf you disable this setting or do not configure it, the Remote Access Preferences item is enabled for all users."
NC_DialupPrefs="Prohibit access to the Remote Access Preferences item on the Advanced menu"
NC_Statistics_Help="Determines whether users can view the status for an active connection.\n\nConnection status is available from the connection status taskbar icon or from the Status dialog box. The Status dialog box displays information about the connection and its activity. It also provides buttons to disconnect and to configure the properties of the connection.\n\nIf you enable this setting, the connection status taskbar icon and Status dialog box are not available to users (including administrators). The Status option is disabled in the context menu for the connection and on the File menu in the Network Connections folder. Users cannot choose to show the connection icon in the taskbar from the Connection Properties dialog box.\n\nImportant: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.\n\nIf you disable this setting or do not configure it, the connection status taskbar icon and Status dialog box are available to all users."
NC_Statistics="Prohibit viewing of status for an active connection"
NC_EnableAdminProhibits_Help="Determines whether settings that existed in Windows 2000 Server family will apply to Administrators.\n\nThe set of Network Connections group settings that existed in Windows 2000 Professional also exists in Windows XP Professional. In Windows 2000 Professional, all of these settings had the ability to prohibit the use of certain features from Administrators.\n\nBy default, Network Connections group settings in Windows XP Professional do not have the ability to prohibit the use of features from Administrators.\n\nIf you enable this setting, the Windows XP settings that existed in Windows 2000 Professional will have the ability to prohibit Administrators from using certain features. These settings are "Ability to rename LAN connections or remote access connections available to all users", "Prohibit access to properties of components of a LAN connection", "Prohibit access to properties of components of a remote access connection", "Ability to access TCP/IP advanced configuration", "Prohibit access to the Advanced Settings Item on the Advanced Menu", "Prohibit adding and removing components for a LAN or remote access connection", "Prohibit access to properties of a LAN connection", "Prohibit Enabling/Disabling components of a LAN connection", "Ability to change properties of an all user remote access connection", "Prohibit changing properties of a private remote access connection", "Prohibit deletion of remote access connections", "Ability to delete all user remote access connections", "Prohibit connecting and disconnecting a remote access connection", "Ability to Enable/Disable a LAN connection", "Prohibit access to the New Connection Wizard", "Prohibit renaming private remote access connections", "Prohibit access to the Remote Access Preferences item on the Advanced menu", "Prohibit viewing of status for an active connection". When this setting is enabled, settings that exist in both Windows 2000 Professional and Windows XP Professional behave the same for administrators.\n\nIf you disable this setting or do not configure it, Windows XP settings that existed in Windows 2000 will not apply to administrators.\n\nNote: This setting is intended to be used in a situation in which the Group Policy object that these settings are being applied to contains both Windows 2000 Professional and Windows XP Professional computers, and identical Network Connections policy behavior is required between all Windows 2000 Professional and Windows XP Professional computers."
NC_EnableAdminProhibits="Enable Windows 2000 Network Connections settings for Administrators"
NC_8021XCAName="IEEE 802.1x Certificate Authority for Machine Authentication"
NC_8021XCAName_Help="If you want to use IEEE 802.1x machine authentication, configure this setting.\n\nIf you enable this setting, it configures the Certificate Authority to be used on the client for authentication.\n\nTo allow successful authentication, enable this setting and indicate the thumbprint or hash for your Certificate Authority.\n\nIf you disable or do not configure this setting, the Certificate Authority for IEEE 802.1x machine authentication will not be configured on your client. This might cause machine authentication to fail.\n\nNote: The Certificate Authority that is configured by this setting only applies to machine authentication, and not to user authentication."
NC_8021xCertAuth="Certificate Authority Hash: "
Netlogon="Net Logon"
Netlogon_DC_Locator_DNS_Records="DC Locator DNS Records"
Netlogon_DebugFlag="Log File Debug Output Level"
Netlogon_DebugFlag_Help="Specifies the level of debug output for the Net Logon service.\n\nThe Net Logon service outputs debug information to the log file netlogon.log in the directory %windir%\debug. By default, no debug information is logged.\n\nIf you enable this setting and specify a non-zero value, debug information will be logged to the file. Higher values result in more verbose logging; the value of 536936447 is commonly used as an optimal setting.\n\nIf you specify zero for this setting, the default behavior occurs as described above.\n\nIf you disable this setting or do not configure it, the default behavior occurs as described above."
Netlogon_DebugFlagLabel="Level:"
Netlogon_UseDynamicDns="Dynamic Registration of the DC Locator DNS Records"
Netlogon_UseDynamicDns_Help="Determines if Dynamic Registration of the domain controller (DC) locator DNS resource records is enabled. These DNS records are dynamically registered by the Net Logon service and are used by the Locator algorithm to locate the DC.\n\nIf you enable this setting, DCs to which this setting is applied dynamically register DC Locator DNS resource records through dynamic DNS update-enabled network connections.\n\nIf you disable this setting, DCs will not register DC Locator DNS resource records.\n\nIf this setting is not configured, it is not applied to any DCs, and DCs use their local configuration."
Netlogon_DnsAvoidRegisterRecords="DC Locator DNS records not registered by the DCs"
Netlogon_DnsAvoidRegisterRecords_Help="Determines which Domain Controller (DC) Locator DNS records are not registered by the Netlogon service.\n\nTo enable this setting, select Enable and specify a list of space-delimited mnemonics (instructions) for the DC Locator DNS records that will not be registered by the DCs to which this setting is applied.\n\nSelect the mnemonics from the following list:\n\nMnemonic Type DNS Record\n\nLdapIpAddress A <DnsDomainName>\nLdap SRV _ldap._tcp.<DnsDomainName>\nLdapAtSite SRV _ldap._tcp.<SiteName>._sites.<DnsDomainName>\nPdc SRV _ldap._tcp.pdc._msdcs.<DnsDomainName>\nGc SRV _ldap._tcp.gc._msdcs.<DnsForestName>\nGcAtSite SRV _ldap._tcp.<SiteName>._sites.gc._msdcs.<DnsForestName>\nDcByGuid SRV _ldap._tcp.<DomainGuid>.domains._msdcs.<DnsForestName>\nGcIpAddress A _gc._msdcs.<DnsForestName>\nDsaCname CNAME <DsaGuid>._msdcs.<DnsForestName>\nKdc SRV _kerberos._tcp.dc._msdcs.<DnsDomainName>\nKdcAtSite SRV _kerberos._tcp.dc._msdcs.<SiteName>._sites.<DnsDomainName>\nDc SRV _ldap._tcp.dc._msdcs.<DnsDomainName>\nDcAtSite SRV _ldap._tcp.<SiteName>._sites.dc._msdcs.<DnsDomainName>\nRfc1510Kdc SRV _kerberos._tcp.<DnsDomainName>\nRfc1510KdcAtSite SRV _kerberos._tcp.<SiteName>._sites.<DnsDomainName>\nGenericGc SRV _gc._tcp.<DnsForestName>\nGenericGcAtSite SRV _gc._tcp.<SiteName>._sites.<DnsForestName>\nRfc1510UdpKdc SRV _kerberos._udp.<DnsDomainName>\nRfc1510Kpwd SRV _kpasswd._tcp.<DnsDomainName>\nRfc1510UdpKpwd SRV _kpasswd._udp.<DnsDomainName>\n\nIf this setting is disabled, DCs configured to perform dynamic registration of DC Locator DNS records register all DC locator DNS resource records.\n\nIf this setting is not applied to DCs, DCs use their local configuration."
Netlogon_DnsRefreshInterval="Refresh Interval of the DC Locator DNS Records"
Netlogon_DnsRefreshInterval_Help="Specifies the Refresh Interval of the domain controller (DC) Locator DNS resource records for DCs to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used by the Locator algorithm to locate the DC. This setting may be applied only to DCs using dynamic update.\n\nDCs configured to perform dynamic registration of the DC Locator DNS resource records periodically reregister their records with DNS servers, even if their records’ data has not changed. If authoritative DNS servers are configured to perform scavenging of the stale records, this reregistration is required to instruct the DNS servers configured to automatically remove (scavenge) stale records that these records are current and should be preserved in the database.\n\nWarning: If the DNS resource records are registered in zones with scavenging enabled, the value of this setting should never be longer than the Refresh Interval configured for these zones. Setting the Refresh Interval of the DC Locator DNS records to longer than the Refresh Interval of the DNS zones may result in the undesired deletion of DNS resource records.\n\nTo specify the Refresh Interval of the DC records, click Enabled, and then enter a value larger than 1800. This value specifies the Refresh Interval of the DC records in seconds (for example, the value 3600 is 60 minutes).\n\nIf this setting is not configured, it is not applied to any DCs, and DCs use their local configuration."
Netlogon_DnsRefreshIntervalLabel="Seconds:"
Netlogon_LdapSrvWeight="Weight Set in the DC Locator DNS SRV Records"
Netlogon_LdapSrvWeight_Help="Specifies the Weight field in the SRV resource records registered by the domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC.\n\nThe Weight field in the SRV record can be used in addition to the Priority value to provide a load-balancing mechanism where multiple servers are specified in the SRV records Target field and are all set to the same priority. The probability with which the DNS client randomly selects the target host to be contacted is proportional to the Weight field value in the SRV record.\n\nTo specify the Weight in the DC Locator DNS SRV records, click Enabled, and then enter a value. The range of values is 0 to 65535.\n\nIf this setting is not configured, it is not applied to any DCs, and DCs use their local configuration."
Netlogon_LdapSrvWeightLabel="Weight:"
Netlogon_LdapSrvPriority="Priority Set in the DC Locator DNS SRV Records"
Netlogon_LdapSrvPriority_Help="Specifies the Priority field in the SRV resource records registered by domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used to locate the DC.\n\nThe Priority field in the SRV record sets the preference for target hosts (specified in the SRV record’s Target field). DNS clients that query for SRV resource records attempt to contact the first reachable host with the lowest priority number listed.\n\nTo specify the Priority in the DC Locator DNS SRV resource records, click Enabled, and then enter a value. The range of values is 0 to 65535.\n\nIf this setting is not configured, it is not applied to any DCs, and DCs use their local configuration."
Netlogon_MaximumLogFileSize_Help="Specifies the maximum size in bytes of the log file netlogon.log in the directory %windir%\debug when logging is enabled.\n\nBy default, the maximum size of the log file is 20MB. If this policy is enabled, the maximum size of the log file is set to the specified size. Once this size is reached the log file is saved to netlogon.bak and netlogon.log is truncated. A reasonable value based on available storage should be specified.\n\nIf this policy is disabled or not configured, the default behavior occurs as indicated above."
Netlogon_MaximumLogFileSizeLabel="Bytes:"
Netlogon_DnsTtl="TTL Set in the DC Locator DNS Records"
Netlogon_DnsTtl_Help="Specifies the value for the Time-To-Live (TTL) field in Net Logon registered SRV resource records. These DNS records are dynamically registered by the Net Logon service, and they are used to locate the domain controller (DC).\n\nTo specify the TTL for DC Locator DNS records, click Enabled, and then enter a value in seconds (for example, the value "900" is 15 minutes).\n\nIf this setting is not configured, it is not applied to any DCs, and DCs use their local configuration."
Netlogon_DnsTtlLabel="Seconds:"
Netlogon_AutoSiteCoverage="Automated Site Coverage by the DC Locator DNS SRV Records"
Netlogon_AutoSiteCoverage_Help="Determines whether domain controllers (DC) will dynamically register DC Locator site-specific SRV records for the closest sites where no DC for the same domain exists (or no Global Catalog for the same forest exists). These DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC.\n\nIf this setting is enabled, the DCs to which this setting is applied dynamically register DC Locator site-specific DNS SRV records for the closest sites where no DC for the same domain, or no Global Catalog for the same forest, exists.\n\nIf you disable this setting, the DCs will not register site-specific DC Locator DNS SRV records for any other sites but their own.\n\nIf this setting is not configured, it is not applied to any DCs, and DCs use their local configuration."
Netlogon_SiteCoverage="Sites Covered by the DC Locator DNS SRV Records"
Netlogon_SiteCoverage_Help="Specifies the sites for which the domain controllers (DC) register the site-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it. \n\nThe DC Locator DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.\n\nTo specify the sites covered by the DC Locator DNS SRV records, click Enabled, and then enter the sites names in a space-delimited format.\n\nIf this setting is not configured, it is not applied to any DCs, and DCs use their local configuration."
Netlogon_SiteCoverageLabel="Sites:"
Netlogon_GcSiteCoverage="Sites Covered by the GC Locator DNS SRV Records"
Netlogon_GcSiteCoverage_Help="Specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the GC resides, and records registered by a GC configured to register GC Locator DNS SRV records for those sites without a GC that are closest to it. \n\nThe GC Locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they are used to locate the GC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. A GC is a domain controller that contains a partial replica of every domain in Active Directory.\n\nTo specify the sites covered by the GC Locator DNS SRV records, click Enabled, and enter the sites' names in a space-delimited format.\n\nIf this setting is not configured, it is not applied to any GCs, and GCs use their local configuration."
Netlogon_GcSiteCoverageLabel="Sites:"
Netlogon_NdncSiteCoverage="Sites Covered by the Application Directory Partition Locator DNS SRV Records"
Netlogon_NdncSiteCoverage_Help="Specifies the sites for which the domain controllers (DC) housing application directory partition should register the site-specific, application directory partition-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it. \n\nThe application directory partition locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they are used to locate the application directory partition-specific DC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.\n\nTo specify the sites covered by the DC Locator application directory partition-specific DNS SRV records, click Enabled, and then enter the site names in a space-delimited format.\n\nIf this setting is not configured, it is not applied to any DCs, and DCs use their local configuration."
Netlogon_NdncSiteCoverageLabel="Sites:"
Netlogon_ExpectedDialupDelay="Expected dial-up delay on logon"
Netlogon_ExpectedDialupDelay_Help="Specifies the additional time for the computer to wait for the domain controller’s (DC) response when logging on to the network.\n\nTo specify the Expected dial-up delay at logon, click Enable, and then enter the desired value in seconds (for example, the value "60" is 1 minute).\n\nIf this setting is not configured, it is not applied to any computers, and computers use their local configuration."
Netlogon_ExpectedDialupDelayLabel="Seconds:"
Netlogon_SiteName="Site Name"
Netlogon_SiteName_Help="Specifies the Active Directory site to which computers belong.\n\nAn Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.\n\nTo specify the site name for this setting, click Enabled, and then enter the site name. When the site to which a computer belongs is not specified, the computer automatically discovers its site from Active Directory.\n\nIf this setting is not configured, it is not applied to any computers, and computers use their local configuration."
Netlogon_SiteNameLabel="Site:"
Netlogon_NegativeCachePeriod="Negative DC Discovery Cache Setting"
Netlogon_NegativeCachePeriod_Help="Specifies the amount of time (in seconds) the DC locator remembers that a domain controller (DC) could not be found in a domain. When a subsequent attempt to locate the DC occurs within the time set in this setting, DC Discovery immediately fails, without attempting to find the DC.\n\nThe default value for this setting is 45 seconds. The maximum value for this setting is 7 days (7*24*60*60). The minimum value for this setting is 0.\n\nWarning: If the value for this setting is too large, a client will not attempt to find any DCs that were initially unavailable. If the value for this setting is too small, clients will attempt to find DCs even when none are available."
Netlogon_NegativeCachePeriodLabel="Seconds:"
Netlogon_BackgroundRetryInitialPeriod="Initial DC Discovery Retry Setting for Background Callers"
Netlogon_BackgroundRetryInitialPeriod_Help="When applications performing periodic searches for domain controllers (DC) are unable to find a DC, the value set in this setting determines the amount of time (in seconds) before the first retry.\n\nThe default value for this setting is 10 minutes (10*60). The maximum value for this setting is 49 days (0x4294967). The minimum value for this setting is 0.\n\nThis setting is relevant only to those callers of DsGetDcName that have specified the DS_BACKGROUND_ONLY flag.\n\nIf the value of this setting is less than the value specified in the NegativeCachePeriod subkey, the value in the NegativeCachePeriod subkey is used.\n\nWarning: If the value for this setting is too large, a client will not attempt to find any DCs that were initially unavailable. If the value set in this setting is very small and the DC is not available, the traffic caused by periodic DC discoveries may be excessive."
Netlogon_BackgroundRetryMaximumPeriod="Maximum DC Discovery Retry Interval Setting for Background Callers"
Netlogon_BackgroundRetryMaximumPeriod_Help="When applications performing periodic searches for Domain Controllers (DCs) are unable to find a DC, the value set in this setting determines the maximum retry interval allowed.\n\nFor example, the retry intervals may be set at 10 minutes, then 20 minutes and then 40 minutes, but when the interval reaches the value set in this setting, that value becomes the retry interval for all subsequent retries until the value set in Final DC Discovery Retry Setting is reached.\n\nThe default value for this setting is 60 minutes (60*60). The maximum value for this setting is 49 days (0x4294967). The minimum value for this setting is 0.\n\nIf the value for this setting is smaller than the value specified for the Initial DC Discovery Retry Setting, the Initial DC Discovery Retry Setting is used.\n\nWarning: If the value for this setting is too large, a client may take very long periods to try to find a DC.\n\nIf the value for this setting is too small and the DC is not available, the frequent retries may produce excessive network traffic."
Netlogon_BackgroundRetryQuitTime="Final DC Discovery Retry Setting for Background Callers"
Netlogon_BackgroundRetryQuitTime_Help="When applications performing periodic searches for domain controllers (DC) are unable to find a DC, the value set in this setting determines when retries are no longer allowed. For example, retires may be set to occur according to the Maximum DC Discovery Retry Interval Setting, but when the value set in this setting is reached, no more retries occur. If a value for this setting is smaller than the value in Maximum DC Discovery Retry Interval Setting, the value for Maximum DC Discovery Retry Interval Setting is used.\n\nThe default value for this setting is to not quit retrying (0). The maximum value for this setting is 49 days (0x4294967). The minimum value for this setting is 0.\n\nWarning: If the value for this setting is too small, a client will stop trying to find a DC too soon."
Netlogon_BackgroundRetryQuitTimeLabel="Seconds:"
Netlogon_BackgroundSuccessfulRefreshPeriod="Positive Periodic DC Cache Refresh for Background Callers"
Netlogon_BackgroundSuccessfulRefreshPeriod_Help="Determines when a successful DC cache entry is refreshed. This setting is applied to caller programs that periodically attempt to locate DCs, and it is applied before the returning the DC information to the caller program. The default value for this setting is infinite (4294967200). The maximum value for this setting is (4294967200), while the maximum that is not treated as infinity is 49 days (4294967). Any larger value is treated as infinity. The minimum value for this setting is to always refresh (0)."
Netlogon_NetlogonShareCompatibilityMode_Help="This setting controls whether or not the Netlogon share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.\n\nWhen this setting is enabled, the Netlogon share will honor file sharing semantics that grant requests for exclusive read access to files on the share even when the caller has only read permission.\n\nWhen this setting is disabled or not configured, the Netlogon share will grant shared read access to files on the share when exclusive access is requested and the caller has only read permission.\n\nBy default, the Netlogon share will grant shared read access to files on the share when exclusive access is requested.\n\nNote: The Netlogon share is a share created by the Net Logon service for use by client machines in the domain. The default behavior of the Netlogon share ensures that no application with only read permission to files on the Netlogon share can lock the files by requesting exclusive read access, which might prevent Group Policy settings from being updated on clients in the domain. When this setting is enabled, an application that relies on the ability to lock files on the Netlogon share with only read permission will be able to deny Group Policy clients from reading the files, and in general the availability of the Netlogon share on the domain will be decreased.\n\nIf this setting is enabled, domain administrators should ensure that the only applications using the exclusive read capability in the domain are those approved by the administrator."
Netlogon_NonBackgroundSuccessfulRefreshPeriod="Positive Periodic DC Cache Refresh for Non-Background Callers"
Netlogon_NonBackgroundSuccessfulRefreshPeriod_Help="Determines when a successful DC cache entry is refreshed. This setting is applied to caller programs that do not periodically attempt to locate DCs, and it is applied before the returning the DC information to the caller program. This setting is relevant to only those callers of DsGetDcName that have not specified the DS_BACKGROUND_ONLY flag.\n\nThe default value for this setting is 30 minutes (1800). The maximum value for this setting is (4294967200), while the maximum that is not treated as infinity is 49 days (4294967). Any larger value will be treated as infinity. The minimum value for this setting is to always refresh (0)."
Netlogon_ScavengeInterval_Help="Determines the interval at which Netlogon performs the following scavenging operations:\n\n- Checks if a password on a secure channel needs to be modified, and modifies it if necessary.\n\n- On the domain controllers (DC), discovers a DC that has not been discovered.\n\n- On the PDC, attempts to add the <DomainName>[1B] NetBIOS name if it hasn’t already been successfully added.\n\nNone of these operations are critical. 15 minutes is optimal in all but extreme cases. For instance, if a DC is separated from a trusted domain by an expensive (e.g., ISDN) line, this parameter might be adjusted upward to avoid frequent automatic discovery of DCs in a trusted domain.\n\nTo enable the setting, click Enabled, and then specify the interval in seconds."
Netlogon_SysvolShareCompatibilityMode_Help="This setting controls whether or not the Sysvol share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.\n\nWhen this setting is enabled, the Sysvol share will honor file sharing semantics that grant requests for exclusive read access to files on the share even when the caller has only read permission.\n\nWhen this setting is disabled or not configured, the Sysvol share will grant shared read access to files on the share when exclusive access is requested and the caller has only read permission.\n\nBy default, the Sysvol share will grant shared read access to files on the share when exclusive access is requested.\n\nNote: The Sysvol share is a share created by the Net Logon service for use by Group Policy clients in the domain. The default behavior of the Sysvol share ensures that no application with only read permission to files on the sysvol share can lock the files by requesting exclusive read access, which might prevent Group Policy settings from being updated on clients in the domain. When this setting is enabled, an application that relies on the ability to lock files on the Sysvol share with only read permission will be able to deny Group Policy clients from reading the files, and in general the availability of the Sysvol share on the domain will be decreased.\n\nIf this setting is enabled, domain administrators should ensure that the only applications using the exclusive read capability in the domain are those approved by the administrator."
Netlogon_AvoidPdcOnWan="Contact PDC on logon failure"
Netlogon_AvoidPdcOnWan_Help="Defines whether a domain controller (DC) should attempt to verify with the PDC the password provided by a client if the DC failed to validate the password.\n\nContacting the PDC is useful in case the client’s password was recently changed and did not propagate to the DC yet. Users may want to disable this feature if the PDC is located over a slow WAN connection.\n\nTo enable this feature, click Enabled.\n\nTo disable this feature, click Disabled."
Netlogon_AllowSingleLabelDnsDomain="Location of the DCs hosting a domain with single label DNS name"
Netlogon_AllowSingleLabelDnsDomain_Help="Specifies whether the computers to which this setting is applied attempt DNS name resolution of a single-label domain names.\n\nBy default, when a computer (or the DC Locator running on a computer, to be more specific) needs to locate a domain controller hosting an Active Directory domain specified with a single-label name, the computer exclusively uses NetBIOS name resolution, but not the DNS name resolution, unless the computer is joined to an Active Directory forest in which at least one domain has a single-label DNS name. \n\nIf this setting is enabled, computers to which this policy is applied will attempt to locate a domain controller hosting an Active Directory domain specified with a single-label name using DNS name resolution.\n\nIf this setting is disabled, computers to which this setting is applied will attempt to locate a domain controller hosting an Active Directory domain specified with a single-label name only using NetBIOS name resolution, but not the DNS name resolution, unless the computer is searching for a domain with a single label DNS name that exists in the Active Directory forest to which this computer is joined.\n\nIf this setting is not configured, it is not applied to any computers, and computers use their local configuration."
NoStartPage="Force classic Start Menu"
NoStartPage_Help="This setting effects the presentation of the Start menu.\n\nThe classic Start menu in Windows 2000 Professional allows users to begin common tasks, while the new Start menu consolidates common items onto one menu. When the classic Start menu is used, the following icons are placed on the desktop: My Documents, My Pictures, My Music, My Computer, and My Network Places. The new Start menu starts them directly.\n\nIf you enable this setting, the Start menu displays the classic Start menu in the Windows 2000 style and displays the standard desktop icons.\n\nIf you disable this setting, the Start menu only displays in the new style, meaning the desktop icons are now on the Start page.\n\nIf you do not configure this setting, the default is the new style, and the user can change the view."
SharedFolders="Shared Folders"
PublishSharedFolders="Allow shared folders to be published"
PublishSharedFolders_Help="Determines whether the user can publish shared folders in Active Directory.\n\nIf you enable this setting or do not configure it, users can use the "Publish in Active Directory" option in the Shared Folders snap-in to publish shared folders in Active Directory.\n\nIf you disable this setting, the user cannot publish shared folders in Active Directory, and the "Publish in Active Directory" option is disabled. Note: The default is to allow shared folders to be published when this setting is not configured"
PublishDfsRoots="Allow DFS roots to be published"
PublishDfsRoots_Help="Determines whether the user can publish DFS roots in Active Directory.\n\nIf you enable this setting or do not configure it, users can use the "Publish in Active Directory" option to publish DFS roots as shared folders in Active Directory.\n\nIf you disable this setting, the user cannot publish DFS roots in Active Directory, and the "Publish in Active Directory" option is disabled. Note: The default is to allow shared folders to be published when this setting is not configured."
Network="Network"
NetworkConnections="Network Connections"
NewGPODisplayName="Default name for new Group Policy objects"
NewGPODisplayName_Help="Sets the default display name for new Group Policy objects.\n\nThis setting allows you to specify the default name for new Group Policy objects created from policy compliant Group Policy Management tools including the Group Policy tab in Active Directory tools and the GPO browser.\n\nThe display name may contain environment variables and can be a maximum of 255 characters long.\n\nIf this setting is Disabled or Not Configured, the default display name of New Group Policy object is used."
NewGPODisplayNameHeading="GPO Name:"
NewGPOLinksDisabled="Create new Group Policy object links disabled by default"
NewGPOLinksDisabled_Help="Creates new Group Policy object links in the disabled state.\n\nThis setting creates all new Group Policy object links in the disabled state by default. After you configure and test the new object links by using a policy compliant Group Policy management tool such as Active Directory Users and Computers or Active Directory Sites and Services, you can enable the object links for use on the system.\n\nIf you disable this setting or do not configure it, new Group Policy object links are created in the enabled state. If you do not want them to be effective until they are configured and tested, you must disable the object link."
NoActiveDesktop_Help="Disables Active Desktop and prevents users from enabling it.\n\nThis setting prevents users from trying to enable or disable Active Desktop while a policy controls it.\n\nIf you disable this setting or do not configure it, Active Desktop is disabled by default, but users can enable it.\n\nNote: If both the "Enable Active Desktop" setting and the "Disable Active Desktop" setting are enabled, the "Disable Active Desktop" setting is ignored. If the "Turn on Classic Shell" setting (in User Configuration\Administrative Templates\Windows Components\Windows Explorer) is enabled, Active Desktop is disabled, and both these policies are ignored."
NoActiveDesktop_Tip="Disallows HTML and Jpg Wallpaper"
NoActiveDesktop="Disable Active Desktop"
NoActiveDesktopChanges_Help="Prevents the user from enabling or disabling Active Desktop or changing the Active Desktop configuration.\n\nThis is a comprehensive setting that locks down the configuration you establish by using other policies in this folder. This setting removes the Web tab from Display in Control Panel. As a result, users cannot enable or disable Active Desktop. If Active Desktop is already enabled, users cannot add, remove, or edit Web content or disable, lock, or synchronize Active Desktop components."
NoActiveDesktopChanges="Prohibit changes"
NoAddFromCDorFloppy_Help="Removes the "Add a program from CD-ROM or floppy disk" section from the Add New Programs page. This prevents users from using Add or Remove Programs to install programs from removable media.\n\nIf you disable this setting or do not configure it, the "Add a program from CD-ROM or floppy disk" option is available to all users.\n\nThis setting does not prevent users from using other tools and methods to add or remove program components.\n\nNote: If the "Hide Add New Programs page" setting is enabled, this setting is ignored. Also, if the "Prevent removable media source for any install" setting (located in User Configuration\Administrative Templates\Windows Components\Windows Installer) is enabled, users cannot add programs from removable media, regardless of this setting."
NoAddFromCDorFloppy="Hide the "Add a program from CD-ROM or floppy disk" option"
NoAddFromInternet_Help="Removes the "Add programs from Microsoft" section from the Add New Programs page. This setting prevents users from using Add or Remove Programs to connect to Windows Update.\n\nIf you disable this setting or do not configure it, "Add programs from Microsoft" is available to all users.\n\nThis setting does not prevent users from using other tools and methods to connect to Windows Update.\n\nNote: If the "Hide Add New Programs page" setting is enabled, this setting is ignored."
NoAddFromInternet="Hide the "Add programs from Microsoft" option"
NoAddFromNetwork_Help="Prevents users from viewing or installing published programs.\n\nThis setting removes the "Add programs from your network" section from the Add New Programs page. The "Add programs from your network" section lists published programs and provides an easy way to install them.\n\nPublished programs are those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system administrators publish programs to notify users that the programs are available, to recommend their use, or to enable users to install them without having to search for installation files.\n\nIf you enable this setting, users cannot tell which programs have been published by the system administrator, and they cannot use Add or Remove Programs to install published programs. However, they can still install programs by using other methods, and they can view and install assigned (partially installed) programs that are offered on the desktop or on the Start menu.\n\nIf you disable this setting or do not configure it, "Add programs from your network" is available to all users.\n\nNote: If the "Hide Add New Programs page" setting is enabled, this setting is ignored."
NoAddFromNetwork="Hide the "Add programs from your network" option"
NoAddingComponents_Help="Prevents users from adding Web content to their Active Desktop.\n\nThis setting removes the "New" button from Web tab in Display in Control Panel. As a result, users cannot add Web pages or pictures from the Internet or an intranet to the desktop. This setting does not remove existing Web content from their Active Desktop, or prevent users from removing existing Web content.\n\nAlso, see the "Disable all items" setting."
NoAddPage_Help="Removes the Add New Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page.\n\nThe Add New Programs button lets users install programs published or assigned by a system administrator.\n\nIf you disable this setting or do not configure it, the Add New Programs button is available to all users.\n\nThis setting does not prevent users from using other tools and methods to install programs."
NoAddPage="Hide Add New Programs page"
NoAddPrinter_Help="Prevents users from using familiar methods to add local and network printers.\n\nThis setting removes the Add Printer option from the Start menu. (To find the Add Printer option, click Start, click Printers, and then click Add Printer.) This setting also removes Add Printer from the Printers folder in Control Panel.\n\nAlso, users cannot add printers by dragging a printer icon into the Printers folder. If they try, a message appears explaining that the setting prevents the action.\n\nHowever, this setting does not prevent users from using the Add Hardware Wizard to add a printer. Nor does it prevent users from running other programs to add printers.\n\nThis setting does not delete printers that users have already added. However, if users have not added a printer when this setting is applied, they cannot print.\n\nNote: You can use printer permissions to restrict the use of printers without specifying a setting. In the Printers folder, right-click a printer, click Properties, and then click the Security tab."
NoAddPrinter="Prevent addition of printers"
NoAddRemovePrograms_Help="Prevents users from using Add or Remove Programs.\n\nThis setting removes Add or Remove Programs from Control Panel and removes the Add or Remove Programs item from menus.\n\nAdd or Remove Programs lets users install, uninstall, repair, add, and remove features and components of Windows 2000 Professional and a wide variety of Windows programs. Programs published or assigned to the user appear in Add or Remove Programs.\n\nIf you disable this setting or do not configure it, Add or Remove Programs is available to all users.\n\nWhen enabled, this setting takes precedence over the other settings in this folder.\n\nThis setting does not prevent users from using other tools and methods to install or uninstall programs."
NoAddRemovePrograms="Remove Add or Remove Programs"
NoAutoUpdate="Windows Automatic Updates"
NoAutoUpdate_Help="This setting controls automatic updates to a user's computer.\n\nWhenever a user connects to the Internet, Windows searches for updates available for the software and hardware on their computer and automatically downloads them. This happens in the background, and the user is prompted when downloaded components are ready to be installed, or prior to downloading, depending on their configuration.\n\nIf you enable this setting, it prohibits Windows from searching for updates.\n\nIf you disable or do not configure it, Windows searches for updates and automatically downloads them.\n\nNote: Windows Update is an online catalog customized for your computer that consists of items such as drivers, critical updates, Help files, and Internet products that you can download to keep your computer up to date.\n\nAlso, see the "Remove links and access to Windows Update" setting. If the "Remove links and access to Windows Update" setting is enabled, the links to Windows Update on the Start menu are also removed.\n\nNote: If you have installed Windows XP Service Pack 1 or the update to Automatic Updates that was released after Windows XP was originally shipped, then you should use the new Automatic Updates settings located at: 'Computer Configuration / Administrative Templates / Windows Update'"
NoAutoTrayNotify="Turn off notification area cleanup"
NoAutoTrayNotify_Help="This setting effects the notification area, also called the "system tray."\n\nThe notification area is located in the task bar, generally at the bottom of the screen, and itincludes the clock and current notifications. This setting determines whether the items are always expanded or always collapsed. By default, notifications are collapsed. The notification cleanup << icon can be referred to as the "notification chevron."\n\nIf you enable this setting, the system notification area expands to show all of the notifications that use this area.\n\nIf you disable this setting, the system notification area will always collapse notifications.\n\nIf you do not configure it, the user can choose if they want notifications collapsed."
NoBackButton_Help="Removes the Back button from the Open dialog box.\n\nThis setting, and others in this folder, lets you remove new features added in Windows 2000 Professional, so that the Open dialog box looks like it did in Windows NT 4.0 and earlier. These policies only affect programs that use the standard Open dialog box provided to developers of Windows programs.\n\nTo see an example of the standard Open dialog box, run Notepad and, on the File menu, click Open.\n\nNote: It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting."
NoBackButton="Hide the common dialog back button"
NoBalloonTip_Help="Hides pop-up text on the Start menu and in the notification area.\n\nWhen you hold the cursor over an item on the Start menu or in the notification area, the system displays pop-up text providing additional information about the object.\n\nIf you enable this setting, some of this pop-up text is not displayed. The pop-up text affected by this setting includes "Click here to begin" on the Start button, "Where have all my programs gone" on the Start menu, and "Where have my icons gone" in the notification area.\n\nIf you disable this setting or do not configure it, all pop-up text is displayed on the Start menu and in the notification area."
NoBalloonTip="Remove Balloon Tips on Start Menu items"
NoCacheThumbNailPictures="Turn off caching of thumbnail pictures"
NoCacheThumbNailPictures_Help="This settings controls whether the thumbnail views are cached.\n\nIf you enable this setting, thumbnail views are not cached.\n\nIf you disable or do not configure this setting, thumbnail views are cached.\n\nNote: For shared corporate workstations or computers where security is a top concern, you should enable this setting to turn off the thumbnail view cache, because the thumbnail cache can be read by everyone."
NoCDBurning="Remove CD Burning features"
NoCDBurning_Help="Windows Explorer allows you to create and modify re-writable CDs if you have a CD writer connected to your PC.\n\nIf you enable this setting, all features in the Windows Explorer that allow you to use your CD writer are removed.\n\nIf you disable or do not configure this setting, users are able to use the Windows Explorer CD burning features.\n\nNote: This setting does not prevent users from using third-party applications to create or modify CDs using a CD writer."
NoChangeAnimation_Help="Prevents users from selecting the option to animate the movement of windows, menus, and lists.\n\nIf you enable this setting, the "Use transition effects for menus and tooltips" option in Display in Control Panel is disabled.\n\nEffects, such as animation, are designed to enhance the user's experience but might be confusing or distracting to some users."
NoChangeAnimation="Remove UI to change menu animation setting"
NoChangeKeyboardNavigationIndicators_Help="Disables the "Hide keyboard navigation indicators until I use the ALT key" option in Display in Control Panel.\n\nWhen this Display Properties option is selected, the underlining that indicates a keyboard shortcut character (hot key) does not appear on menus until you press ALT.\n\nEffects, such as transitory underlines, are designed to enhance the user's experience but might be confusing or distracting to some users."
NoChangeKeyboardNavigationIndicators="Remove UI to change keyboard navigation indicator setting"
NoChangeStartMenu_Help="Prevents users from using the drag-and-drop method to reorder or remove items on the Start menu. Also, it removes context menus from the Start menu.\n\nIf you disable this setting or do not configure it, users can remove or reorder Start menu items by dragging and dropping the item. They can display context menus by right-clicking a Start menu item.\n\nThis setting does not prevent users from using other methods of customizing the Start menu or performing the tasks available from the context menus.\n\nAlso, see the "Prevent changes to Taskbar and Start Menu Settings" and the "Remove access to the context menus for taskbar" settings."
NoChangeStartMenu="Remove Drag-and-drop context menus on the Start Menu"
NoChangingWallPaper_Help="Prevents users from adding or changing the background design of the desktop.\n\nBy default, users can use the Desktop tab of Display in Control Panel to add a background design (wallpaper) to their desktop.\n\nIf you enable this setting, the Desktop tab still appears, but all options on the tab are disabled.\n\nTo remove the Desktop tab, use the "Hide Desktop tab" setting.\n\nTo specify wallpaper for a group, use the "Active Desktop Wallpaper" setting.\n\nAlso, see the "Allow only bitmapped wallpaper" setting."
NoChooseProgramsPage_Help="Removes the Set Program Access and Defaults button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page.\n\nThe Set Program Access and Defaults button lets administrators specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations.\n\nIf you disable this setting or do not configure it, the Set Program Access and Defaults button is available to all users.\n\nThis setting does not prevent users from using other tools and methods to change program access or defaults.\n\nThis setting does not prevent the Set Program Access and Defaults icon from appearing on the Start menu. See the "Remove Set Program Access and Defaults from Start menu" setting."
NoChooseProgramsPage="Hide the Set Program Access and Defaults page"
NoClose_Help="Prevents users from shutting down or restarting Windows.\n\nThis setting removes the Shut Down option from the Start menu and disables the Shut Down button on the Windows Security dialog box, which appears when you press CTRL+ALT+DEL.\n\nThis setting prevents users from using the Windows user interface to shut down the system, although it does not prevent them from running programs that shut down Windows. \n\nIf you disable this setting or do not configure it, the Shut Down menu option appears, and the Shut Down button is enabled.\n\nNote: It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting."
NoClose="Remove and prevent access to the Shut Down command"
NoCloseDragDropBands_Help="Prevents users from manipulating desktop toolbars.\n\nIf you enable this setting, users cannot add or remove toolbars from the desktop. Also, users cannot drag toolbars on to or off of docked toolbars.\n\nNote: If users have added or removed toolbars, this setting prevents them from restoring the default configuration.\n\nTip: To view the toolbars that can be added to the desktop, right-click a docked toolbar (such as the taskbar beside the Start button), and point to "Toolbars."\n\nAlso, see the "Prohibit adjusting desktop toolbars" setting."
NoClosingComponents_Help="Prevents users from removing Web content from their Active Desktop.\n\nIn Active Desktop, you can add items to the desktop but close them so they are not displayed.\n\nIf you enable this setting, items added to the desktop cannot be closed; they always appear on the desktop. This setting removes the check boxes from items on the Web tab in Display in Control Panel.\n\nNote: This setting does not prevent users from deleting items from their Active Desktop."
NoCommonGroups_Help="Removes items in the All Users profile from the Programs menu on the Start menu.\n\nBy default, the Programs menu contains items from the All Users profile and items from the user's profile. If you enable this setting, only items in the user's profile appear in the Programs menu.\n\nTip: To see the Program menu items in the All Users profile, on the system drive, go to Documents and Settings\All Users\Start Menu\Programs."
NoCommonGroups="Remove common program groups from Start Menu"
NoControlPanel_Help="Disables all Control Panel programs.\n\nThis setting prevents Control.exe, the program file for Control Panel, from starting. As a result, users cannot start Control Panel or run any Control Panel items.\n\nThis setting also removes Control Panel from the Start menu. (To open Control Panel, click Start, point to Settings, and then click Control Panel.) This setting also removes the Control Panel folder from Windows Explorer.\n\nIf users try to select a Control Panel item from the Properties item on a context menu, a message appears explaining that a setting prevents the action.\n\nAlso, see the "Remove Display in Control Panel" and "Remove programs on Settings menu" settings."
NoControlPanel="Prohibit access to the Control Panel"
NoDeletePrinter_Help="Prevents users from deleting local and network printers.\n\nIf a user tries to delete a printer, such as by using the Delete option in Printers in Control Panel, a message appears explaining that a setting prevents the action.\n\nThis setting does not prevent users from running other programs to delete a printer."
NoDeletePrinter="Prevent deletion of printers"
NoDeletingComponents_Help="Prevents users from deleting Web content from their Active Desktop.\n\nThis setting removes the Delete button from the Web tab in Display in Control Panel. As a result, users can temporarily remove, but not delete, Web content from their Active Desktop.\n\nThis setting does not prevent users from adding Web content to their Active Desktop.\n\nAlso, see the "Prohibit closing items" and "Disable all items" settings."
NoDesktop_Help="Removes icons, shortcuts, and other default and user-defined items from the desktop, including Briefcase, Recycle Bin, My Computer, and My Network Places.\n\nRemoving icons and shortcuts does not prevent the user from using another method to start the programs or opening the items they represent.\n\nAlso, see "Items displayed in Places Bar" in User Configuration\Administrative Templates\Windows Components\Common Open File Dialog to remove the Desktop icon from the Places Bar. This will help prevent users from saving data to the Desktop."
NoDesktop="Hide and disable all items on the desktop"
NoDesktopCleanupWizard="Remove the Desktop Cleanup Wizard"
NoDesktopCleanupWizard_Help="Prevents users from using the Desktop Cleanup Wizard.\n\nIf you enable this setting, the Desktop Cleanup wizard does not automatically run on a users workstation every 60 days. The user will also not be able to access the Desktop Cleanup Wizard.\n\nIf you disable this setting or do not configure it, the default behavior of the Desktop Clean Wizard running every 60 days occurs.\n\nNote: When this setting is not enabled, users can run the Desktop Cleanup Wizard, or have it run automatically every 60 days from Display, by clicking the Desktop tab and then clicking the Customize Desktop button."
NoDFSTab_Help="Removes the DFS tab from Windows Explorer.\n\nThis setting removes the DFS tab from Windows Explorer and from other programs that use the Windows Explorer browser, such as My Computer. As a result, users cannot use this tab to view or change the properties of the Distributed File System (DFS) shares available from their computer.\n\nThis setting does not prevent users from using other methods to configure DFS."
NoDFSTab="Remove DFS tab"
NoDispAppearancePage_Help="Removes the Appearance and Themes tabs from Display in Control Panel.\n\nWhen this setting is enabled, it removes the desktop color selection option from the Desktop tab.\n\nThis setting prevents users from using Control Panel to change the colors or color scheme of the desktop and windows.\n\nIf this setting is disabled or not configured, the Appearance and Themes tabs are available in Display in Control Panel."
NoDispBackgroundPage_Help="Removes the Desktop tab from Display in Control Panel.\n\nThis setting prevents users from using Control Panel to change the pattern and wallpaper on the desktop.\n\nEnabling this setting also prevents the user from customizing the desktop by changing icons or adding new Web content through Control Panel."
NoDispCpl_Help="Disables Display in Control Panel.\n\nIf you enable this setting, Display in Control Panel does not run. When users try to start Display, a message appears explaining that a setting prevents the action.\n\nAlso, see the "Prohibit access to the Control Panel" (User Configuration\Administrative Templates\Control Panel) and "Remove programs on Settings menu" (User Configuration\Administrative Templates\Start Menu & Taskbar) settings."
NoDispScrSavPage_Help="Removes the Screen Saver tab from Display in Control Panel.\n\nThis setting prevents users from using Control Panel to add, configure, or change the screen saver on the computer."
NoDispSettingsPage_Help="Removes the Settings tab from Display in Control Panel.\n\nThis setting prevents users from using Control Panel to add, configure, or change the display settings on the computer."
NoDrives_Help="Removes the icons representing selected hard drives from My Computer and Windows Explorer. Also, the drive letters representing the selected drives do not appear in the standard Open dialog box.\n\nTo use this setting, select a drive or combination of drives in the drop-down list. To display all drives, disable this setting or select the "Do not restrict drives" option in the drop-down list.\n\nNote: This setting removes the drive icons. Users can still gain access to drive contents by using other methods, such as by typing the path to a directory on the drive in the Map Network Drive dialog box, in the Run dialog box, or in a command window.\n\nAlso, this setting does not prevent users from using programs to access these drives or their contents. And, it does not prevent users from using the Disk Management snap-in to view and change drive characteristics.\n\nAlso, see the "Prevent access to drives from My Computer" setting.\n\nNote: It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting."
NoDrives="Hide these specified drives in My Computer"
NoDrivesDropdown="Pick one of the following combinations"
NoEditingComponents_Help="Prevents users from changing the properties of Web content items on their Active Desktop.\n\nThis setting disables the Properties button on the Web tab in Display in Control Panel. Also, it removes the Properties item from the menu for each item on the Active Desktop. As a result, users cannot change the properties of an item, such as its synchronization schedule, password, or display characteristics."
NoEncryptOnMove="Do not automatically encrypt files moved to encrypted folders"
NoEncryptOnMove_Help="Prevents Windows Explorer from encrypting files that are moved to an encrypted folder.\n\nIf you disable this setting or do not configure it, Windows Explorer automatically encrypts files that are moved to an encrypted folder.\n\nThis setting applies only to files moved within a volume. When files are moved to other volumes, or if you create a new file in an encrypted folder, Windows Explorer encrypts those files automatically."
NoEntireNetwork_Help="Removes all computers outside of the user's workgroup or local domain from lists of network resources in Windows Explorer and My Network Places.\n\nIf you enable this setting, the system removes the Entire Network option and the icons representing networked computers from My Network Places and from the browser associated with the Map Network Drive option.\n\nThis setting does not prevent users from viewing or connecting to computers in their workgroup or domain. It also does not prevent users from connecting to remote computers by other commonly used methods, such as by typing the share name in the Run dialog box or the Map Network Drive dialog box.\n\nTo remove computers in the user's workgroup or domain from lists of network resources, use the "No "Computers Near Me" in My Network Places" setting.\n\nNote: It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting."
NoEntireNetwork="No "Entire Network" in My Network Places"
NoFavoritesMenu_Help="Prevents users from adding the Favorites menu to the Start menu or classic Start menu.\n\nIf you enable this setting, the Display Favorites item does not appear in the Advanced Start menu options box.\n\nIf you disable or do not configure this setting, the Display Favorite item is available.\n\nNote:The Favorities menu does not appear on the Start menu by default. To display the Favorites menu, right-click Start, click Properties, and then click Customize. If you are using Start menu, click the Advanced tab, and then, under Start menu items, click the Favorites menu. If you are using the classic Start menu, click Display Favorites under Advanced Start menu options.\n\nNote:The items that appear in the Favorites menu when you install Windows are preconfigured by the system to appeal to most users. However, users can add and remove items from this menu, and system administrators can create a customized Favorites menu for a user group.\n\nNote:This setting only affects the Start menu. The Favorites item still appears in Windows Explorer and in Internet Explorer."
NoFavoritesMenu="Remove Favorites menu from Start Menu"
NoFileMenu_Help="Removes the File menu from My Computer and Windows Explorer.\n\nThis setting does not prevent users from using other methods to perform tasks available on the File menu."
NoFileMenu="Remove File menu from Windows Explorer"
NoFileMRU_Help="Removes the list of most recently used files from the Open dialog box.\n\nIf you disable this setting or do not configure it, the "File name" field includes a drop-down list of recently used files. If you enable this setting, the "File name" field is a simple text box. Users must browse directories to find a file or type a file name in the text box.\n\nThis setting, and others in this folder, lets you remove new features added in Windows 2000 Professional, so that the Open dialog box looks like it did in Windows NT 4.0 and earlier. These policies only affect programs that use the standard Open dialog box provided to developers of Windows programs.\n\nTo see an example of the standard Open dialog box, start Notepad and, on the File menu, click Open.\n\nNote: It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting."
NoFileMRU="Hide the dropdown list of recent files"
NoFind_Help="Removes the Search item from the Start menu, and disables some Windows Explorer search elements.\n\nThis setting removes the Search item from the Start menu and from the context menu that appears when you right-click the Start menu. Also, the system does not respond when users press the Application key (the key with the Windows logo)+ F.\n\nIn Windows Explorer, the Search item still appears on the Standard buttons toolbar, but the system does not respond when the user presses Ctrl+F. Also, Search does not appear in the context menu when you right-click an icon representing a drive or a folder.\n\nThis setting affects the specified user interface elements only. It does not affect Internet Explorer and does not prevent the user from using other methods to search.\n\nAlso, see the "Remove Search button from Windows Explorer" setting in User Configuration\Administrative Templates\Windows Components\Windows Explorer.\n\nNote:\n\nThis setting also prevents the user from using the F3 key."
NoFind="Remove Search menu from Start Menu"
NoFolderOptions_Help="Removes the Folder Options item from all Windows Explorer menus and removes the Folder Options item from Control Panel. As a result, users cannot use the Folder Options dialog box.\n\nThe Folder Options dialog box lets users set many properties of Windows Explorer, such as Active Desktop, Web view, Offline Files, hidden system files, and file types.\n\nAlso, see the "Enable Active Desktop" setting in User Configuration\AdministrativeTemplates\Desktop\Active Desktop and the "Prohibit user configuration of Offline Files" setting in User Configuration\Administrative Templates\Network\Offline Files."
NoFolderOptions="Removes the Folder Options menu item from the Tools menu"
NoHardwareTab_Help="Removes the Hardware tab.\n\nThis setting removes the Hardware tab from Mouse, Keyboard, and Sounds and Audio Devices in Control Panel. It also removes the Hardware tab from the Properties dialog box for all local drives, including hard drives, floppy disk drives, and CD-ROM drives. As a result, users cannot use the Hardware tab to view or change the device list or device properties, or use the Troubleshoot button to resolve problems with the device."
NoHardwareTab="Remove Hardware tab"
NoHelp_Help="Removes the Help command from the Start menu.\n\nThis setting only affects the Start menu. It does not remove the Help menu from Windows Explorer and does not prevent users from running Help."
NoHelp="Remove Help menu from Start Menu"
NoHTMLWallPaper_Help="Permits only bitmap images for wallpaper. This setting limits the desktop background ("wallpaper") to bitmap (.bmp) files. If users select files with other image formats, such as JPEG, GIF, PNG, or HTML, through the Browse button on the Desktop tab, the wallpaper does not load. Files that are autoconverted to a .bmp format, such as JPEG, GIF, and PNG, can be set as Wallpaper by right-clicking the image and selecting "Set as Wallpaper".\n\nAlso, see the "Active Desktop Wallpaper" and the "Prevent changing wallpaper" (in User Configuration\Administrative Templates\Control Panel\Display) settings."
NoInstrumentation_Help="Disables user tracking.\n\nThis setting prevents the system from tracking the programs users run, the paths they navigate, and the documents they open. The system uses this information to customize Windows features, such as personalized menus.\n\nIf you enable this setting, the system does not track these user actions. The system disables customized features that require user tracking information, including personalized menus.\n\nAlso, see the "Turn off personalized menus" setting."
NoInstrumentation="Turn off user tracking"
NoInternetIcon_Help="Removes the Internet Explorer icon from the desktop and from the Quick Launch bar on the taskbar.\n\nThis setting does not prevent the user from starting Internet Explorer by using other methods."
NoInternetIcon="Hide Internet Explorer icon on desktop"
NoLogOff_Help="Prevents the user from logging off.\n\nThis setting does not let the user log off the system by using any method, including programs run from the command line, such as scripts. It also disables or removes all menu items and buttons that log the user off the system.\n\nAlso, see the "Remove Logoff on the Start Menu" setting."
NoLogoff="Remove Logoff"
NoManageMyComputerVerb="Hides the Manage item on the Windows Explorer context menu"
NoManageMyComputerVerb_Help="Removes the Manage item from the Windows Explorer context menu. This context menu appears when you right-click Windows Explorer or My Computer.\n\nThe Manage item opens Computer Management (Compmgmt.msc), a console tool that includes many of the primary Windows 2000 administrative tools, such as Event Viewer, Device Manager, and Disk Management. You must be an administrator to use many of the features of these tools.\n\nThis setting does not remove the Computer Management item from the Start menu (Start, Programs, Administrative Tools, Computer Management), nor does it prevent users from using other methods to start Computer Management.\n\nTip: To hide all context menus, use the "Remove Windows Explorer's default context menu" setting."
NoMovingBands_Help="Prevents users from adjusting the length of desktop toolbars. Also, users cannot reposition items or toolbars on docked toolbars.\n\nThis setting does not prevent users from adding or removing toolbars on the desktop.\n\nNote: If users have adjusted their toolbars, this setting prevents them from restoring the default configuration.\n\nAlso, see the "Prevent adding, dragging, dropping and closing the Taskbar's toolbars" setting."
NoPropertiesMyComputer="Remove Properties from the My Computer context menu"
NoPropertiesMyComputer_Help="This setting hides Properties on the context menu for My Computer.\n\nIf you enable this setting, the Properties option will not be present when the user right-clicks My Computer or clicks My Computer and then goes to the File menu. Likewise, Alt-Enter does nothing when My Computer is selected.\n\nIf you disable or do not configure this setting, the Properties option is displayed as usual."
NoMyComputerSharedDocuments="Remove Shared Documents from My Computer"
NoMyComputerSharedDocuments_Help="Removes the Shared Documents folder from My Computer.\n\nWhen a Windows client in is a workgroup, a Shared Documents icon appears in the Windows Explorer Web view under "Other Places" and also under "Files Stored on This Computer" in My Computer. Using this policy setting, you can choose not to have these items displayed.\n\nIf you enable this setting, the Shared Documents folder is not displayed in the Web view or in My Computer.\n\nIf you disable or do not configure this setting, the Shared Documents folder is displayed in Web view and also in My Computer when the client is part of a workgroup.\n\nNote: The ability to remove the Shared Documents folder via Group Policy is only available on Windows XP Professional."
NoMyComputerIcon="Remove My Computer icon on the desktop"
NoMyComputerIcon_Help="This setting hides My Computer from the desktop and from the new Start menu. It also hides links to My Computer in the Web view of all Explorer windows, and it hides My Computer in the Explorer folder tree pane. If the user navigates into My Computer via the "Up" button while this setting is enabled, they view an empty My Computer folder. This setting allows administrators to restrict their users from seeing My Computer in the shell namespace, allowing them to present their users with a simpler desktop environment.\n\nIf you enable this setting, My Computer is hidden on the desktop, the new Start menu, the Explorer folder tree pane, and the Explorer Web views. If the user manages to navigate to My Computer, the folder will be empty.\n\nIf you disable this setting, My Computer is displayed as usual, appearing as normal on the desktop, Start menu, folder tree pane, and Web views, unless restricted by another setting.\n\nIf you do not configure this setting, the default is to display My Computer as usual.\n\nNote: Hiding My Computer and its contents does not hide the contents of the child folders of My Computer. For example, if the users navigate into one of their hard drives, they see all of their folders and files there, even if this setting is enabled."
NoMyDocumentsIcon_Help="Removes most occurrences of the My Documents icon.\n\nThis setting removes the My Documents icon from the desktop, from Windows Explorer, from programs that use the Windows Explorer windows, and from the standard Open dialog box.\n\nThis setting does not prevent the user from using other methods to gain access to the contents of the My Documents folder.\n\nThis setting does not remove the My Documents icon from the Start menu. To do so, use the "Remove My Documents icon from Start Menu" setting.\n\nNote: To make changes to this setting effective, you must log off from and log back on to Windows 2000 Professional."
NoMyDocumentsIcon="Remove My Documents icon on the desktop"
NoPinnedPrograms="Remove pinned programs list from the Start Menu"
NoPinnedPrograms_Help="If you enable this setting, the "Pinned Programs" list is removed from the Start menu, and the Internet and Email checkboxes are removed from the simple Start menu customization CPL.\n\nIf you disable this setting or do not configure it, the "Pinned Programs" list remains on the simple Start menu."
NoFrequentUsedPrograms="Remove frequent programs list from the Start Menu"
NoFrequentUsedPrograms_Help="If you enable this setting, the frequently used programs list is removed from the Start menu.\n\nIf you disable this setting or do not configure it, the frequently used programs list remains on the simple Start menu."
NoMoreProgramsList="Remove All Programs list from the Start menu"
NoMoreProgramsList_Help="If you enable this setting, the "All Programs" item is removed from the simple Start menu.\n\nIf you disable this setting or do not configure it, the "All Programs" item remains on the simple Start menu."
NoUserNameOnStartMenu="Remove user name from Start Menu"
NoUserNameOnStartMenu_Help="If you enable this setting, the user name is removed from the simple Start menu.\n\nIf you disable this setting or do not configure it, the user name remains on the simple Start menu."
NoRecycleBinIcon="Remove Recycle Bin icon from desktop"
NoRecycleBinIcon_Help="Removes most occurrences of the Recycle Bin icon.\n\nThis setting removes the Recycle Bin icon from the desktop, from Windows Explorer, from programs that use the Windows Explorer windows, and from the standard Open dialog box.\n\nThis setting does not prevent the user from using other methods to gain access to the contents of the Recycle Bin folder.\n\nNote: To make changes to this setting effective, you must log off and then log back on."
NoRecycleBinProperties="Remove Properties from the Recycle Bin context menu"
NoRecycleBinProperties_Help="Removes the Properties option from the Recycle Bin context menu.\n\nIf you enable this setting, the Properties option will not be present when the user right-clicks on Recycle Bin or opens Recycle Bin and then clicks File. Likewise, Alt-Enter does nothing when Recycle Bin is selected.\n\nIf you disable or do not configure this setting, the Properties option is displayed as usual."
NoRecycleFiles="Do not move deleted files to the Recycle Bin"
NoRecycleFiles_Help="When a file or folder is deleted in Windows Explorer, a copy of the file or folder is placed in the Recycle Bin. Using this setting, you can change this behavior.\n\nIf you enable this setting, files and folders that are deleted using Windows Explorer will not be placed in the Recycle Bin and will therefore be permanently deleted.\n\nIf you disable or do not configure this setting, files and folders deleted using Windows Explorer will be placed in the Recyele Bin."
RecycleBinSize="Maximum allowed Recycle Bin size"
RecycleBinSize_Help="Limits the percentage of a volume's disk space that can be used to store deleted files.\n\nIf you enable this setting, the user has a maximum amount of disk space that may be used for the Recycle Bin on their workstation.\n\nIf you disable or do not configure this setting, users can change the total amount of disk space used by the Recycle Bin.\n\nNote: This setting is applied to all volumes."
RecycleBinSizeHelp1="Value represents percentage of hard disk that can be used (0 - 100)."
RecycleBinSizeSpin="Maximum Recycle Bin size: "
NoSecurityTab="Remove Security tab"
NoSecurityTab_Help="Removes the Security tab from Windows Explorer.\n\nIf you enable this setting, users opening the Properties dialog box for all file system objects, including folders, files, shortcuts, and drives, will not be able to access the Security tab. As a result, users will be able to neither change the security settings nor view a list of all users that have access to the resource in question.\n\nIf you disable or do not configure this setting, users will be able to access the security tab."
NoSMMyPictures_Help="Removes the My Pictures icon from the Start Menu.
NoSMMyPictures="Remove My Pictures icon from Start Menu"
NoSMMyNetworkPlaces_Help="Removes the My Network Places icon from the Start Menu.
NoSMMyNetworkPlaces="Remove My Network Places icon from Start Menu"
NoSMMyMusic_Help="Removes the My Music icon from the Start Menu.
NoSMMyMusic="Remove My Music icon from Start Menu"
NoNetAndDialupConnect_Help="Prevents users from running Network Connections.\n\nThis setting prevents the Network Connections folder from opening. This setting also removes Network Connections from Settings on the Start menu.\n\nNetwork Connections still appears in Control Panel and in Windows Explorer, but if users try to start it, a message appears explaining that a setting prevents the action.\n\nAlso, see the "Disable programs on Settings menu" and "Disable Control Panel" settings and the settings in the Network Connections folder (Computer Configuration and User Configuration\Administrative Templates\Network\Network Connections)."
NoNetAndDialupConnect="Remove Network Connections from Start Menu"
NoNetConnectDisconnect_Help="Prevents users from using Windows Explorer or My Network Places to map or disconnect network drives.\n\nIf you enable this setting, the system removes the Map Network Drive and Disconnect Network Drive commands from the toolbar and Tools menus in Windows Explorer and My Network Places and from menus that appear when you right-click the Windows Explorer or My Network Places icons. It also removes the Add Network Place option from My Network Places.\n\nThis setting does not prevent users from connecting to another computer by typing the name of a shared folder in the Run dialog box.\n\nNote:\n\nThis setting was documented incorrectly on the Explain tab in Group Policy for Windows 2000. The Explain tab states incorrectly that this setting prevents users from connecting and disconnecting drives.\n\nNote: It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting."
NoNetConnectDisconnect="Remove "Map Network Drive" and "Disconnect Network Drive""
NoNetHood_Help="Removes the My Network Places icon from the desktop.\n\nThis setting only affects the desktop icon. It does not prevent users from connecting to the network or browsing for shared computers on the network."
NoNetHood="Hide My Network Places icon on desktop"
NoOptions_Help="Removes the Folder Options item from all Windows Explorer menus and removes the Internet Options item from Internet Explorer. This setting also removes the Folder Options icon from Control Panel.\n\nFolder Options appears on the Tools menu in both Control Panel and Windows Explorer. (To open Folder Options, click My Computer, click My Documents, and then click My Network Places). Folder Options also appears as an item in Control Panel.\n\nThe Folder Options dialog box lets users set many properties of Windows
