Security Policies - System

Restrict using registry editing tools

Disables the Windows registry editors, Regedit.exe

Remove task manager

If this setting is enabled and users try to start Task Manager, a message appears explaining that a policy prevents the action.

Restrict using Lock Workstation

Prevents users from locking their workstation

Restrict Changing Password

Prevents users from changing the password.

Restrict using Passwords applet in Control Panel

Prevents users from changing the account password of local users through the password applet in control panel.

Restrict using Change Passwords page

Prevents users from accessing change password

Hide Background page

Prevents users using background page

Hide Remote Administration page

Removes remote administration page

Hide User Profiles page

Removes user profiles pages

Hide Device Manager page

Removes device manager page

Hide Hardware Profiles page

Prevents hardware profile page form being accessed

Don't display the getting started welcome screen at logon

Suppresses the welcome screen. This setting hides the welcome screen that is displayed on Windows 2000 Professional and Windows XP Professional each time the user logs on.

Download missing COM components

Directs the system to search Active Directory for missing Component Object Model components that a program requires.

Prevent access to registry accessing tools

Disables the Windows registry editors, Regedit.exe and Regedit.exe.

Run legacy logon scripts hidden

Windows 2000 displays the instructions in logon scripts written for Windows NT 4.0 and earlier in a command window as they run, although it does not display logon scripts written for Windows 2000.  If you enable this setting, Windows 2000 does not display logon scripts written for Windows NT 4.0 and earlier.

Run logoff scripts visible

If the setting is enabled, the system displays each instruction in the logoff script as it runs. The instructions appear in a command window.

Run logon scripts synchronously

If the setting is enabled, Windows Explorer does not start until the logon scripts have finished running. This setting ensures that logon script processing is complete before the user starts working, but it can delay the appearance of the desktop.

Run logon scripts visible

If  the setting is enabled, the system displays each instruction in the logon script as it runs. The instructions appear in a command window.

Do not process the legacy run list

If  the setting is enabled, the system ignores the run list for Windows NT 4.0, Windows 2000, and Windows XP.

Do not process the runonce list

You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.  If you enable this setting, the system ignores the run-once list.

Create a new GPO links disabled by default

This setting creates all new Group Policy object links in the disabled state by default. After you configure and test the new object links, either by using Active Directory Users and Computers or Active Directory Sites and Services, you can enable the object links for use on the system.

Enforce show policies only

Prevents administrators from viewing or using Group Policy preferences.  A Group Policy administration (.adm) file can contain both true settings and preferences. True settings, which are fully supported by Group Policy, must use registry entries in the Software/Policies or  Software/Microsoft/Windows/CurrentVersion/Policies registry subkeys. Preferences, which are not fully supported, use registry entries in other subkeys.

Turn off automatic update of  ADM files

Prevents the system from updating the Administrative Templates source files automatically when you open Group Policy.