Home » Security Policies - Microsoft Management Console
 

Security Policies - Microsoft Management Console

Endpoint Central supports configuring the following security policies in Microsoft Management Console category:

Security Policy Description

Restrict user from  entering author mode

Users cannot create console files or add or remove snap-ins. Also, because they cannot open author-mode console files, they cannot use the tools that the files contain.

Restrict users to the explicitly permitted list of snap-ins

All snap-ins are prohibited, except those that you explicitly permit. Use this setting if you plan to prohibit use of most snap-ins.  To explicitly permit a snap-in, open the Restricted/Permitted snap-ins setting folder and enable the settings representing the snap-in you want to permit.

Restrict/permit Component services snap-in

If the setting is enabled, the snap-in is permitted. If the setting is disabled, the snap-in is prohibited.  If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.

Restrict/permit Computer management snap-in

If the setting is enabled, the snap-in is permitted. If the setting is disabled, the snap-in is prohibited.  If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.

Restrict/permit Device manager snap-in

If the setting is enabled, the snap-in is permitted. If the setting is disabled, the snap-in is prohibited.  If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.

Restrict/permit Disk management snap-in

If the setting is enabled, the snap-in is permitted. If the setting is disabled, the snap-in is prohibited.  If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.

Restrict/permit Disk de-fragmentation snap-in

If the setting is enabled, the snap-in is permitted. If the setting is disabled, the snap-in is prohibited.

If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.

Restrict/permit Event viewer snap-in

If the setting is enabled, the snap-in is permitted. If the setting is disabled, the snap-in is prohibited.  If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.

Restrict/permit Fax services snap-in

If the setting is enabled, the snap-in is permitted. If the setting is disabled, the snap-in is prohibited.

If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.

Restrict/permit Indexing services snap-in

If the setting is enabled, the snap-in is permitted. If the setting is disabled, the snap-in is prohibited.  If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.

Restrict/permit Internet Information Services snap-in

If the setting is enabled, the snap-in is permitted. If the setting is disabled, the snap-in is prohibited.

If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.

Restrict/permit Local users and groups snap-in

If the setting is enabled, the snap-in is permitted. If the setting is disabled, the snap-in is prohibited.  If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.

Restrict/permit Performance logs and alerts snap-in

If the setting is enabled, the snap-in is permitted. If the setting is disabled, the snap-in is prohibited.  If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.

Restrict/permit Services snap-in

If the setting is enabled, the snap-in is permitted. If the setting is disabled, the snap-in is prohibited.  If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.

Restrict/permit Shared folders snap-in

If the setting is enabled, the snap-in is permitted. If the setting is disabled, the snap-in is prohibited.  If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.

Restrict/permit System information snap-in

If the setting is enabled, the snap-in is permitted. If the setting is disabled, the snap-in is prohibited.  If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.

Restrict/permit Telephony snap-in

If the setting is enabled, the snap-in is permitted. If the setting is disabled, the snap-in is prohibited.  If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.

Restrict/permit WMI control snap-in

If the setting is enabled, the snap-in is permitted. If the setting is disabled, the snap-in is prohibited.  If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.

Restrict/permit System properties snap-in

If the setting is enabled, the snap-in is permitted. If the setting is disabled, the snap-in is prohibited.  If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.

Restrict/permit Group policy snap-in

If the setting is enabled, the snap-in is permitted. If the setting is disabled, the snap-in is prohibited.  If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.

Restrict/permit Group policy tab for active directory tool snap-in

If the setting is enabled, the snap-in is permitted. If the setting is disabled, the snap-in is prohibited.  If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.

Restrict/permit Administrative templates (computer) snap-in

If the setting is enabled, the snap-in is permitted. If the setting is disabled, the snap-in is prohibited.  If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.

Restrict/permit Administrative templates (users) snap-in

If the setting is enabled, the snap-in is permitted. If the setting is disabled, the snap-in is prohibited.  If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.

Restrict/permit Folder redirection snap-in

If the setting is enabled, the snap-in is permitted. If the setting is disabled, the snap-in is prohibited.  If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.

Restrict/permit Internet explorer maintenance snap-in

If the setting is enabled, the snap-in is permitted. If the setting is disabled, the snap-in is prohibited.  If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.

Restrict/permit Remote installation services snap-in

If the setting is enabled, the snap-in is permitted. If the setting is disabled, the snap-in is prohibited.  If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.

Restrict/permit Scripts (logon/logoff) snap-in

If the setting is enabled, the snap-in is permitted. If the setting is disabled, the snap-in is prohibited.  If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.

Restrict/permit Scripts(startup/shutdown) snap-in

If the setting is enabled, the snap-in is permitted. If the setting is disabled, the snap-in is prohibited.  If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.

Restrict/permit Security settings snap-in

If the setting is enabled, the snap-in is permitted. If the setting is disabled, the snap-in is prohibited.  If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.

Restrict/permit Software installation (computer) snap-in

If the setting is enabled, the snap-in is permitted. If the setting is disabled, the snap-in is prohibited.  If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.

Restrict/permit Software installation (user) snap-in

If the setting is enabled, the snap-in is permitted. If the setting is disabled, the snap-in is prohibited.  If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.

The policy descriptions are taken from Microsoft Help Documentation