Summary of New or Expanded Group Policy Settings

You can now use Group Policy to centrally manage a greater number of features and component behaviors. The number of Group Policy settings has increased from approximately 1,700 in Windows Server 2003 with Service Pack 1 (SP1) to approximately 2,400 in Windows Vista.

This table summarizes new or expanded categories of Group Policy settings.

Group Policy Category Description Location of Group Policy Setting

Antivirus

Manages behavior for evaluating high-risk attachments.

  • User Configuration\Administrative Templates\Windows Components\Attachment Manager

Background Intelligent Transfer Service (BITS)

Configures the new BITS Neighbor Casting feature (new in Windows Vista) to facilitate peer-to-peer file transfer within a domain. This feature is supported in Windows Vista and Windows Server 2008.

  • Computer Configuration\Administrative Templates\Network\Background Intelligent Transfer Service

Client Help

Determines where your users access Help systems that may include untrusted content. You can direct your users to Help or to local offline Help.

  • Computer Configuration\Administrative Templates\Online Assistance
  • User Configuration\Administrative Templates\Online Assistance

Deployed Printer Connections

Deploys a printer connection to a computer. This is useful when the computer is shared in a locked-down environment, such as a school or when a user roams to a different location and needs to have a printer connected automatically.

  • Computer Configuration\Windows Settings\Deployed Printers
  • User Configuration\Windows Settings\Deployed Printers

Device Installation

Allows or denies a device installation, based upon the device class or ID.

  • Computer Configuration\Administrative Templates\System\Device Installation

Disk Failure Diagnostic

Controls the level of information displayed by the disk failure diagnostics.

  • Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Disk Diagnostic

DVD Video Burning

Customizes the video disc authoring experience.

  • Computer Configuration\Administrative Templates\Windows Components\Import Video
  • User Configuration\Administrative Templates\Windows Components\Import Video

Enterprise Quality of Service (QoS)

Alleviates network congestion issues by enabling central management of Windows Vista network traffic. Without requiring changes to applications, you can define flexible policies to prioritize the Differentiated Services Code Point (DSCP) marking and throttle rate.

  • Computer Configuration\Windows Settings\Policy-based QoS

Hybrid Hard Disk

Configures the hybrid hard disk (with non-volatile cache) properties, allowing you to manage:

  • Use of non-volatile cache.
  • Startup and resume optimizations.
  • Solid state mode.
  • Power savings mode.
  • Computer Configuration\Administrative Templates\System\Disk NV Cache

Internet Explorer 7

Replaces and expands the current settings in the Internet Explorer Maintenance extension to allow administrators the ability to read the current settings without affecting values.

  • Computer Configuration\Administrative Templates\Windows Components\Internet Explorer
  • User Configuration\Administrative Templates\Windows Components\Internet Explorer

Networking: Quarantine

Manages three components:

  • Health Registration Authority (HRA)
  • Internet Authentication Service (IAS)
  • Network Access Protection (NAP)
  • Computer Configuration\Windows Settings\Security Settings\Network Access Protection

Networking: Wired Wireless

Applies a generic architecture for centrally managing existing and future media types.

  • Computer Configuration\Windows Settings\Security Settings\Wired Network (IEEE 802.11) Policies
  • Computer Configuration\Windows Settings\Security Settings\Wireless Network (IEEE 802.11) Policies

Power Options

Configures any current power options in the Control Panel.

  • Computer Configuration\Administrative Templates\System\Power Management

Removable Storage

Allows administrators to protect corporate data by limiting the data that can be read from and written to removable storage devices. Administrators can enforce restrictions on specific computers or users without relying on third party products or disabling the buses.

  • Computer Configuration\Administrative Templates\System\Removable Storage Access
  • User Configuration\Administrative Templates\System\Removable Storage Access

Security Protection

Combines the management of both the Windows Firewall and IPsec technologies to reduce the possibility of creating conflicting rules. Administrators can specify which applications or ports to open and whether or not connections to those resources must be secure.

  • Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security

Shell Application Management

Manages access to the toolbar, taskbar, Start menu, and icon displays.

  • User Configuration\Administrative Templates\Start Menu and Taskbar

Shell First Experience, Logon, and Privileges

Configures the logon experience to include expanded Group Policy settings in:

  • Roaming User Profiles.
  • Redirected folders.
  • Logon dialog screens.
  • User Configuration\Administrative Templates\Windows Components\

Shell Sharing, Sync, and Roaming

Customizes:

  • Autorun for different devices and media.
  • Creation and removal of partnerships.
  • Synchronization schedule and behavior.
  • Creation and access to workspaces.
  • User Configuration\Administrative Templates\Windows Components\

Shell Visuals

Configures the desktop display to include:

  • AERO Glass display.
  • New screen saver behavior.
  • Search and views.
  • User Configuration\Administrative Templates\Windows Components\

Tablet PC

Configures Tablet PC to include:

  • Tablet Ink Watson and Personalization features.
  • Tablet PC desktop features.
  • Input Panel features.
  • Tablet PC touch input.

Computer Configuration\Administrative Templates\Windows Components\

  • Input Personalization
  • Pen Training
  • TabletPC\Tablet PC Input Panel
  • TabletPC\Touch Input

User Configuration\Administrative Templates\Windows Components\

  • Input Personalization
  • Pen Training
  • TabletPC\Tablet PC Input Panel
  • TabletPC\Touch Input

Terminal Services

Configures the following features to enhance the security, ease-of-use, and manageability of Terminal Services remote connections. You can:

  • Allow or prevent redirection of additional supported devices to the remote computer in a Terminal Services session.
  • Require the use of Transport Layer Security (TLS) 1.0 or native Remote Desktop Protocol (RDP) encryption, or negotiate a security method.
  • Require the use of a specific encryption level (FIPS Compliant, High, Client Compatible, or Low).
  • Computer Configuration\Administrative Templates\Windows Components\Terminal Services
  • User Configuration\Administrative Templates\Windows Components\Terminal Services

Troubleshooting and Diagnostics

Controls the diagnostic level from automatically detecting and fixing problems to indicating to the user that assisted resolution is available for:

  • Application issues.
  • Leak detection.
  • Resource allocation.
  • Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics

User Account Protection

Configures the properties of user accounts to:

  • Determine behavior for the elevation prompt.
  • Elevate the user account during application installs.
  • Identify the least-privileged user accounts.
  • Virtualize file and registry write failures to per-user locations.
  • Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

Windows Error Reporting

Disables Windows Feedback only for Windows or for all components. By default, Windows Feedback is turned on for all Windows components.

  • Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting
  • User Configuration\Administrative Templates\Windows Components\Administrative Templates\Windows Error Reporting