That’s just our policy!


To continue our theme of playing around in the registry from the last two posts of mine here are some registry keys that control various common policy settings (for a detailed description of each policy take a look at the doc here):


Policy: Do not allow Windows Messenger to be run
Description: Allows you to disable Windows Messenger.  If you enable this setting, Windows Messenger will not run.  If you disable or do not configure this setting, Windows Messenger can be used. 
Note: If you enable this setting, Remote Assistance also cannot use Windows Messenger. 
Note: This setting is available under both Computer Configuration and User Configuration. If both are present, the Computer Configuration version of this setting takes precedence.
HKLM\ Software\ Policies\ Microsoft\ Messenger\ Client!PreventRun


Policy: Do not automatically start Windows Messenger initially
Description: Windows Messenger is automatically loaded and running when a user logs on to a Windows XP computer. You can use this setting to stop Windows Messenger from automatically being run at logon.  If you enable this setting, Windows Messenger will not be loaded automatically when a user logs on.  If you disable or do not configure this setting, the Windows Messenger will be loaded automatically at logon.  Note: This setting simply prevents Windows Messenger from running initially. If the user invokes and uses Windows Messenger from that point on, Windows Messenger will be loaded.  The user can also configure this behavior on the Preferences tab on the Tools menu in the Windows Messenger user interface.  Note: If you do not want users to use Windows Messenger, enable the “Do not allow Windows Messenger to run setting”.
Note: This setting is available under both Computer Configuration and User Configuration. If both are present, the Computer Configuration version of this setting takes precedence.
HKLM\ Software\ Policies\ Microsoft\ Messenger\ Client!PreventAutoRun


Policy: Remove Balloon Tips on Start Menu items
Description: Hides pop-up text on the Start menu and in the notification area.  When you hold the cursor over an item on the Start menu or in the notification area, the system displays pop-up text providing additional information about the object.  If you enable this setting, some of this pop-up text is not displayed. The pop-up text affected by this setting includes “Click here to begin on the Start button”, “Where have all my programs gone on the Start menu”, and “Where have my icons gone in the notification area”.  If you disable this setting or do not configure it, all pop-up text is displayed on the Start menu and in the notification area.
HKCU\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\
Explorer!NoSMBalloonTip


Policy: Remove Clock from the system notification area
Description: Prevents the clock in the system notification area from being displayed.  If you enable this setting, the clock will not be displayed in the system notification area.  If you disable or do not configure this setting, the default behavior of the clock appearing in the notification area will occur.
HKCU\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\
Explorer!HideClock


Policy: Remove Recycle Bin icon from desktop
Description: Removes most occurrences of the Recycle Bin icon.  This setting removes the Recycle Bin icon from the desktop, from Windows Explorer, from programs that use the Windows Explorer windows, and from the standard Open dialog box.  This setting does not prevent the user from using other methods to gain access to the contents of the Recycle Bin folder.  Note: To make changes to this setting effective, you must log off and then log back on.
HKCU\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\
NonEnum!{645FF040-5081-101B-9F08-00AA002F954E}


Policy: Remove Properties from the Recycle Bin context menu
Description: Removes the Properties option from the Recycle Bin context menu.  If you enable this setting, the Properties option will not be present when the user right-clicks on Recycle Bin or opens Recycle Bin and then clicks File. Likewise, Alt-Enter does nothing when Recycle Bin is selected.  If you disable or do not configure this setting, the Properties option is displayed as usual.
HKCU\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\
Explorer!NoPropertiesRecycleBin


Policy: Prohibit ‘Make Available Offline’ for these file and folders
Description: This policy setting allows you to manage a list of files or folders for which you wish to prohibit the ‘Make Available Offline’ option.  If you enable this policy setting, the ‘Make Available Offline’ option is not available for the files or folders you list. To specify these files or folders, click Show, and then click Add. In the ‘Type the name of the item to be added’ box, type the fully qualified UNC path to the file or folder. Leave the ‘Enter the value of the item to be added’ field blank.  If you disable this policy setting, the list of files or folders for which the ‘Make Available Offline’ option is removed (including those inherited from lower precedence GPOs) is deleted.  If you do not configure this policy setting, the ‘Make Available Offline’ option is available for all files or folders.  Notes:  This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy settings are combined, and the ‘Make Available Offline’ option will be unavailable for all specified files and folders.  This policy setting does not prevent files from being automatically cached if the network share is configured for ‘Automatic Caching’. It only affects the availability of the ‘Make Available Offline’ menu option in the user interface.  If the ‘Disable Make Available Offline’ policy setting is enabled, this setting has no effect.
effect.
HKCU\ Software\ Policies\ Microsoft\ Windows\ NetCache\
NoMakeAvailableOfflineList


Policy: Ability to rename LAN connections
Description: Determines whether non-administrators can rename a LAN connection.  If you enable this setting, the Rename option is enabled for LAN connections. Non-administrators can rename LAN connections by clicking an icon representing the connection or by using the File menu.  If you disable this setting, the Rename option is disabled for non-administrators only.  If you do not configure this setting, only Administrators and Network Configuration Operators can rename LAN connections.  Note: This setting does not apply to Administrators.
Note: When the Ability to rename LAN connections or remote access connections available to all users setting is configured (set to either enabled or disabled), this setting does not apply. 
HKCU\ Software\ Policies\ Microsoft\ Windows\
Network Connections!NC_RenameLanConnection


Policy: Do not move deleted files to the Recycle Bin
Description: When a file or folder is deleted in Windows Explorer, a copy of the file or folder is placed in the Recycle Bin. Using this setting, you can change this behavior.  If you enable this setting, files and folders that are deleted using Windows Explorer will not be placed in the Recycle Bin and will therefore be permanently deleted.  If you disable or do not configure this setting, files and folders deleted using Windows Explorer will be placed in the Recycle Bin.
HKCU\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\
Network!NoRecycleFiles


Policy: Display confirmation dialog when deleting files
Description: Allows you to have Windows Explorer display a confirmation dialog whenever a file is deleted or moved to the Recycle Bin.  If you enable this setting, a confirmation dialog is displayed when a file is deleted or moved to the Recycle Bin by the user.  If you disable or do not configure this setting, the default behavior of not displaying a confirmation dialog occurs.
HKCU\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\
Network!ConfirmFileDelete


Policy: Turn off caching of thumbnail pictures
Description: This setting controls whether the thumbnail views are cached.  If you enable this setting, thumbnail views are not cached.  If you disable or do not configure this setting, thumbnail views are cached.  Note: For shared corporate workstations or computers where security is a top concern, you should enable this setting to turn off the thumbnail view cache, because the thumbnail cache can be read by everyone.
HKCU\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\
Network!NoThumbnailCache


Lynda


Comments (7)

  1. David says:

    This brings the question: If I join an XPE device to a domain, will the domain policy override my own "tweaks" (that may be very important for the device to function correctly)? I’d like to see an opt-in mechanism for group policies; is there one?

    I’m thinking of moving an embedded medical device to XPE, but I sometimes wake up in a cold sweat at night from the thought of Office 2003 suddenly being rolled out to the device. 🙂

  2. Lynda says:

    It is entirely possible that a domain policy would overwrite your tweaks- it is quite common for domain policies to be set up so that they have precedence over all other local settings. You would have to check with your network administrator as to what policies the domain would set.

    As far as I know there is no option of choosing whether or not you want domain policies to apply to your device or not (that would sort of defeat the idea of a uniform group policy). Plenty of Embedded customers have devices on a domain and are still able to tweak settings important to their Embedded device, so take heart!

  3. To wrap up my theme of setting policy through registry keys I’ve listed a selection of policy settings…

  4. David says:

    Lynda, thanks for your answer. I do hope there is a way to be very selective about which policies that are applied. I understand the idea with Group Policy and it makes a lot of sense for general purpose PCs that you try to make _less_ general purpose, but an embedded device is different. It already has a well defined purpose and configuration, save for a few select parameters.

    I want to join a domain mainly in order to authenticate users and perform auditing. If a customer at a site manages to apply arbitrary policies to it (like installing software), it is no longer the same (medical) device, and I’m in trouble. I’d rather have no Group Policy at all, if that is possible. On the other hand, being able to authenticate users against a domain controller is one of the reasons why I’m looking at XPe.

Skip to main content