AD_EnableFilter="Enable filter in Find dialog box"
AD_EnableFilter_Help="Displays the filter bar above the results of an Active Directory search. The filter bar consists of buttons for applying additional filters to search results.\n\nIf you enable this policy, the filter bar appears when the Active Directory Find dialog box opens, but users can hide it.\n\nIf you disable this policy or do not configure it, the filter bar does not appear, but users can display it by selecting "Filter" from the "View" menu.\n\nTo see the filter bar, open My Network Places, click Entire Network, and then click Directory. Right-click the name of a Windows 2000 domain, and click Find. Type the name of an object in the directory, such as "Administrator." If the filter bar does not appear above the resulting display then, from the View menu, click Filter."
AD_HideDirectoryFolder="Hide Active Directory folder"
AD_HideDirectoryFolder_Help="Hides the Active Directory folder in My Network Places.\n\nThe Active Directory folder displays Active Directory objects in a browse window.\n\nIf you enable this policy, the Active Directory folder does not appear in the My Network Places folder.\n\nIf you disable this policy or do not configure it, the Active Directory folder appears in the My Network Places folder.\n\nThis policy is designed to let users search Active Directory, but not tempt them to casually browse Active Directory."
AD_QueryLimit="Maximum size of Active Directory searches"
AD_QueryLimit_Box="Number of objects returned: "
AD_QueryLimit_Help="Specifies the maximum number of objects the system displays in response to a command to browse or search Active Directory. This policy affects all browse displays associated with Active Directory, such as those in Local Users and Groups, Active Directory Users & Computers, and dialog boxes used to set permissions for user or group objects in Active Directory.\n\nIf you enable this policy, you can use the "Number of objects returned" box to limit returns from an Active Directory search.\n\nIf you disable this policy or do not configure it, the system displays up to 10,000 objects. This consumes approximately 2 MB of memory or disk space.\n\nThis policy is designed to protect the network and the domain controller from the effect of expansive searches."
AddAdminGroupToRUP="Add the Administrators security group to roaming user profiles"
AddAdminGroupToRUP_Help="Add the Administrator security group to the roaming user profile share\n\nOnce an administrator has configured a users' roaming profile, the profile will be created at the user's next login. The profile is created at the location specified by the administrator.\n\nFor Windows 2000 and higher operating systems, the default file permissions for the newly generated profile are full control, or read and write access for the user, and no file access for the administrators group.\n\nBy configuring this policy, you can alter this behavior.\n\nIf you enable this policy setting, the administrator group is also given full control to the user's profile folder.\n\nIf you disable or do not configure it, only the user is given full control of their user profile and the administrators group have no file system access to this folder.\n\nNote: If the policy setting is enabled after the profile is created, the policy setting has no effect.\n\nNote: The policy setting must be configured on the client machine, not the server for it to have any effect, since it is the client machine that sets the file share permissions for the roaming profile at creation time.\n\nNote: In the default case, administrators have no file access to the user's profile, but may still take ownership of this folder to grant themselves file permissions.\n\nNote: The behavior when this policy setting is enabled is the exact same behavior as in Windows NT 4.0."
AdminComponents_Help="Adds and deletes specified Web content items.\n\nYou can use the "Add" box in this policy to add particular Web-based items or shortcuts to users' desktops. Users can close or delete the items (if policies allow), but the items are added again each time the policy is refreshed.\n\nYou can also use this policy to delete particular Web-based items from users' desktops. Users can add the item again (if policies allow), but the item is deleted each time the policy is refreshed.\n\nNote: Removing an item from the "Add" list for this policy is not the same as deleting it. Items removed from the add list are not removed from the desktop. They are just not added again."
AdministrativeServices="System"
ALLDrives="Restrict all drives"
AllowBrowse="Prohibit Browse"
AllowBrowseHelp="Limits newly scheduled to items on the user's Start menu and prevents the user from changing the scheduled program for existing tasks.\n\nThis policy removes the Browse button from the Schedule Task wizard and from the Task tab of the properties dialog box for a task. Also, users cannot edit the "Run" box or the "Start in" box that determine the program and path for a task.\n\nAs a result, when users create a task, they must select a program from the list in the Scheduled Task wizard, which displays only the tasks that appear on the Start menu and its submenus. Once a task is created, users cannot change the program a task runs.\n\nImportant: This policy does not prevent users from creating a new task by pasting or dragging any program into the Scheduled Tasks folder. To prevent this action, use the "Disable Drag-and-Drop" policy.\n\nNote: This policy appears in the Computer Configuration and User Configuration folders. If both policies are configured, the setting in Computer Configuration \
takes precedence over the setting in User Configuration."
AllowLockdownBrowse_Help="Allows users to search for installation files during privileged installations.\n\nThis policy enables the Browse button on the "Use feature from" dialog box. As a result, users can search for installation files, even when the installation program is running with elevated system privileges. By default, only system administrators can browse during installations with elevated privileges, such as installations offered on the desktop or displayed in Add/Remove Programs.\n\nBecause the installation is running with elevated system privileges, users can browse through directories that their own permissions would not allow.\n\nThis policy does not affect installations that run in the user's security context. Also, see the "Disable browse dialog box for new source" policy."
AllowLockdownBrowse="Enable user to browse for source while elevated"
AllowLockdownMedia_Help="Allows users to install programs from removable media, such as floppy disks and CD-ROMs, during privileged installations.\n\nThis policy permits all users to install programs from removable media, even when the installation program is running with elevated system privileges. By default, users can install programs from removable media only when the installation runs in the user's security context. During privileged installations, such as those offered on the desktop or displayed in Add/Remove Programs, only system administrators can install from removable media.\n\nThis policy does not affect installations that run in the user's security context. By default, users can install from removable media when the installation runs in their own security context.\n\nAlso, see the "Disable media source for any install" policy in User Configuration\Administrative Templates\Windows Components\Windows Installer."
AllowLockdownMedia="Enable user to use media source while elevated"
AllowLockdownPatch_Help="Allows users to upgrade programs during privileged installations.\n\nThis policy permits all users to install patches, even when the installation program is running with elevated system privileges. Patches are updates or upgrades that replace only those program files that have changed. Because patches can easily be vehicles for malicious programs, some installations prohibit their use.\n\nBy default, only system administrators can apply patches during installations with elevated privileges, such as installations offered on the desktop or displayed in Add/Remove Programs.\n\nThis policy does not affect installations that run in the user's security context. By default, users can install patches to programs that run in their own security context. Also, see the "Disable patching" policy."
AllowLockdownPatch="Enable user to patch elevated products"
AllowWebPrinting_Help="Determines whether Internet printing is supported on this server.\n\nInternet printing lets you display printers on Web pages so the printers can be viewed, managed, and used across the Internet or an intranet.\n\nInternet printing is supported by default on Windows 2000. If you enable this policy or do not configure it, Internet printing remains supported. If you disable this policy, Internet printing is not supported.\n\nNote: This policy affects the server side of Internet printing only. It does not prevent the print client on the computer from printing across the Internet.\n\nAlso, see the "Custom support URL in the Printers folder's left pane" policy in this folder and the "Browse a common web site to find printers" policy in User Configuration\Administrative Templates\Control Panel\Printers."
AllowWebPrinting_Tip1="Use this policy to enable Internet printing."
AllowWebPrinting="Web-based printing"
AlwaysInstallElevated_Help="Directs Windows Installer to use system permissions when it installs any program on the system.\n\nThis policy extends elevated privileges to all programs. These privileges are usually reserved for programs that have been assigned to the user (offered on the desktop), assigned to the computer (installed automatically), or made available in Add/Remove Programs in Control Panel. This policy lets users install programs that require access to directories that the user might not have permission to view or change, including directories on highly restricted computers.\n\nIf you disable this policy or do not configure it, the system applies the current user's permissions when it installs programs that a system administrator does not distribute or offer.\n\nNote: This policy appears both in the Computer Configuration and User Configuration folders. To make this policy effective, you must enable the policy in both folders.\n\nCaution: Skilled users can take advantage of the permissions this policy grants to change their privileges and gain permanent access to restricted files and folders. Note that the User Configuration version of this policy is not guaranteed to be secure."
AlwaysInstallElevated="Always install with elevated privileges"
AppMgmt_COM_SearchForCLSID="Download missing COM components"
AppMgmt_COM_SearchForCLSID_Help="Directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.\n\nMany Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM. These programs cannot perform all of their functions unless Windows 2000 has internally registered the required components.\n\nIf you enable this policy and a component registration is missing, the system searches for it in Active Directory and if it is found, downloads it. The resulting searches might make some programs start or run slowly.\n\nIf you disable this policy or do not configure it, the program continues without the registration. As a result, the program might not perform all of its functions, or it might stop.\n\nThis policy appears in the Computer Configuration and User Configuration folders. if both policies are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration."
ARP="Add/Remove Programs"
AsynchronousMachineGroupPolicy_Help="Lets the system display the logon prompt before it finishes updating computer Group Policy.\n\nIf you enable this policy, the system does not wait for Group Policy updates to complete before inviting the user to log on. As a result, the Windows interface might appear to be ready before computer Group Policy is applied.\n\nIf you disable this policy or do not configure it, users cannot log on until computer Group Policy is updated.\n\nAlso, see the "Apply Group Policy for users asynchronously during logon" policy."
AsynchronousMachineGroupPolicy="Apply Group Policy for computers asynchronously during startup"
AsynchronousUserGroupPolicy_Help="Lets the system display the Windows desktop before it finishes updating user Group Policy.\n\nIf you enable this policy, the system does not coordinate the tasks of loading desktop and updating user Group Policy. As a result, Windows might appear ready for use before user Group Policy is updated.\n\nIf you disable this policy or do not configure it, the system does not make the desktop available to users until user Group Policy is updated.\n\nAlso, see the "Apply Group Policy for computers asynchronously during startup" policy."
AsynchronousUserGroupPolicy="Apply Group Policy for users asynchronously during logon"
ATC_NoComponents_Help="Removes Active Desktop content and prevents users from adding Active Desktop content.\n\nThis policy removes all Active Desktop items from the desktop. It also removes the Web tab from Display in Control Panel and removes the "New Desktop Item" command from the Active Desktop menu. As a result, users cannot add Web pages or pictures from the Internet or an intranet to the desktop.\n\nThis policy does not disable Active Desktop. Users can still use image formats, such as JPEG and GIF, for their desktop wallpaper.\n\nAlso, see the "Prohibit Adding Items" policy."
ATC_NoComponents_Tip="Still allows HTML and Jpg Wallpaper"
AutoPublishing_Help="Determines whether the Add Printer wizard automatically publishes the computer's shared printers in Active Directory.\n\nIf you enable this policy or do not configure it, the Add Printer wizard automatically publishes all shared printers.\n\nIf you disable this policy, the Add Printer wizard does not automatically publish printers. However, you can publish shared printers manually.\n\nNote: This policy is ignored if the "Allow printers to be published" policy is disabled."
AutoPublishing_Tip1="Enable or disable this setting to control whether newly created "
AutoPublishing_Tip2="shared printers are published or not published in the Active "
AutoPublishing_Tip3="Directory. If this policy is not set the default behavior is"
AutoPublishing_Tip4="to automatically publish shared printers in the Active Directory"
AutoPublishing="Automatically publish new printers in Active Directory"
Autorun_Box="Disable Autoplay on:"
Autorun_NoCD="CD-ROM drives"
Autorun_None="All drives"
Autorun_Help="Disables the Autoplay feature.\n\nAutoplay begins reading from a drive as soon as you insert media in the drive. As a result, the setup file of programs and the music on audio media starts immediately.\n\nBy default, Autoplay is disabled on removable drives, such as the floppy disk drive (but not the CD-ROM drive), and on network drives.\n\nIf you enable this policy, you can also disable Autoplay on CD-ROM drives, or disable Autoplay on all drives.\n\nThis policy disables Autoplay on additional types of drives. You cannot use this policy to enable Autoplay on drives on which it is disabled by default.\n\nNote: This policy appears in both the Computer Configuration and User Configuration folders. If the settings conflict, the setting in Computer Configuration takes precedence over the setting in User Configuration."
Autorun="Disable Autoplay"
Blank=" "
Cat_OfflineFiles="Offline Files"
Catname="Administrative Alerts"
ClassicShell_Help="Disables Active Desktop, Web view, and thumbnail views. Also, users cannot configure their system to open items by single-clicking (such as in Mouse in Control Panel). As a result, the user interface looks and operates like the interface for Windows NT 4.0 and users cannot restore the new features.\n\nNote: This policy takes precedence over the "Enable Active Desktop" policy. If both policies are enabled, Active Desktop is disabled.\n\nAlso, see the "Disable Active Desktop" policy in User Configuration\Administrative Templates\Desktop\Active Desktop and the "Remove the Folder Options menu item from the Tools menu" policy in User Configuration\Administrative Templates\Windows Components\Windows Explorer."
ClassicShell="Enable Classic Shell"
ClearRecentDocsOnExit_Help="Directs the system to delete the contents of the Documents menu on the Start menu when the user logs off.\n\nThe Documents menu contains shortcuts to the non-program files the user opened most recently.\n\nIf you enable this policy, the Documents menu is always empty when the user logs on. Otherwise, when the user logs on again, the Documents menu appears just as it did when the user logged off.\n\nYou can use this policy, in coordination with the "Remove Documents menu from Start Menu" and "Do not keep history of recently opened documents" policies in this folder to customize your policy for managing access to recently opened files. The system uses this policy only when neither of these related policies are selected."
ClearRecentDocsOnExit="Clear history of recently opened documents on exit"
Comdlg="Common Open File Dialog"
ComdlgSub="Common Open File Dialog Restrictions"
COnly="Restrict C drive only"
Connect_HomeDir_ToRoot_Explain="Restores the definitions of the %HOMESHARE% and %HOMEPATH% environment variables to those used in Windows NT 4.0 and earlier.\n\nIf you enable this policy, the system uses the Windows NT 4.0 definitions. If you disable this policy or do not configure it, the system uses the new definitions designed for Windows 2000.\n\nAlong with %HOMEDRIVE%, these variables define the home directory of a user profile. The home directory is a persistent mapping of a drive letter on the local computer to a local or remote directory.\n\nBy default, in Windows 2000, %HOMESHARE% stores the fully qualified path to the home directory (such as \\server\share\dir1\dir2\homedir). Users can access the home directory and any of its subdirectories from the home drive letter, but they cannot see or access its parent directories. %HOMEPATH% stores a final backslash and is included for compatibility with earlier systems.\n\nOn Windows NT 4.0 and earlier, %HOMESHARE% stores only the network share (such as \\server\share). %HOMEPATH% stores the remainder of the fully qualified path to the home directory (such as \dir1\dir2\homedir). As a result, users can access any directory on the home share by using the home directory drive letter.\n\nTip: To specify a home directory in Windows 2000, in Active Directory Users and Computers or Local Users and Groups, right-click the name of a user account, click Properties, click the Profile tab, and in the "Home folder" section, select the "Connect" option and select a drive letter and home directory.\n\nExample: Drive Z is mapped to \\server\share\dir1\dir2\homedir.\n\nIf this policy is disabled or not configured (Windows 2000 behavior):\n\n-- %HOMEDRIVE% = Z: (mapped to \\server\share\dir1\dir2\homedir)\n\n-- %HOMESHARE% = \\server\share\dir1\dir2\homedir\n\n-- %HOMEPATH% = \\n\nIf the policy is enabled (Windows NT 4.0 behavior):\n\n-- %HOMEDRIVE% = Z: (mapped to \\server\share)\n\n-- %HOMESHARE% = \\server\share\n\n-- %HOMEPATH% = \dir1\dir2\homedir"
Connect_HomeDir_ToRoot="Connect home directory to root of the share"
ControlPanel="Control Panel"
CPL_Display_Disable="Disable Display in Control Panel"
CSE_AppMgmt_Help="Determines when software installation polices are updated.\n\nThis policy affects all policies that use the software installation component of Group Policy, such as policies in Software Settings\Software Installation. You can set software installation policy only for Group Policy objects stored in Active Directory, not for Group Policy objects on the local computer.\n\nThis policy overrides customized settings that the program implementing the software installation policy set when it was installed.\n\nIf you enable this policy, you can use the check boxes provided to change the options. If you disable this policy or do not configure it, it has no effect on the system.\n\nThe "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.\n\nThe "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it."
CSE_DiskQuota="Disk Quota policy processing"
CSE_DiskQuota_Help="Determines when disk quota policies are updated.\n\nThis policy affects all policies that use the disk quota component of Group Policy, such as those in Computer Configuration\Administrative Templates\System\File System\Disk Quotas.\n\nIt overrides customized settings that the program implementing the disk quota policy set when it was installed.\n\nIf you enable this policy, you can use the check boxes provided to change the options. If you disable this policy or do not configure it, it has no effect on the system.\n\nThe "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.\n\nThe "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. Background updates can disrupt the user, cause a program to stop or operate abnormally, and, in rare cases, damage data.\n\nThe "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it."
CSE_EFSRecovery="EFS recovery policy processing"
CSE_EFSRecovery_Help="Determines when encryption polices are updated.\n\nThis policy affects all policies that use the encryption component of Group Policy, such as policies related to encryption in Windows Settings\Security Settings.\n\nIt overrides customized settings that the program implementing the encryption policy set when it was installed.\n\nIf you enable this policy, you can use the check boxes provided to change the options. If you disable this policy or do not configure it, it has no effect on the system.\n\nThe "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.\n\nThe "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. Background updates can disrupt the user, cause a program to stop or operate abnormally, and, in rare cases, damage data.\n\nThe "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it."
CSE_FolderRedirection_Help="Determines when folder redirection policies are updated.\n\nThis policy affects all policies that use the folder redirection component of Group Policy, such as those in WindowsSettings\Folder Redirection. You can only set folder redirection policy for Group Policy objects, stored in Active Directory, not for Group Policy objects on the local computer.\n\nThis policy overrides customized settings that the program implementing the folder redirection policy set when it was installed.\n\nIf you enable this policy, you can use the check boxes provided to change the options. If you disable this policy or do not configure it, it has no effect on the system.\n\nThe "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.\n\nThe "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it."
CSE_IEM="Internet Explorer Maintenance policy processing"
CSE_IEM_Help="Determines when Internet Explorer Maintenance policies are updated.\n\nThis policy affects all policies that use the Internet Explorer Maintenance component of Group Policy, such as those in Windows Settings\Internet Explorer Maintenance.\n\nIt overrides customized settings that the program implementing the Internet Explorer Maintenance policy set when it was installed.\n\nIf you enable this policy, you can use the check boxes provided to change the options. If you disable this policy or do not configure it, it has no effect on the system.\n\nThe "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.\n\nThe "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. Background updates can disrupt the user, cause a program to stop or operate abnormally, and, in rare cases, damage data.\n\nThe "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it."
CSE_IPSecurity="IP Security policy processing"
CSE_IPSecurity_Help="Determines when IP security polices are updated.\n\nThis policy affects all policies that use the IP security component of Group Policy, such as policies in Computer Configuration\Windows Settings\Security Settings\IP Security Policies on Local Machine.\n\nIt overrides customized settings that the program implementing the IP security policy set when it was installed.\n\nIf you enable this policy, you can use the check boxes provided to change the options. If you disable this policy or do not configure it, it has no effect on the system.\n\nThe "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.\n\nThe "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. Background updates can disrupt the user, cause a program to stop or operate abnormally, and, in rare cases, damage data.\n\nThe "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it."
CSE_NOCHANGES="Process even if the Group Policy objects have not changed"
CSE_NOBACKGROUND="Do not apply during periodic background processing"
CSE_Registry="Registry policy processing"
CSE_Registry_Help="Determines when registry policies are updated.\n\nThis policy affects all policies in the Administrative Templates folder and any other policies that store values in the registry.\n\nIt overrides customized settings that the program implementing a registry policy set when it was installed.\n\nIf you enable this policy, you can use the check boxes provided to change the options. If you disable this policy or do not configure it, it has no effect on the system.\n\nThe "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. Background updates can disrupt the user, cause a program to stop or operate abnormally, and, in rare cases, damage data.\n\nThe "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it."
CSE_Security="Security policy processing"
CSE_Security_Help="Determines when security policies are updated.\n\nThis policy affects all policies that use the security component of Group Policy, such as those in Windows Settings\Security Settings.\n\nIt overrides customized settings that the program implementing the security policy set when it was installed.\n\nIf you enable this policy, you can use the check boxes provided to change the options. If you disable this policy or do not configure it, it has no effect on the system.\n\nThe "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.\n\nThe "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. Background updates can disrupt the user, cause a program to stop or operate abnormally, and, in rare cases, damage data.\n\nThe "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it."
CSE_Scripts="Scripts policy processing"
CSE_Scripts_Help="Determines when policies that assign shared scripts are updated.\n\nThis policy affects all policies that use the scripts component of Group Policy, such as those in WindowsSettings\Scripts.\n\nIt overrides customized settings that the program implementing the scripts policy set when it was installed.\n\nIf you enable this policy, you can use the check boxes provided to change the options. If you disable this policy or do not configure it, it has no effect on the system.\n\nThe "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.\n\nThe "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. Background updates can disrupt the user, cause a program to stop or operate abnormally, and, in rare cases, damage data.\n\nThe "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it."
CSE_SLOWLINK="Allow processing across a slow network connection"
CustomizedSupportUrl_Help="Adds a customized Web page link to the Printers folder.\n\nBy default, the Printers folder includes a link to the Microsoft Support Web page. It can also include a link to a Web page supplied by the vendor of the currently selected printer.\n\nYou can use this policy to replace these default links with a link to a Web page customized for your enterprise.\n\nIf you disable this policy or do not configure it, or if you do not enter an alternate Internet address, the default links appear in the Printers folder.\n\nNote: Web pages links only appear in the Printers folder when Web view is enabled. If Web view is disabled, the policy has no effect. (To enable Web view, open the Printers folder, and from the Tools menu, click Folder Options, click the General tab, and then click "Enable Web content in folders.")\n\nAlso, see the "Web-based printing" policy in this policy folder and the "Browse a common web site to find printers" policy in User Configuration\Administrative Templates\Control Panel\Printers.\n\nWeb view is affected by the "Enable Classic Shell" and "Remove the Folder Options menu item from the Tools menu" policies in User Configuration\Administrative Templates\Windows Components\Windows Explorer, and by the "Enable Active Desktop" policy in User Configuration\Administrative Templates\Desktop\Active Desktop."
CustomizedSupportUrl_Link="URL"
CustomizedSupportUrl_Name="URL Title"
CustomizedSupportUrl_Tip1="Specify the support url title name and the url. For example:"
CustomizedSupportUrl_Tip2="The url title for Microsoft support would be "Microsoft Support""
CustomizedSupportUrl_Tip3="and the url would be "http://www.microsoft.com/support""
CustomizedSupportUrl="Custom support URL in the Printers folder's left pane"
DefaultDirectoryScope_Help="Determines which information source is the default starting point when users search for people.\n\nThis policy specifies the information source that appears in the Look in box in the Find People dialog box when the dialog box opens. (To get to the Find People dialog box, click Start, click Search, and then click For people.) Users can search in the default information source or use the drop-down list beside "Look in" to change the source. If users change the source, the last source used appears in the Look in box the next time it opens.\n\nIf you disable this policy or do not configure it, the source listed first in alphabetical order appears in the Look in box when it opens. By default, Address Book appears first.\n\nTo use this policy, type the DNS-friendly name or the NetBIOS name of the server that is hosting the source you want to list first.\n\nThis policy appears in the Computer Configuration and User Configuration folders. If the settings of these policies conflict, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nNote: This policy establishes a default value that users can change. It does not limit user actions or change system features."
DefaultDirectoryScope="Default directory scope"
DefaultExcludeMessage="Local Settings;Temporary Internet Files;History;Temp"
DefaultSizeMessage="You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage."
DeleteCache_Tip1="When users with roaming profiles log off,"
DeleteCache_Tip2="delete the locally cached profile (to save disk space)."
DefaultCategory_Help="Specifies the category of programs that appears when users open the "Add New Programs" page.\n\nIf you enable this policy, then only the programs in the category you specify are displayed when the "Add New Programs" page opens. Users can use the Category box on the "Add New Programs" page to display programs in other categories.\n\nTo use this policy, type the name of a category in the Category box for this policy. You must enter a category that is already defined in Add/Remove Programs. To define a category, use Software Installation.\n\nIf you disable this policy or do not configure it, all programs (Category: All) are displayed when the "Add New Programs" page opens.\n\nYou can use this policy to direct users to the programs they are most likely to need.\n\nNote: This policy is ignored if either the "Disable Add/Remove Programs" policy or the "Hide Add New Programs page" policy is enabled."
DefaultCategory="Specify default category for Add New Programs"
DefaultCategoryBox="Category:"
DeleteRoamingCachedProfiles_Help="Determines whether the system saves a copy of a user’s roaming profile on the local computer's hard drive when the user logs off.\n\nThis policy, and related policies in this folder, together describe a strategy for managing user profiles residing on remote servers. In particular, they tell the system how to respond when a remote profile is slow to load.\n\nRoaming profiles reside on a network server. By default, when users with roaming profiles log off, the system also saves a copy of their roaming profile on the hard drive of the computer they are using in case the server that stores the roaming profile is unavailable when the user logs on again. The local copy is also used when the remote copy of the roaming user profile is slow to load.\n\nIf you enable this policy, any local copies of the user’s roaming profile are deleted when the user logs off. The roaming profile still remains on the network server that stores it.\n\nImportant: Do not enable this policy if you are \
using the slow link detection feature of Windows 2000. To respond to a slow link, the system requires a local copy of the user’s roaming profile."
DeleteRoamingCachedProfiles="Delete cached copies of roaming profiles"
Desktop="Desktop"
DesktopDisplay="Desktop and Display"
DesktopSub="General Desktop"
DisableAdvanced="Disable Advanced Menu"
DisableAdvancedHelp="Prevents users from viewing or changing the properties of newly created tasks.\n\nThis policy removes the "Open advanced properties for this task when I click Finish" item from the last page of the Scheduled Task wizard. \n\nThis policy prevents users from viewing and changing task characteristics, such as the program the task runs, details of its schedule, idle time and power management settings, and its security context. It is designed to simplify task creation for beginning users.\n\nNote: This policy appears in the Computer Configuration and User Configuration folders. if both policies are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nTip: This policy affects newly created tasks only. To prevent users from changing the properties of existing tasks, use the "Hide Property Pages" policy."
DisableAlways="Always"
DisableAutoADMUpdate="Disable automatic update of ADM files"
DisableAutoADMUpdate_Help="Prevents the system from updating the Administrative Templates source files automatically when you open Group Policy.\n\nBy default, when you start Group Policy, the system loads the most recently revised copies of the Administrative Templates source files (.adm) that it finds in the %Systemroot%\inf directory. The .adm files create the list of policies that appear under Administrative Templates in Group Policy.\n\nIf you enable this policy, the system loads the .adm files you used the last time you ran Group Policy. Thereafter, you must update the .adm files manually.\n\nNote: Upgrading your .adm files does not overwrite your policy configuration settings. The settings are stored in Active Directory, not in the .adm files.\n\nTip: To upgrade your .adm files manually, in Group Policy, right-click Administrative Templates (either instance), and then click Add/Remove Templates."
DisableBackgroundPolicy_Help="Prevents Group Policy from being updated while the computer is in use. This policy applies to Group Policies for computers, users, and domain controllers.\n\nIf you enable this policy, the system waits until the current user logs off the system before updating the computer and user policies.\n\nIf you disable this policy, updates can be applied while users are working. The frequency of updates is determined by the "Group Policy refresh interval for computers" and "Group Policy refresh interval for users" policies."
DisableBackgroundPolicy="Disable background refresh of Group Policy"
DisableBrowse_Help="Prevents users from searching for installation files when they add features or components to an installed program.\n\nThis policy disables the Browse button beside the Use feature from list in the Windows Installer dialog box. As a result, users must select an installation file source from the Use features from list that the system administrator configures.\n\nThis policy applies even when the installation is running in the user's security context.\n\nIf you disable this policy or do not configure it, the Browse button is enabled when an installation is running in the user's security context, but only system administrators can browse when an installation is running with elevated system privileges, such as installations offered on the desktop or in Add/Remove Programs.\n\nThis policy affects Windows Installer only. It does not prevent users from selecting other browsers, such Windows Explorer or My Network Places, to search for installation files.\n\nAlso, see the "Enable user to browse for source while elevated" policy."
DisableBrowse="Disable browse dialog box for new source"
DisableChangePassword_Help="Prevents users from changing their Windows password on demand.\n\nThis policy disables the "Change Password" button on the Windows Security dialog box (which appears when you press Ctrl+Alt+Del).\n\nHowever, users are still able to change their password when prompted by the system. The system prompts users for a new password when an administrator requires a new password or their password is expiring."
DisableChangePassword="Disable Change Password"
DisableCMD_Help="Prevents users from running the interactive command prompt, Cmd.exe. This policy also determines whether batch files (.cmd and .bat) can run on the computer.\n\nIf you enable this policy and the user tries to open a command window, the system displays a message explaining that a policy prevents the action.\n\nNote: Do not prevent the computer from running batch files if the computer uses logon, logoff, startup, or shutdown batch file scripts, or for users that use Terminal Services."
DisableCMD="Disable the command prompt"
DisableCMDScripts="Disable the command prompt script processing also?"
DisableCMD_YES="Yes"
DisableCMD_NO="No"
DisableExplorerRunLegacy_Help="Ignores the customized run list for Windows NT 4.0 and earlier.\n\nOn Windows 2000 and Windows NT 4.0 and earlier, you can create a customized list of additional programs and documents that the system starts automatically when it starts. These programs are added to the standard run list of programs and services that the system starts.\n\nIf you disable this policy, or do not configure it, Windows 2000 adds any customized run list configured for Windows NT 4.0 and earlier to its run list.\n\nIf you enable this policy, the system ignores the run list for Windows NT 4.0 and earlier.\n\nThis policy appears in the Computer Configuration and User Configuration folders. if both policies are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nTip: To create a customized run list by using a policy, use the "Run these applications at startup" policy.\n\nThe customized run lists for Windows NT 4.0 and earlier are stored in the registry in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run. They can be configured by using the "Run" policy in System Policy Editor for Windows NT 4.0 and earlier.\n\nAlso, see the "Disable the run once list" policy."
DisableExplorerRunLegacy="Disable legacy run list"
DisableExplorerRunOnceLegacy_Help="Ignores customized run-once lists.\n\nYou can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.\n\nIf you enable this policy, the system ignores the run-once list.\n\nIf you disable this policy, or do not configure it, the system runs the programs in the run-once list.\n\nThis policy appears in the Computer Configuration and User Configuration folders. if both policies are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nTip: Customized run-once lists are stored in the registry in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce.\n\nAlso, see the "Disable legacy run list" policy."
DisableExplorerRunOnceLegacy="Disable the run once list"
DisableLockComputer_Help="Prevents users from locking the system.\n\nWhile locked, the desktop is hidden and the system cannot be used. Only the user who locked the system or the system administrator can unlock it.\n\nTip:To lock a computer without configuring a policy, press Ctrl+Alt+Delete, and then click "Lock Computer.""
DisableLockComputer="Disable Lock Computer"
DisableLogoff="Disable Logoff"
DisableMedia_Help="Prevents users from installing programs from removable media.\n\nIf a user tries to install a program from removable media, such as CD-ROMs, floppy disks, and DVDs, a message appears, stating that the feature cannot be found.\n\nThis policy applies even when the installation is running in the user's security context.\n\nIf you disable this policy or do not configure it, users can install from removable media when the installation is running in their own security context, but only system administrators can use removable media when an installation is running with elevated system privileges, such as installations offered on the desktop or in Add/Remove Programs.\n\nAlso, see the "Enable user to use media source while elevated policy" in Computer Configuration\Administrative Templates\Windows Components\Windows Installer.\n\nAlso, see the "Hide the "Add a program from CD-ROM or floppy disk"" policy in User Configuration\Administrative Templates\Control Panel\Add/Remove Programs."
DisableMedia="Disable media source for any install"
DisableMSI_Help="Disables or restricts the use of Windows Installer.\n\nThis policy can prevent users from installing software on their systems or permit users to install only those programs offered by a system administrator.\n\nIf you enable this policy, you can use the options in the Disable Windows Installer box to establish an installation policy.\n\n-- The "Never" option indicates that Windows Installer is fully enabled. Users can install and upgrade software. Windows Installer is enabled by default on Windows 2000.\n\n-- The "For non-managed apps only" option permits users to install only those programs that a system administrator assigns (offers on the desktop) or publishes (adds them to Add/Remove Programs).\n\n-- The "Always" option indicates that Windows Installer is disabled.\n\nThis policy affects Windows Installer only. It does not prevent users from using other methods to install and upgrade programs."
DisableMSI="Disable Windows Installer"
DisableNever="Never"
DisableNonManaged="For non-managed apps only"
DisablePatch_Help="Prevents users from using Windows Installer to install patches.\n\nPatches are updates or upgrades that replace only those program files that have changed. Because patches can be easy vehicles for malicious programs, some installations prohibit their use.\n\nNote: This policy applies only to installations that run in the user's security context. By default, users who are not system administrators cannot apply patches to installations that run with elevated system privileges, such as those offered on the desktop or in Add/Remove Programs.\n\nAlso, see the "Enable user to patch elevated products" policy."
DisablePatch="Disable patching"
DisablePersonalDirChange_Help="Prevents users from changing the path to the My Documents folder.\n\nBy default, a user can change the location of the My Documents folder by typing a new path in the Target box of the My Documents Properties dialog box. If you enable this policy, when users type a new path in the Target box, a message appears explaining that a policy prevents the action."
DisablePersonalDirChange="Prohibit user from changing My Documents path"
DisableRegedit_Help="Disables the Windows registry editors, Regedt32.exe and Regedit.exe.\n\nIf this policy is enabled and the user tries to start a registry editor, a message appears explaining that a policy prevents the action.\n\nTo prevent users from using other administrative tools, use the "Run only allowed Windows applications" policy."
DisableRegedit="Disable registry editing tools"
DisableRollback_Help="Prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.\n\nThis policy prevents Windows Installer from recording the original state of the system and sequence of changes it makes during installation. It also prevents Windows Installer from retaining files it intends to delete later. As a result, Windows installer cannot restore the computer to its original state if the installation does not complete.\n\nThis policy is designed to reduce the amount of temporary disk space required to install programs. Also, it prevents malicious users from interrupting an installation to gather data about the internal state of the computer or to search secure system files. However, because an incomplete installation can render the system or a program inoperable, do not use this policy unless essential.\n\nThis policy appears in the Computer Configuration and User Configuration folders. If the policy is enabled in either folder, it is considered be enabled, even if it is explicitly disabled in the other folder."
DisableRollback="Disable rollback"
DisableStatusMessages_Help="Suppresses system status messages.\n\nIf you enable this policy, the system does not display a message reminding users to wait while their system starts or shuts down, or while users log on or off."
DisableStatusMessages="Disable Boot / Shutdown / Logon / Logoff status messages"
DisableSystemPolicy_Help="Disables System Policy designed for Windows NT 4.0 and earlier.\n\nIn Windows 2000, Group Policy replace the System Policy that System Policy Editor created on Windows NT 4.0 and earlier. However, Windows 2000 continues to support System Policy for installations that use them.\n\nIf you enable this policy, the system does not recognize or implement System Policy. However, it continues its full support for Group Policy."
DisableSystemPolicy="Disable System Policy (use Group Policy only)"
DisableTaskMgr_Help="Prevents users from starting Task Manager (Taskmgr.exe).\n\nIf this policy is enabled and users try to start Task Manager, a message appears explaining that a policy prevents the action.\n\nTask Manager lets users start and stop programs; monitor the performance of their computers; view and monitor all programs running on their computers, including system services; find the executable names of programs; and change the priority of the process in which programs run."
DisableTaskMgr="Disable Task Manager"
DisallowApps_Help="Prevents Windows from running the programs you specify in this policy.\n\nIf you enable this policy, users cannot run programs that you add to the List of disallowed applications.\n\nThis policy only prevents users from running programs that are started by the Windows Explorer process. It does not prevent users from running programs, such as Task Manager, that are started by the system process or by other processes. Also, if you permit users to gain access to the command prompt, Cmd.exe, this policy does not prevent them from starting programs in the command window that they are not permitted to start by using Windows Explorer."
DisallowApps_Tip1=" "
DisallowApps_Tip2="To create a list of disallowed applications, click Show,"
DisallowApps_Tip3="then Add, and enter the application executable name"
DisallowApps="Don't run specified Windows applications"
DisallowAppsList="List of disallowed applications"
DisallowCpls_Help="Hides specified Control Panel items and folders.\n\nThis policy removes Control Panel items (such as Display) and folders (such as Fonts) from the Control Panel window and the Start menu. It can remove Control Panel items you have added to your system, as well Control Panel items included in Windows 2000.\n\nTo hide a Control Panel item, type the file name of the item, such as Ncpa.cpl (for Network). To hide a folder, type the folder name, such as Fonts.\n\nThis policy affects the Start menu and Control Panel window only. It does not prevent users from running Control Panel items.\n\nAlso, see the "Disable Display in Control Panel" policy in User Configuration\Administrative Templates\Control Panel\Display.\n\nIf both the "Hide specified control panel applets" policy and the "Show only specified control panel applets" policy are enabled, and the same item appears in both lists, the "Show only specified control panel applets" policy is ignored.\n\nTip: To find the file name of a Control Panel item, search for files with the .cpl file name extension in the %Systemroot%\System32 directory."
DisallowCpls_Tip1="To create a list of disallowed control panel applets, click Show,"
DisallowCpls_Tip2="then Add, and enter the control panel file name (ends with .cpl)"
DisallowCpls_Tip3="or the name displayed under that item in the control panel."
DisallowCpls="Hide specified control panel applets"
DisallowCplsList="List of disallowed control panel applets"
Display="Display"
DisplayErrors="Display error messages"
DOnly="Restrict D drive only"
DownlevelBrowse_Help="Lets users use the Add Printer wizard to search the network for shared printers.\n\nIf you enable this policy or do not configure it, then when users click "Add a network printer," but do not type the name of a particular printer, the Add Printer wizard displays a list of all shared printers on the network and invites users to choose a printer from among them.\n\nIf you disable this policy, users cannot search the network; they must type a printer name first.\n\nThis policy affects the Add Printer wizard only. It does not prevent users from using other programs to search for shared printers or to connect to network printers."
DownlevelBrowse_Tip1="Disable this option to remove the network printer browse page"
DownlevelBrowse_Tip2="from within the Add Printer wizard. Use this policy to disallow users"
DownlevelBrowse_Tip3="from browsing the network for printers. By removing the browse option"
DownlevelBrowse_Tip4="users are encouraged to find printers in the Active Directory if one is"
DownlevelBrowse_Tip5="available."
DownlevelBrowse="Browse the network to find printers"
DnsClient="DNS Client"
DQ_Enable_Help="Enables and disables disk quota management on all NTFS volumes of the computer, and prevents users from changing the setting.\n\nIf you enable this policy, disk quota management is enabled, and users cannot disable it.\n\nIf you disable the policy, disk quota management is disabled, and users cannot enable it.\n\nIf this policy is not configured, disk quota management is disabled by default, but administrators can enable it.\n\nTo prevent users from changing the setting while a policy is in effect, the system disables the "Enable quota management" option on the Quota tab of NTFS volumes.\n\nNote: This policy enables disk quota management but does not establish or enforce a particular disk quota limit. To specify a disk quota limit, use the "Default quota limit and warning level" policy. Otherwise, the system uses the physical space on the volume as the quota limit.\n\nTip: To enable or disable disk quota management without setting a policy, in My Computer, right-click the name of an NTFS volume, click Properties, click the Quota tab, and then click the "Enable quota management" option."
DQ_Enable="Enable disk quotas"
DQ_EnableTip1="Enable disk quotas for all NTFS volumes on the computer."
DQ_Enforce_Help="Determines whether disk quota limits are enforced and prevents users from changing the setting.\n\nIf you enable this policy, disk quota limits are enforced. If you disable this policy, disk quota limits are not enforced. When you enable or disable the policy, the system disables the "Deny disk space to users exceeding quota limit" option on the Quota tab so administrators cannot change the setting while a policy is in effect.\n\nIf the policy is not configured, the disk quota limit is not enforced by default, but administrators change the setting.\n\nEnforcement is optional. When users reach an enforced disk quota limit, the system responds as though the physical space on the volume were exhausted. When users reach an unenforced limit, their status in the Quota Entries window changes, but they can continue to write to the volume as long as physical space is available.\n\nNote: This policy overrides user settings that enable or disable quota enforcement on their volumes.\n\nTip: To specify a disk quota limit, use the "Default quota limit and warning level" policy. Otherwise, the system uses the physical space on the volume as the quota limit."
DQ_Enforce="Enforce disk quota limit"
DQ_EnforceTip1="Deny disk space to users exceeding their assigned quota limit."
DQ_Limit_Help="Specifies the default disk quota limit and warning level for new users of the volume.\n\nThis policy determines how much disk space can be used by each user on each of the NTFS file system volumes on a computer. It also specifies the warning level, the point at which the user's status in the Quota Entries window changes to indicate that the user is approaching the disk quota limit.\n\nThis policy overrides new users’ settings for the disk quota limit and warning level on their volumes, and it disables the corresponding options in the "Select the default quota limit for new users of this volume" section on the Quota tab.\n\nThis policy applies to all new users as soon as they write to the volume. It does not affect disk quota limits for current users or affect customized limits and warning levels set for particular users (on the Quota tab in Volume Properties).\n\nIf you disable this policy or do not configure it, the disk space available to users is not limited. The disk quota management feature uses the physical space on each volume as its quota limit and warning level.\n\nWhen you select a limit, remember that the same limit applies to all users on all volumes, regardless of actual volume size. Be sure to set the limit and warning level so that it is reasonable for the range of volumes in the group.\n\nThis policy is effective only when disk quota management is enabled on the volume. Also, if disk quotas are not enforced, users can exceed the quota limit you set. When users reach the quota limit, their status in the Quota Entries window changes, but users can continue to write to the volume."
DQ_Limit="Default quota limit and warning level"
DQ_LimitLabel="Default quota limit:"
DQ_LimitTip1="Specify a quota limit and warning level applied to users when"
DQ_LimitTip2="they first write to a quota-enabled volume."
DQ_LimitUnits="Units"
DQ_LimitValue="Value"
DQ_LogEventOverLimit_Help="Determines whether the system records an event in the local Application log when users reach their disk quota limit on a volume, and prevents users from changing the logging setting.\n\nIf you enable this policy, the system records an event when the user reaches their limit. If you disable this policy, no event is recorded. Also, when you enable or disable this policy, the system disables the "Log event when a user exceeds their quota limit" option on the Quota tab so adminstrators cannot change the setting while a policy is in effect.\n\nIf the policy is not configured, no events are recorded, but administrators can use the Quota tab option to change the setting.\n\nThis policy is independent of the enforcement policies for disk quotas. As a result, you can direct the system to log an event regardless of whether or not you choose to enforce the disk quota limit.\n\nAlso, this policy does not affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they have reached their limit because their status in the Quota Entries window changes.\n\nTip: To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click the Quota tab."
DQ_LogEventOverLimit="Log event when quota limit exceeded"
DQ_LogEventOverLimitTip1="Generate event log entry when user's disk space usage exceeds"
DQ_LogEventOverLimitTip2="their assigned quota limit on a volume."
DQ_LogEventOverThreshold_Help="Determines whether the system records an event in the Application log when users reach their disk quota warning level on a volume.\n\nIf you enable this policy, the system records an event. If you disable this policy, no event is recorded. When you enable or disable the policy, the system disables the corresponding "Log event when a user exceeds their warning level" option on the Quota tab, so that administrators cannot change the logging setting while a policy is in effect.\n\nIf the policy is not configured, no event is recorded, but administrators can use the Quota tab option to change the logging setting.\n\nThis policy does not affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they have reached their warning level because their status in the Quota Entries window changes.\n\nTip: To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click the Quota tab."
DQ_LogEventOverThreshold="Log event when quota warning level exceeded"
DQ_LogEventOverThresholdTip1="Generate event log entry when user's disk space usage exceeds"
DQ_LogEventOverThresholdTip2="their assigned quota warning level on a volume."
DQ_RemovableMedia_Help="Extends the disk quota policies in this folder to NTFS file system volumes on removable media.\n\nIf you disable this policy or do not configure it, the disk quota policies established in this folder apply to fixed-media NTFS volumes only."
DQ_RemovableMedia="Apply policy to removable media"
DQ_RemovableMediaTip1="Apply disk quota policy to fixed and removable media"
DQ_RemovableMediaTip2="on the computer."
DQ_ThresholdLabel="Default warning level:"
DQ_ThresholdUnits="Units"
DQ_ThresholdValue="Value"
DQ_UnitsEB="EB"
DQ_UnitsGB="GB"
DQ_UnitsKB="KB"
DQ_UnitsMB="MB"
DQ_UnitsPB="PB"
DQ_UnitsTB="TB"
DragAndDrop="Disable Drag-and-Drop"
DragAndDropHelp="Prevents users from adding or removing tasks by moving or copying programs in the Scheduled Tasks folder.\n\nThis policy disables the Cut, Copy, Paste, and Paste shortcut items on the context menu and the Edit menu in Scheduled Tasks. It also disables the drag-and-drop features of the Scheduled Tasks folder.\n\nAs a results, users cannot add new scheduled tasks by dragging, moving, or copying a document or program into the Scheduled tasks folder.\n\nThis policy does not prevent users from using other methods to create new tasks and it does not prevent users from deleting tasks.\n\nNote: This policy appears in the Computer Configuration and User Configuration folders. if both policies are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration."
DriverSign_Block="Block"
DriverSign_None="Ignore"
DriverSign_Warn="Warn"
DriverSigning_Help="Determines how the system responds when a user tries to install device driver files that are not digitally signed.\n\nThis policy establishes the least secure response permitted on the systems of users in the group. Users can use System in Control Panel to select a more secure setting, but when this policy is enabled, the system does not implement any setting less secure than the one the policy established.\n\nWhen you enable this policy, use the drop-down box to specify the desired response.\n\n-- "Ignore" directs the system to proceed with the installation even if it includes unsigned files.\n\n-- "Warn" notifies the user that files are not digitally signed and lets the user decide whether to stop or to proceed with the installation and whether to permit unsigned files to be installed. "Warn" is the default.\n\n-- "Block" directs the system to refuse to install unsigned files. As a result, the installation stops, and none of the files in the driver package is installed.\n\nTo change driver file security without setting a policy, use System in Control Panel. Right-click My Computer, click Properties, click the Hardware tab, and then click the Driver Signing button."
DriverSigning="Code signing for device drivers"
DriverSigningOp="When Windows detects a driver file without a digital signature:"
EnableAdminTSRemote_Help="Allows Terminal Services administrators to install and configure programs remotely.\n\nBy default, system administrators can install programs only when system administrators are logged on to the computer on which the program is being installed. This policy creates a special exception for computers running Terminal Services.\n\nThis policy affects system administrators only. Other users cannot install programs remotely."
EnableAdminTSRemote="Allow admin to install from Terminal Services session"
EnableSlowLinkDetect_Help="Disables the slow link detection feature.\n\nSlow link detection measures the speed of the connection between a user's computer and the remote server that stores the roaming user profile. When the system detects a slow link, the related policies in this folder tell the system how to respond.\n\nIf you enable this policy, the system does not detect slow connections or recognize any connections as being slow. As a result, the system does not respond to slow connections to user profiles and it ignores the policies that tell the system how to respond to a slow connection.\n\nIf you disable this policy or do not configure it, slow link detection is enabled. The system measures the speed of the connection between the user's computer and profile server. If the connection is slow (as defined by the "Slow network connection timeout for user profiles" policy), the system applies the other policies set in this folder to determine how to proceed. By default, when the connection is slow, the system loads the \
local copy of the user profile."
EnableSlowLinkDetect="Do not detect slow network connections"
EnableSlowLinkUI="Prompt user when slow link is detected"
EnableSlowLinkUI_Help="Notifies users when their roaming profile is slow to load. The notice lets users decide whether to use a local copy or to wait for the roaming user profile.\n\nIf you disable this policy or do not configure it, when a roaming user profile is slow to load, the system does not consult the user. Instead, it loads the local copy of the profile. If you have enabled the "Wait for remote user profile" policy, then the system loads the remote copy without consulting the user.\n\nThis policy and related policies in this folder together define the system's response when roaming user profiles are slow to load.\n\nTo adjust the time within which the user must respond to this notice, use the "Timeout for dialog boxes" policy.\n\nImportant: If the "Do not detect slow network connections" policy is enabled, this policy is ignored. Also, if the "Delete cached copies of roaming profiles" policy is enabled, there is no local copy of the roaming profile to load when the system detects a slow connection."
EnableUserControl_Help="Permits users to change installation options that typically are available only to system administrators.\n\nThis policy bypasses some of the security features of Windows Installer. It permits installations to complete that otherwise would be halted due to a security violation.\n\nThe security features of Windows Installer prevent users from changing installation options typically reserved for system administrators, such as specifying the directory to which files are installed. If Windows Installer detects that an installation package has permitted the user to change a protected option, it stops the installation and displays a message. These security features operate only when the installation program is running in a privileged security context in which it has access to directories denied to the user.\n\nThis policy is designed for less restrictive environments. It can be used to circumvent errors in an installation program that prevent software from being installed."
EnableUserControl="Enable user control over installs"
EnforcePoliciesOnly="Enforce Show Policies Only"
EnforcePoliciesOnly_Help="Prevents administrators from viewing or using Group Policy preferences.\n\nA Group Policy administration (.adm) file can contain both true policies and preferences. True policies, which are fully supported by Group Policy, must use registry entries in the Software\Policies or Software\Microsoft\Windows\CurrentVersion\Policies registry subkeys. Preferences, which are not fully supported, use registry entries in other subkeys.\n\nIf you enable this policy, the "Show Policies Only" command is turned on, and administrators cannot turn it off. As a result, Group Policy displays only true policies; preferences do not appear.\n\nIf you disable this policy or do not configure it, the "Show Policies Only" command is turned on by default, but administrators can view preferences by turning off the "Show Policies Only" command.\n\nTip: To find the "Show Policies Only" command, in Group Policy, click the Administrative Templates folder (either one), then right-click the same folder, and then point to "View."\n\nIn Group Policy, preferences have a red icon to distinguish them from true policies, which have a blue icon."
EnforceShellExtensionSecurity_Help="Directs Windows to start only the user interface extensions that the system security or the user have approved.\n\nWhen the system detects that the user is downloading an external program that runs as part of the Windows user interface, the system searches for a digital certificate or requests that the user approve the action. If you enable this policy, Windows only starts approved programs.\n\nThis policy is designed to protect the system from damage from programs that do not operate correctly or are intended to cause harm.\n\nNote: To view the approved user interface extensions for a system, start a registry editor (Regedt32 or Regedit). The system stores entries representing approved user interface extensions on a system in the following registry key:\n\n HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved."
Exclude_Tip1="You can enter multiple directory names, semi-colon separated,"
Exclude_Tip2="all relative to the root of the user's profile"
ExcludeDirectories_Help="Lets you add to the list of folders excluded from the user's roaming profile.\n\nThis policy lets you exclude folders that are normally included in the user's profile. As a result, these folders need not be stored by the network server on which the profile resides, and do not follow users to other computers.\n\nBy default, the History, Local Settings, Temp, and Temporary Internet Files folders are excluded from the user's roaming profile.\n\nIf you enable this policy, you can exclude additional folders.\n\nIf you disable this policy or do not configure it, then only the default folders are excluded.\n\nNote: You cannot use this policy to include the default folders in a roaming user profile."
ExcludeDirectories="Exclude directories in roaming profile"
ExcludeMessage="Prevent the following directories from roaming with the profile:"
Execution="Prevent Task Run or End"
ExecutionHelp="Prevents users from starting and stopping tasks manually.\n\nThis policy removes the Run and End Task items from the context menu that appears when you right-click a task. As a result, users cannot start tasks manually or force tasks to end before they are finished.\n\nNote: This policy appears in the Computer Configuration and User Configuration folders. if both policies are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration."
ExplorerWindow="Windows Explorer window"
ForceActiveDesktopOn_Help="Enables Active Desktop and prevents users from disabling it.\n\nThis policy also removes the Active Desktop item from the context menu that appears when you right-click the desktop; it removes the Web tab from Display in Control Panel; and it disables the "Use Windows classic desktop" item on the General tab of the Folder Options dialog box. This prevents users from trying to enable or disable Active Desktop while a policy controls it.\n\nIf you disable this policy or do not configure it, Active Desktop is disabled by default, but users can enable it.\n\nNote: If both the "Enable Active Desktop" policy and the "Disable Active Desktop" policy are enabled, the "Disable Active Desktop" policy is ignored. If the "Enable Classic Shell" policy (in User Configuration\Administrative Templates\Windows Components\Windows Explorer) is enabled, then Active Desktop is disabled and both of these policies are ignored.\n\nTip: To enable Active Desktop without setting a policy, right-click the desktop, \
point to "Active Desktop," and then click "Show Web Content."\n\nAlso, see the "Remove the Folder Options menu item from the Tools menu" policy in User Configuration\Administrative Templates\Windows Components\Windows Explorer."
ForceActiveDesktopOn_Tip="Allows HTML and JPEG Wallpaper"
ForceActiveDesktopOn="Enable Active Desktop"
ForceStartMenuLogoff_Help="Adds the "Log Off <username>" item to the Start menu and prevents users from removing it.\n\nIf you enable this policy, the Log Off <username> item appears in the Start menu. This policy also removes the Display Logoff item from Start Menu Options. As a result, users cannot remove the Log Off <username> item from the Start Menu.\n\nIf you disable this policy or do not configure it, users can use the Display Logoff item to add and remove the Log Off item.\n\nThis policy affects the Start menu only. It does not affect the Log Off item on the Windows Security dialog box that appears when you press Ctrl+Alt+Del.\n\nTip: To add or remove the Log Off item on a computer, click Start, click Settings, click Taskbar & Start Menu, click the Start Menu Options tab and, in the Start Menu Settings box, click Display Logoff.\n\nSee also: "Disable Logoff" in User Configuration\Administrative Templates\System\Logon/Logoff."
ForceStartMenuLogoff="Add Logoff to the Start Menu"
DiskQuota="Disk Quotas"
GPDCOptionAny="Use any available domain controller"
GPDCOptionInherit="Inherit from the Active Directory Snap-ins"
GPDCOptions_Help="Determines which domain controller the Group Policy snap-in uses.\n\n-- "Use the Primary Domain Controller" indicates that the Group Policy snap-in reads and writes changes to the domain controller designated as the PDC Operations Master for the domain.\n\n-- "Inherit from the Active Directory Snap-ins" indicates that the Group Policy snap-in reads and writes changes to the domain controller that Active Directory Users and Computers or Active Directory Sites and Services snap-ins use.\n\n-- "Use any available domain controller" indicates that the Group Policy snap-in can read and write changes to any available domain controller.\n\nIf you disable this policy or do not configure it, the Group Policy snap-in uses the domain controller designated as the PDC Operations Master for the domain.\n\nTip: To change the PDC Operations Master for a domain, in Active Directory Users and Computers, right-click a domain, and then click "Operations Masters.""
GPDCOptionsDesc="When Group Policy is selecting a domain controller to use, it should:"
GPOnly_Tip1="The System.adm file you have loaded requires Group Policy"
GPOnly_Tip2="in Windows 2000. You cannot use the System Policy Editor"
GPOnly_Tip3="to display Windows 2000 Group Policy settings."
GPOnly_Tip4=" "
GPOnly_Tip5="Enabling or disabling this policy has no effect."
GPOnly="Unsupported Administrative Templates"
GPOnlyPolicy="System.adm"
GPO_Script_Tip="Range is 0 to 32000, use 0 for infinite wait time"
GPRefreshRate_C_Desc1="This policy allows you to customize how often Group Policy is applied"
GPRefreshRate_C_Desc2="to computers. The range is 0 to 64800 minutes (45 days)."
GPRefreshRate_DC_Desc1="This policy allows you to customize how often Group Policy is applied"
GPRefreshRate_DC_Desc2="to domain controllers. The range is 0 to 64800 minutes (45 days)."
GPRefreshRate_U_Desc1="This policy allows you to customize how often Group Policy is applied"
GPRefreshRate_U_Desc2="to users. The range is 0 to 64800 minutes (45 days)."
GPRefreshRate="Minutes:"
GPRefreshRateOffset_Desc1="This is a random time added to the refresh interval to prevent"
GPRefreshRateOffset_Desc2="all clients from requesting Group Policy at the same time."
GPRefreshRateOffset_Desc3="The range is 0 to 1440 minutes (24 hours)"
GPRefreshRateOffset="Minutes:"
GPTransferRate_Help="Defines a slow connection for purposes of applying and updating Group Policy.\n\nIf the rate at which data is transferred from the domain controller providing a policy update to the computers in this group is slower than the rate specified by this policy, the system considers the connection to be slow.\n\nThe system's response to a slow policy connection varies among policies. The program implementing the policy can specify the response to a slow link. Also, the policy processing policies in this folder let you override the programs' specified responses to slow links.\n\nTo use this policy, in the "Connection speed" box, type a decimal number between 0 and 4,294,967,200 (0xFFFFFFA0), indicating a transfer rate in kilobits per second. Any connection slower than this rate is considered to be slow. If you type 0, all connections are considered to be fast.\n\nIf you disable this policy or do not configure it, the system uses the default value of 500 kilobits per second.\n\nThis policy \
appears in the Computer Configuration and User Configuration folders. The policy in Computer Configuration defines a slow link for policies in the Computer Configuration folder. The policy in User Configuration defines a slow link for policies in the User Configuration folder.\n\nAlso, see the "Automatically detect slow network connections" and related policies in Computer Configuration\Administrative Templates\System\Logon."
GPTransferRate="Group Policy slow link detection"
GreyMSIAds="Gray unavailable Windows Installer programs Start Menu shortcuts"
GreyMSIAds_Help="Displays Start menu shortcuts to partially installed programs in gray text.\n\nThis policy makes it easier for users to distinguish between programs that are fully installed and those that are only partially installed.\n\nPartially installed programs include those that a system administrator assigns using Windows Installer and those that users have configured for full installation upon first use.\n\nIf you disable this policy or do not configure it, all Start menu shortcuts appear as black text.\n\nNote: Enabling this policy can make the Start menu slow to open."
GroupPolicyRefreshRate_Help="Specifies how often Group Policy for computers is updated while the computer is in use (in the background). This policy specifies a background update rate only for Group Policies in the Computer Configuration folder.\n\nIn addition to background updates, Group Policy for the computer is always updated when the system starts.\n\nBy default, computer Group Policy is updated in the background every 90 minutes, with a random offset of 0 to 30 minutes.\n\nYou can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals are not appropriate for most installations.\n\nIf you disable this policy, Group Policy is updated every 90 minutes (the default). To specify that Group Policy should never be updated while the computer is in use, select the "Disable background refresh of Group Policy" policy.\n\nThe Group Policy refresh interval for computers policy also lets you specify how much the actual update interval varies. To prevent clients with the same update interval from requesting updates simultaneously, the system varies the update interval for each client by a random number of minutes. The number you type in the random time box sets the upper limit for the range of variance. For example, if you type 30 minutes, the system selects a variance of 0 to 30 minutes. Typing a large number establishes a broad range and makes it less likely that client requests overlap. However, updates might be delayed significantly.\n\nThis policy establishes the update rate for computer Group Policy. To set an update rate for user policies, use the "Group Policy refresh interval for users" policy (located in User Configuration\Administrative Templates\System\Group Policy).\n\nThis policy is only used when the "Disable background refresh of Group Policy" policy is not enabled.\n\nNote: Consider notifying users that their policy is updated periodically so that they recognize the signs of a policy update. When Group Policy is updated, the Windows desktop is refreshed; it flickers briefly and closes open menus. Also, restrictions imposed by Group Policies, such as those that limit the programs users can run, might interfere with tasks in progress."
GroupPolicyRefreshRate="Group Policy refresh interval for computers"
GroupPolicyRefreshRateDC_Help="Specifies how often Group Policy is updated on domain controllers while they are running (in the background). The updates specified by this policy occur in addition to updates performed when the system starts.\n\nBy default, Group Policy on the domain controllers is updated every five minutes.\n\nYou can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the domain controller tries to update Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals are not appropriate for most installations.\n\nIf you disable this policy, the domain controller updates Group Policy every 5 minutes (the default). To specify that Group Policies for users should never be updated while the computer is in use, select the "Disable background refresh of Group Policy" policy.\n\nThis policy also lets you specify how much the actual update interval varies. To prevent domain controllers with the same update interval from requesting updates simultaneously, the system varies the update interval for each controller by a random number of minutes. The number you type in the random time box sets the upper limit for the range of variance. For example, if you type 30 minutes, the system selects a variance of 0 to 30 minutes. Typing a large number establishes a broad range and makes it less likely that update requests overlap. However, updates might be delayed significantly.\n\nNote: This policy is used only when you are establishing policy for a domain, site, organizational unit (OU), or customized group. If you are establishing policy for a local computer only, the system ignores this policy."
GroupPolicyRefreshRateDC="Group Policy refresh interval for domain controllers"
GroupPolicyRefreshRateUser_Help="Specifies how often Group Policy for users is updated while the computer is in use (in the background). This policy specifies a background update rate only for the Group Policies in the User Configuration folder.\n\nIn addition to background updates, Group Policy for users is always updated when they log on.\n\nBy default, user Group Policy is updated in the background every 90 minutes, with a random offset of 0 to 30 minutes.\n\nYou can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update user Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals are not appropriate for most installations.\n\nIf you disable this policy, user Group Policy is updated every 90 minutes (the default). To specify that Group Policy for users should never be updated while the computer is in use, select the "Disable background refresh of Group Policy" policy.\n\nThis policy also lets you specify how much the actual update interval varies. To prevent clients with the same update interval from requesting updates simultaneously, the system varies the update interval for each client by a random number of minutes. The number you type in the random time box sets the upper limit for the range of variance. For example, if you type 30 minutes, the system selects a variance of 0 to 30 minutes. Typing a large number establishes a broad range and makes it less likely that client requests overlap. However, updates might be delayed significantly.\n\nImportant: If the "Disable background refresh of Group Policy" policy is enabled, this policy is ignored.\n\nNote: This policy establishes the update rate for user Group Policies. To set an update rate for computer Group Policies, use the "Group Policy refresh interval for computers" policy (located in Computer Configuration\Administrative Templates\System\Group Policy).\n\nTip: Consider notifying users that their policy is updated periodically so that they recognize the signs of a policy update. When Group Policy is updated, the Windows desktop is refreshed; it flickers briefly and closes open menus. Also, restrictions imposed by Group Policies, such as those that limit the programs a user can run, might interfere with tasks in progress."
GroupPolicyRefreshRateUser="Group Policy refresh interval for users"
ImmortalPrintQueue_Help="Determines whether the domain controller can prune (delete from Active Directory) the printers published by this computer.\n\nBy default, the pruning service on the domain controller prunes printer objects from Active Directory if the computer that published them does not respond to contact requests. When the computer that published the printers restarts, it republishes any deleted printer objects.\n\nIf you enable this policy or do not configure it, the domain controller prunes this computer's printers when the computer does not respond.\n\nIf you disable this policy, the domain controller does not prune this computer's printers. This setting is designed to prevent printers from being pruned when the computer is temporarily disconnected from the network.\n\nNote: You can use the "Directory Pruning Interval" and "Directory Pruning Retry" policies to adjust the contact interval and number of contact attempts."
ImmortalPrintQueue_Tip1="Enable or disable this setting to control whether published "
ImmortalPrintQueue_Tip2="printers may be pruned. This policy applies to all printers published"
ImmortalPrintQueue_Tip3="by this computer. The default behavior is to allow pruning"
ImmortalPrintQueue_Tip4="of published printers."
ImmortalPrintQueue="Allow pruning of published printers"
IncludeRegInProQuota="Include registry in file list"
Intellimenus_Help="Disables personalized menus.\n\nWindows 2000 personalizes long menus by moving recently used items to the top of the menu and hiding items that have not been used recently. Users can display the hidden items by clicking an arrow to extend the menu.\n\nIf you enable this policy, the system does not personalize menus. All menu items appear and remain in standard order. Also, this policy removes the "Use Personalized Menus" option so users do not try to change the setting while a policy is in effect.\n\nNote: Personalized menus require user tracking. If you enable the "Disable user tracking" policy, the system disables user tracking and personalized menus, and ignores this policy.\n\nTip: To disable personalized menus without setting a policy, click Start, click Settings, click Taskbar & Start Menu, and, on the General tab, clear the "Use Personalized Menus" option."
Intellimenus="Disable personalized menus"
IntranetPrintersUrl_Help="Adds a link to an Internet or intranet Web page to the Add Printer wizard.\n\nYou can use this policy to direct users to a Web page from which they can install printers.\n\nIf you enable this policy and type an Internet or intranet address in the text box, the system adds a Browse button to the "Locate Your Printer" page in the Add Printer wizard. The Browse button appears beside the "Connect to a printer on the Internet or your intranet" option. When users click Browse, the system opens an Internet browser and navigates to the specified URL address to display the available printers.\n\nThis policy makes it easy for users to find the printers you want them to add.\n\nAlso, see the "Custom support URL in the Printers folder's left pane" and "Web-based printing" policies in Computer Configuration\Administrative Templates\Printers."
IntranetPrintersUrl_Link="Printers Page URL"
IntranetPrintersUrl_Tip1="Enable this option to add a browse button for Internet printers "
IntranetPrintersUrl_Tip2="in the Add Printer wizard. Use this policy to allow users browsing "
IntranetPrintersUrl_Tip3="the company's Intranet for printers. For example you can "
IntranetPrintersUrl_Tip4="specify a url like: http://www.company.com/printers. "
IntranetPrintersUrl_Tip5="To enable this option the edit box below should not be empty."
IntranetPrintersUrl="Browse a common web site to find printers"
Lbl_AlwaysPinSubFoldersHelp1="Ensures all subfolders are available offline when a folder is made"
Lbl_AlwaysPinSubFoldersHelp2="available for offline use."
Lbl_AssignedOfflineFilesHelp1="Specify network files and folders that are always available offline."
Lbl_AssignedOfflineFilesHelp2="In the name field, type a fully-qualified UNC path for each file or folder. "
Lbl_AssignedOfflineFilesHelp3="Do not enter a value for the item."
Lbl_AssignedOfflineFilesList="Files and Folders: "
Lbl_CustomGoOfflineActionsHelp1="Specify non-default actions for servers that become unavailable."
Lbl_CustomGoOfflineActionsHelp2="Enter a server name paired with an action value listed below."
Lbl_CustomGoOfflineActionsHelp3="Values:"
Lbl_CustomGoOfflineActionsHelp4="0 = Work offline. Server's files are available to local computer"
Lbl_CustomGoOfflineActionsHelp5="1 = Never go offline. Server's files are unavailable to local computer"
Lbl_NoRemindersHelp1="Prevents reminder balloons from displaying above the Offline Files"
Lbl_NoRemindersHelp2="icon in the system tray notification area."
Lbl_PurgeAtLogoffHelp1="Causes the local copy of any offline file accessed by the user"
Lbl_PurgeAtLogoffHelp2="to be deleted when the user logs off of the computer."
Lbl_QuickSync="Quick"
Lbl_ReminderFreqHelp1="Number of minutes between reminder balloons"
Lbl_ReminderFreqSpin="Minutes: "
Lbl_ReminderInitTimeoutHelp1="Sets the lifetime of the initial notification balloon displayed"
Lbl_ReminderInitTimeoutHelp2="when an Offline Files event occurs."
Lbl_ReminderInitTimeoutSpin="Seconds: "
Lbl_ReminderTimeoutHelp1="Sets the lifetime of the balloon displayed periodically reminding"
Lbl_ReminderTimeoutHelp2="users of the current condition of Offline Files."
Lbl_ReminderTimeoutSpin="Seconds: "
Lbl_SyncAtLogoffHelp1="Controls the level of synchronization performed at logoff."
Lbl_SyncAtLogoffHelp2="Synchronizes partially cached files so that they are"
Lbl_SyncAtLogoffHelp3="complete and updates all files marked for offline use."
Lbl_SyncAtLogoffHelp4="Otherwise, partially cached files are synchronized so that they"
Lbl_SyncAtLogoffHelp5="are complete, but does not update files."
Lbl_WorkOffline="Work offline"
LimitSize_Help="Sets the maximum size of each roaming user profile and determines the system's response when a roaming user profile reaches the maximum size.\n\nIf you disable this policy or do not configure it, the system does not limit the size of roaming user profiles.\n\nIf you enable this policy, you can do the following:\n\n-- Set a maximum permitted roaming profile size;\n\n-- Determine whether the registry files are included in the calculation of the profile size;\n\n-- Determine whether users are notified when the profile exceeds the permitted maximum size;\n\n-- Specify a customized message notifying users of the oversized profile;\n\n-- Determine how often the customized message is displayed."
LimitSize="Limit profile size"
LinkResolveIgnoreLinkInfo_Help="Determines whether Windows traces shortcuts back to their sources when it cannot find the target on the user's system.\n\nShortcut files typically include an absolute path to the original target file as well as the relative path to the current target file. When the system cannot find the file in the current target path, then, by default, it searches for the target in the original path. If the shortcut has been copied to a different computer, the original path might lead to a network computer, including external resources, such as an Internet server.\n\nIf you enable this policy, Windows only searches the current target path. It does not search for the original path even when it cannot find the target file in the current target path."
LinkResolveIgnoreLinkInfo="Do not track Shell shortcuts during roaming"
LoadBalance="Load balancing"
Login_Policies="Logon"
LogOnLogOff="Logon/Logoff"
MaxGPOScriptWait="Seconds:"
MaxGPOScriptWaitPolicy_Help="Determines how long the system waits for scripts applied by Group Policy to run.\n\nThis policy limits the total time allowed for all logon, startup, and shutdown scripts applied by Group Policy to finish running. If the scripts have not finished running when the specified time expires, the system stops script processing and records an error event.\n\nBy default, the system lets the combined set of scripts run for up to 600 seconds (10 minutes), but you can use this policy to adjust this interval.\n\nTo use this policy, in the Seconds box, type a number from 1 to 32,000 for the number of seconds you want the system to wait for the set of scripts to finish. To direct the system to wait until the scripts have finished, no matter how long they take, type 0.\n\nThis interval is particularly important when other system tasks must wait while the scripts complete. By default, each startup script must complete before the next one runs. Also, you can use the "Run logon scripts synchronously" policy to direct the system to wait for the logon scripts to complete before loading the desktop.\n\nAn excessively long interval can delay the system and inconvenience users. However, if the interval is too short, prerequisite tasks might not be done, and the system can appear to be ready prematurely."
MaxGPOScriptWaitPolicy="Maximum wait time for Group Policy scripts"
MaxRecentDocs_Help="Determines how many shortcuts the system can display in the Documents menu on the Start menu.\n\nThe Documents menu contains shortcuts to the non-program files the user has most recently opened. By default, the system displays shortcuts to the 15 most recently opened documents."
MaxRecentDocs="Maximum number of recent documents"
MemCheckBoxInRunDlg_Help="Lets users run a 16-bit program in a dedicated (not shared) Virtual DOS Machine (VDM) process.\n\nAll DOS and 16-bit programs run on Windows 2000 in the Windows Virtual DOS Machine program. VDM simulates a 16-bit environment, complete with the DLLs required by 16-bit programs. By default, all 16-bit programs run as threads in a single, shared VDM process. As such, they share the memory space allocated to the VDM process and cannot run simultaneously.\n\nEnabling this policy adds a check box to the Run dialog box, giving users the option of running a 16-bit program in its own dedicated NTVDM process. The additional check box is enabled only when a user enters a 16-bit program in the Run dialog box."
MemCheckBoxInRunDlg="Add "Run in Separate Memory Space" check box to Run dialog box"
MMC_ActiveDirDom&Trusts="Active Directory Domains and Trusts"
MMC_ActiveDirSites&Services="Active Directory Sites and Services"
MMC_ActiveDirUsers&Comp="Active Directory Users and Computers"
MMC_GroupPolicyTab="Group Policy Tab for Active Directory Tools"
MMC_IAS="Internet Authentication Service (IAS)"
MMC_IASLogging="IAS Logging"
MMC_IEMaintenance="Internet Explorer Maintenance"
MMC_IGMPRouting="IGMP Routing"
MMC_IIS="Internet Information Services"
MMC_IndexingService="Indexing Service"
MMC_IPRouting="IP Routing"
MMC_IPSecurity="IP Security"
MMC_IPXRIPRouting="IPX RIP Routing"
MMC_IPXRouting="IPX Routing"
MMC_IPXSAPRouting="IPX SAP Routing"
MMC_LocalUsers&Groups="Local Users and Groups"
MMC_Logical&MappedDrives="Logical and Mapped Drives"
MMC_OSPFRouting="OSPF Routing"
MMC_PerfLogs&Alerts="Performance Logs and Alerts"
MMC_PublicKey="Public Key Policies"
MMC_QoSAdmission="QoS Admission Control"
MMC_R&RA="Routing and Remote Access"
MMC_RAS_DialinUser="RAS Dialin - User Node"
MMC_RemoteAccess="Remote Access"
MMC_RemStore="Removable Storage"
MMC_Restrict_Author="Restrict the user from entering author mode"
MMC_restrict_Author_Explain="Prevents users from entering author mode.\n\nThis policy prevents users from opening the MMC in author mode, from explicitly opening console files in author mode, and from opening any console files that open in author mode by default.\n\nAs a result, users cannot create console files or add or remove snap-ins. Also, because they cannot open author-mode console files, they cannot use the tools that the files contain.\n\nThis policy permits users to open MMC user-mode console files, such as those on the Administrative Tools menu in Windows 2000 Server. However, users cannot open a blank MMC console window, on the Start menu. (To open the MMC, click Start, click Run, and type MMC.) Users also cannot open a blank MMC console window from a command prompt.\n\nIf you disable this policy or do not configure it, users can enter author mode and open author-mode console files."
MMC_Restrict_Explain="Permits or prohibits use of this snap-in.\n\nIf you enable this policy, the snap-in is permitted. If you disable the policy, the snap-in is prohibited.\n\nIf this policy is not configured, then the setting of the "Restrict users to the explicitly permitted list of snap-ins" policy determines whether this snap-in is permitted or prohibited.\n\n-- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted.\n\n To explicitly permit use of this snap-in, enable this policy. If this policy is not configured (or disabled), this snap-in is prohibited.\n\n-- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited.\n\n To explicitly prohibit use of this snap-in, disable this policy. If this policy is not configured (or enabled), the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in \
the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear."
MMC_Restrict_To_Permitted_Snapins="Restrict users to the explicitly permitted list of snap-ins"
MMC_restrict_To_Permitted_Snapins_Explain="Lets you selectively permit or prohibit the use of Microsoft Management Console (MMC) snap-ins.\n\n-- If you enable this policy, all snap-ins are prohibited, except those that you explicitly permit. Use this setting if you plan to prohibit use of most snap-ins.\n\n To explicitly permit a snap-in, open the Restricted/Permitted snap-ins policy folder and then enable the policies representing the snap-in you want to permit. If a snap-in policy in the folder is disabled or not configured, the snap-in is prohibited.\n\n-- If you disable this policy or do not configure it, all snap-ins are permitted, except those that you explicitly prohibit. Use this setting if you plan to permit use of most snap-ins.\n\n To explicitly prohibit a snap-in, open the Restricted/Permitted snap-ins policy folder and then disable the policies representing the snap-ins you want to prohibit. If a snap-in policy in the folder is enabled or not configured, the snap-in is permitted.\n\nWhen a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear.\n\nNote: If you enable this policy, and do not enable any policies in the Restricted/Permitted snap-ins folder, users cannot use any MMC snap-ins."
MSILogging_Help="Specifies the types of events that Windows Installer records in its transaction log for each installation. The log, Msi.log, appears in the Temp directory of the system volume.\n\nWhen you enable this policy, you can specify the types of events you want Windows Installer to record. To indicate that an event type is recorded, type the letter representing the event type. You can type the letters in any order and list as many or as few event types as you desire.\n\nTo disable logging, delete all of the letters from the box.\n\nIf you disable this policy or do not configure it, Windows Installer logs the default event types, represented by the letters "iweap.""
MSILogging="Logging"
MSILoggingT1="To activate logging, enter one or more of the modes below."
MSILoggingT10="m - Out-of-memory"
MSILoggingT11="p - Terminal properties"
MSILoggingT12="v - Verbose output"
MSILoggingT13="o - Out of disk space messages"
MSILoggingT2=""iwearucmpvo" will log everything but adds time to the install."
MSILoggingT3="i - Status messages"
MSILoggingT4="w - Non-fatal warnings"
MSILoggingT5="e - All error messages"
MSILoggingT6="a - Start up of actions"
MSILoggingT7="r - Action-specific records"
MSILoggingT8="u - User requests"
MSILoggingT9="c - Initial UI parameters"
Network="Network"
NetworkConnections="Network and Dial-up Connections"
NewGPOLinksDisabled="Create new Group Policy Object links disabled by default"
NewGPOLinksDisabled_Help="Creates new Group Policy object links in the disabled state.\n\nThis policy creates all new Group Policy object links in the disabled state by default. After you configure and test the new object links, either by using Active Directory Users and Computers or Active Directory Sites and Services, you can enable the object links for use on the system.\n\nIf you disable this policy or do not configure it, new Group Policy object links are created in the enabled state. If you don't want them to be effective until they are configured and tested, you must disable the object link."
NC_AddRemoveComponents_Help="Determines whether administrators can add and remove network components. This policy has no effect on non-administrators.\n\nIf you enable this policy, the Install and Uninstall buttons for components of connections are disabled and users are not permitted access to network components in the Windows Components wizard.\n\nIf you disable this policy, the Install and Uninstall buttons for components of connections in Network and Dial-up Connections are enabled. Also, users can gain access to network components in the Windows Components wizard.\n\nThe Install button opens the dialog boxes used to add network components. Clicking the Uninstall button removes the selected component in the components list (above the button).\n\nThe Install and Uninstall buttons appear when users right-click a connection and click Properties. These buttons are on the General tab for LAN connections and on the Networking tab for dial-up connections.\n\nThe Windows Components wizard permits users to add and remove components. To use the wizard, double-click Add/Remove Programs in Control Panel. To go directly to the network components in the Windows Components wizard, click the Advanced menu in Network and Dial-up Connections, and then click "Optional Networking Components."\n\nNote: Non-administrators are already prohibited from adding or removing components for a LAN or RAS connection regardless of this policy."
NC_AddRemoveComponents="Prohibit adding and removing components for a LAN or RAS connection"
NC_AdvancedSettings_Help="Determines whether the Advanced Settings item on the Advanced menu in Network and Dial-up Connections is enabled for administrators.\n\nThe Advanced Settings item lets users view and change bindings and view and change the order in which the computer accesses connections, network providers, and print providers.\n\nIf you enable this policy, the Advanced Settings item is disabled.\n\nIf you disable this policy, the Advanced Settings item is enabled.\n\nNote: Non-administrators are already prohibited from accessing the Advanced Settings dialog box regardless of policies."
NC_AdvancedSettings="Prohibit access to the Advanced Settings item on the Advanced menu"
NC_AllowAdvancedTCPIPConfig_Help="Determines whether users can use Network and Dial-up Connections to configure TCP/IP, DNS, and WINS settings.\n\nIf you enable this policy, the Advanced button on the Internet Protocol (TCP/IP) Properties dialog box is disabled. As a result, users cannot open the Advanced TCP/IP Settings Properties page and modify IP settings, such as DNS and WINS server information.\n\nIf you disable this policy, the Advanced button is enabled and the users can open the Advanced TCP/IP Setting dialog box.\n\nNote: This policy is superceded by policies that prohibit access to properties of connections or connection components. When these polices are enabled users cannot gain access to the Advanced button.\n\nTip: To open the Advanced TCP/IP Setting dialog box, in Network and Dial-up Connections, right-click a connection icon, and click Properties. For RAS connections select the Networking tab. In the "Components checked are used by this connection" box, click Internet Protocol (TCP/IP), click the Properties button, and then click the Advanced button.\n\nNote: Changing this policy from Enabled to Not Configured does not enable the Advanced button until the user logs off."
NC_ChangeBindState_Help="Determines whether administrators can enable and disable the components used by local area connections.\n\nEnabling this policy removes the check boxes for enabling and disabling components. As a result, administrators cannot enable or disable the components that a connection uses.\n\nIf you disable this policy, the Properties dialog box for a connection includes a check box beside the name of each component that the connection uses. Selecting the check box enables the component, and clearing the check box disables the component.\n\nNote: Non-administrators are already prohibited from enabling or disabling components for a LAN connection regardless of this policy.\n\nNote: This policy does not prevent users from using other programs such Internet Explorer to enable/disable connection components."
NC_ChangeBindState="Prohibit enabling/disabling components of a LAN connection"
NC_DialupPrefs_Help="Determines whether the "Dial-up Preferences" item on the Advanced menu in Network and Dial-up Connections is enabled.\n\nThe Dial-up Preferences item lets users create and change connections before logon and configure automatic dialing and callback features.\n\nIf you enable this policy, the Dial-up Preferences item is disabled.\n\nIf you disable this policy, the Dial-up Preferences item is enabled."
NC_DialupPrefs="Prohibit access to the Dial-up Preferences item on the Advanced menu"
NC_DeleteAllUserConnection="Prohibit deletion of RAS connections available to all users"
NC_DeleteAllUserConnection_Help="Prohibits users from deleting shared dial-up (RAS) connections. Shared connections are available to all users of the computer.\n\nShared connections are those that are available to all users. To create a shared dial-up (RAS) connection, on the Connection Availability page in the Network Connections wizard, click the "For all users" option.\n\nIf you enable this policy or do not configure it, only administrators can delete shared RAS connections. (By default, users can still delete their private connections, but you can change the default by using the "Prohibit deletion of RAS connections" policy.)\n\nIf you disable this policy, users can delete shared RAS connections. Additionally, if your file system is NTFS users need to have write access to Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk to delete a shared RAS Connection.\n\nImportant: When enabled, the "Prohibit deletion of RAS connections" policy takes precedence over this policy. Users (including administrators) cannot delete any RAS connections and this policy is ignored.\n\nNote: LAN connections are created and deleted automatically by the system when a LAN adapter is installed or removed. You cannot use Network and Dial-up Connections to create or delete a local area connection.\n\nNote: This policy does not prevent users from using other programs such Internet Explorer to bypass this policy.
NC_DeleteConnection_Help="Determines whether users can delete their private dial-up (RAS) connections.\n\nPrivate connections are those that are available only to one user. To create a private connection, on the Connection Availability page in the Network Connections wizard, click the "Only for myself" option.\n\nIf you enable this policy, users (including administrators) cannot delete any RAS connections. This setting also disables the "Delete" option on the context menu for a RAS connection and on the File menu in Network and Dial-up Connections.\n\nIf you disable this policy or do not configure it, users can delete their private RAS connections. Private connections are those that are available only to one user. (By default, only administrators can delete connections available to all users, but you can change the default by using the "Prohibit deletion of RAS connections available to all users" policy.)\n\nImportant: When enabled, this policy takes precedence over the "Prohibit deletion of RAS connections available to all users" policy. Users cannot delete any RAS connections and the "Prohibit deletion of RAS connections available to all users" policy is ignored.\n\nNote: LAN connections are created and deleted \
automatically when a LAN adapter is installed or removed. You cannot use Network and Dial-up Connections to create or delete a local area connection.\n\nNote: This policy does not prevent users from using other programs such Internet Explorer to bypass this policy."
NC_DeleteConnection="Prohibit deletion of RAS connections"
NC_LanChangeProperties_Help="Determines whether administrators can change the properties of components used by a local area connection.\n\nThis policy determines whether the Properties button for components of a local area connection is enabled.\n\nIf you enable this policy, the Properties button is disabled.\n\nIf you disable this policy or do not configure it, the Properties button is enabled.\n\nThe Local Area Connection Properties dialog box includes a list of the network components that the connection uses. To view or change the properties of a component, click the name of the component, and then click the Properties button beneath the component list.\n\nNote: Not all network components have configurable properties. For components that are not configurable, the Properties button is always disabled.\n\nNote: Non-administrators are already prohibited from accessing properties of components for a LAN connection regardless of this policy."
NC_LanChangeProperties="Prohibit access to properties of components of a LAN connection"
NC_LanConnect_Help="Determines whether users can Enable/Disable local area connections.\n\nIf you enable this policy, then double-clicking the icon has no effect, and the Enable and Disable menu items are disabled.\n\nIf you disable this policy, the Enable and Disable options for local area connections are available to users in the group. Users can Enable/Disable a local area connection by double-clicking the icon representing the connection, by right-clicking it, or by using the File menu.\n\nNote: Administrators can still Enable/Disable local area connections from Device Manager."
NC_LanConnect="Prohibit enabling/disabling a LAN connection"
NC_LanProperties_Help="Determines whether administrators can view and change the properties of a local area connection.\n\nThis policy determines whether the Properties menu item is enabled, and thus, whether the Local Area Connection Properties dialog box is available to administrators.\n\nIf you enable this policy, the Properties menu items are disabled, and administrators cannot open the Local Area Connection Properties dialog box.\n\nIf you disable this policy, a Properties menu item appears when administrators right-click the icon representing a local area connection. Also, when administrators select the connection, Properties is enabled on the File menu.\n\nNote: This policy supersedes policies that remove or disable parts of the Local Area Connection Properties dialog box, such as those that hide tabs, remove the check boxes for enabling or disabling components, or disable Properties button for components that a connection uses. If you enable this policy, then the policies that disable parts of the Local Area Connection Properties dialog box are ignored.\n\nNote: Non-administrators are already denied access to properties regardless of policies."
NC_LanProperties="Prohibit access to properties of a LAN connection"
NC_NewConnectionWizard_Help="Determines whether users can use the Network Connection wizard, which creates new network connections.\n\nIf you enable this policy, the Make New Connection icon does not appear in the Start Menu on in the Network and Dial-up Connections folder. As a result, users cannot start the Network Connection wizard.\n\nIf you disable this policy, the Make New Connection icon appears in the start menu and in the Network and Dial-up Connections folder. Clicking Make New Connection starts the Network Connection wizard.\n\nNote: Changing this policy from Enabled to Not Configured does not restore the Make New Connection icon until the user logs off.\n\nNote: This policy does not prevent users from using other programs such Internet Explorer to bypass this policy."
NC_NewConnectionWizard="Prohibit access to the Network Connection wizard"
NC_RasAllUserProperties_Help="Determines whether a user can view and change the properties of dial-up connections that are available to all users of the computer.\n\nShared connections are those that are available to all users. To create a shared dial-up (RAS) connection, on the Connection Availability page in the Network Connections wizard, click the "For all users" option.\n\nThis policy determines whether the Properties menu item is enabled, and thus, whether the Dial-up Connection Properties dialog box is available to users.\n\nIf you enable this policy, the Properties menu items are disabled, and users cannot open the Dial-up Connection Properties dialog box.\n\nIf you disable this policy, a Properties menu item appears when users right-click the icon for a dial-up connection. Also, when users select the connection, Properties appears on the File menu.\n\nNote: This policy supersedes policies that remove or disable parts of the Dial-up Connection Properties dialog box, such as those that hide tabs, remove the check boxes for enabling or disabling components, or disable the Properties button for components that a connection uses. If you enable this policy, it overrides these subsidiary policies.\n\nNote: This policy does not prevent users from using other programs such Internet Explorer to bypass this policy."
NC_RasAllUserProperties="Prohibit access to properties of RAS connections available to all users"
NC_RasChangeProperties_Help="Determines whether users can view and change the properties of components used by a dial-up connection.\n\nThis policy determines whether the Properties button for components used by a RAS connection is enabled.\n\nIf you enable this policy, the Properties button is disabled.\n\nIf you disable this policy, the Properties button is enabled.\n\nThe Networking tab of the Dial-up Connection Properties dialog box includes a list of the network components that the connection uses. To view or change the properties of a component, click the name of the component, and then click the Properties button beneath the component list.\n\nNote: Not all network components have configurable properties. For components that are not configurable, the Properties button is always disabled.\n\nNote: This policy does not prevent users from using other programs such Internet Explorer to bypass this policy."
NC_RasChangeProperties="Prohibit access to properties of components of a RAS connection"
NC_RasConnect_Help="Determines whether users can connect and disconnect dial-up connections.\n\nIf you enable this policy, then double-clicking the icon has no effect, and the Connect and Disconnect menu items are disabled.\n\nIf you disable this policy, the Connect and Disconnect options for dial-up connections are available to all users. Users can connect or disconnect a dial-up connection by double-clicking the icon representing the connection, by right-clicking it, or by using the File menu.\n\nNote: Users can still connect and disconnect from the Status page for a connection. To prevent users from displaying the Status page, enable the "Prohibit viewing of status statistics for an active connection" policy."
NC_RasConnect="Prohibit connecting and disconnecting a RAS connection"
NC_RasMyProperties_Help="Determines whether users can view and change the properties of their private dial-up (RAS) connections.\n\nPrivate connections are those that are available only to one user. To create a private connection, on the Connection Availability page in the Network Connections wizard, click the "Only for myself" option.\n\nThis policy determines whether the Properties menu item is enabled, and thus, whether the Dial-up Connection Properties dialog box is available to users.\n\nIf you enable this policy, the Properties menu items are disabled, and users cannot open the Dial-up Connection Properties dialog box.\n\nIf you disable this policy, a Properties menu item appears when users right-click the icon representing a dial-up connection. Also, when users select the connection, Properties appears on the File menu.\n\nNote: This policy supersedes policies that remove or disable parts of the Dial-up Connection Properties dialog box, such as those that hide tabs, remove the check boxes for enabling or disabling components, or disable the Properties button for components that a connection uses. If you enable this policy, it overrides these subsidiary policies.\n\nNote: This policy does not prevent users from using other programs such Internet Explorer to bypass this policy."
NC_RasMyProperties="Prohibit access to current user's RAS connection properties"
NC_RenameConnection_Help="Determines whether users can rename dial-up (RAS) and local area connections.\n\nPrivate RAS connections can be renamed regardless of this setting.\n\nIf you enable this policy, the Rename option is disabled.\n\nIf you disable this policy, the Rename option is enabled. Users can rename connections by clicking the icon representing a connection or by using the File menu.\n\nNote: This policy does not prevent users from using other programs such Internet Explorer to rename RAS connections. "
NC_RenameConnection="Prohibit renaming LAN connections or RAS connections available to all users"
NC_RenameMyRasConnection_Help="Determines whether users can rename their private dial-up (RAS) connections.\n\nPrivate connections are those that are available only to one user. To create a private connection, on the Connection Availability page in the Network Connections wizard, click the "Only for myself" option.\n\nIf you enable this policy, the Rename option is disabled.\n\nIf you disable this policy, the Rename option is enabled for users’ private dial-up connections. Users can rename their private connection by clicking an icon representing the connection or by using the File menu.\n\nNote: This policy does not prevent users from using other programs such Internet Explorer to bypass this policy."
NC_RenameMyRasConnection="Prohibit renaming of RAS connections belonging to the current user"
NC_ShowSharedAccessUI_Help="Determines whether administrators can enable, disable, and configure the Connection Sharing feature of LAN or RAS connections.\n\nIf you enable this policy, the system removes the Sharing tab from the Properties dialog box for a LAN or RAS connection. On Windows 2000 Server, it also removes the Internet Connection Sharing page from the Network Connection wizard.\n\nIf you disable this policy, the Sharing tab and Internet Connection Sharing wizard page are displayed.\n\nConnection Sharing lets users configure their system as an Internet gateway for a small network. It provides network services, such as name resolution, to the network.\n\nBy default, Connection Sharing is disabled when you create a dial-up connection, but administrators can use the Sharing tab and Internet Connection Sharing wizard page to enable it.\n\nNote: This policy appears in the Computer Configuration and User Configuration folders. If both policies are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nNote: LAN Connection Sharing is only available when two or more network interfaces are present.\n\nNote: Non-administrators are already prohibited from configuring Connection Sharing regardless of this policy."
NC_ShowSharedAccessUI="Prohibit configuration of connection sharing"
NC_Statistics_Help="Determines whether users can view the Status page for an active connection.\n\nThe Status page displays information about the connection and its activity. It also provides buttons to disconnect and to configure the properties of the connection.\n\nIf you enable this policy, the Status option is disabled, and the Status page doesn’t appear.\n\nIf you disable this policy, the Status page appears when users double-click an active connection. Also, an option to display the Status page appears on a menu when users right-click the icon for an active connection, and the option appears on the File menu when users select an active connection.\n\nNote: Even when this policy is enabled, some connection statistics can be viewed by hovering with the mouse pointer over the connection icon (in the system tray)."
NC_Statistics="Prohibit viewing of status statistics for an active connection"
NoActiveDesktop_Help="Disables Active Desktop and prevents users from enabling it.\n\nThis policy also removes the Active Desktop item from the context menu that appears when you right-click the desktop; it removes the Web tab from Display in Control Panel; and it disables the "Enable Web content on my desktop" item on the General tab of the Folder Options dialog box. This prevents users from trying to enable or disable Active Desktop while a policy controls it. If you disable this policy or do not configure it, Active Desktop is disabled by default, but users can enable it.\n\nNote: If both the "Enable Active Desktop" policy and the "Disable Active Desktop" policy are enabled, the "Disable Active Desktop" policy is ignored. If the "Enable Classic Shell" policy (in User Configuration\Administrative Templates\Windows Components\Windows Explorer) is enabled, then Active Desktop is disabled and both of these policies are ignored.\n\nTip: To disable Active Desktop without setting a policy, right-click the \
desktop, point to "Active Desktop" and then turn off "Show Web Content."\n\nAlso, see the "Remove the Folder Options menu item from the Tools menu" policy in User Configuration\Administrative Templates\Windows Components\Windows Explorer."
NoActiveDesktop_Tip="Disallows HTML and Jpg Wallpaper"
NoActiveDesktop="Disable Active Desktop"
NoActiveDesktopChanges_Help="Prevents the user from enabling or disabling Active Desktop or changing the Active Desktop configuration.\n\nThis is a comprehensive policy that locks down the configuration you establish by using other policies in this folder.\n\nThis policy removes the Web tab from Display in Control Panel and removes the Active Desktop item from menu that appears when you right-click the desktop. As a result, users cannot enable or disable Active Desktop. If Active Desktop is already enabled, users cannot add, remove, or edit Web content or disable, lock, or synchronize Active Desktop components."
NoActiveDesktopChanges="Prohibit changes"
NoAddFromCDorFloppy_Help="Removes the Add a program from CD-ROM or floppy disk section from the Add New Programs page. This prevents users from using Add/Remove Programs to install programs from removable media.\n\nIf you disable this policy or do not configure it, the Add a program from CD-ROM or floppy disk option is available to all users.\n\nThis policy does not prevent users from using other tools and methods to add or remove program components.\n\nNote: If the "Hide Add New Programs page" policy is enabled, this policy is \
ignored. Also, if the "Disable media source for any install" policy (located in Computer Configuration\Administrative Templates\Windows Components\Windows Installer) is enabled, users cannot add programs from removable media, regardless of the setting of this policy."
NoAddFromCDorFloppy="Hide the "Add a program from CD-ROM or floppy disk" option"
NoAddFromInternet_Help="Removes the Add programs from Microsoft section from the Add New Programs page. This policy prevents users from using Add/Remove Programs to connect to Windows Update.\n\nIf you disable this policy or do not configure it, Add programs from Microsoft is available to all users.\n\nThis policy does not prevent users from using other tools and methods to connect to Windows Update.\n\nNote: If the "Hide Add New Programs page" policy is enabled, this policy is ignored."
NoAddFromInternet="Hide the "Add programs from Microsoft" option"
NoAddFromNetwork_Help="Prevents users from viewing or installing published programs.\n\nThis policy removes the Add programs from your network section from the Add New Programs page. The Add programs from your network section lists published programs and provides an easy way to install them.\n\nPublished programs are those that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system administrators publish programs to notify users that the programs are available, to recommend their use, or to enable users to install them without having to search for installation files.\n\nIf you enable this policy, users cannot tell which programs have been published by the system administrator, and they cannot use Add/Remove Programs to install published programs. However, they can still install programs by using other methods, and they can view and install assigned (partially installed) programs that are offered on the desktop or on the Start menu.\n\nIf you disable this policy or do not configure it, Add programs from your network is available to all users.\n\nNote: If the "Hide Add New Programs page" policy is enabled, this policy is ignored."
NoAddFromNetwork="Hide the "Add programs from your network" option"
NoAddingComponents_Help="Prevents users from adding Web content to their Active Desktop.\n\nThis policy removes the "New" button from Web tab in Display in Control Panel. It also removes the "New Desktop Item" command from the Active Desktop menu. As a result, users cannot add Web pages or pictures from the Internet or an intranet to the desktop.\n\nThis policy does not remove existing Web content from their Active Desktop, or prevent users from removing existing Web content.\n\nAlso, see the "Disable all items" policy."
NoAddPage_Help="Removes the Add New Programs button from the Add/Remove Programs bar. As a result, users cannot view or change the attached page.\n\nThe Add New Programs button lets users install programs published or assigned by a system administrator.\n\nIf you disable this policy or do not configure it, the Add New Programs button is available to all users.\n\nThis policy does not prevent users from using other tools and methods to install programs."
NoAddPage="Hide Add New Programs page"
NoAddPrinter_Help="Prevents users from using familiar methods to add local and network printers.\n\nThis policy removes the Add Printer option from the Start menu. (To find the Add Printer option, click Start, click Printers, and then click Add Printer.) This policy also removes Add Printer from the Printers folder in Control Panel.\n\nAlso, users cannot add printers by dragging a printer icon into the Printers folder. If they try, a message appears explaining that the a policy prevents the action.\n\nHowever, this policy does not prevent users from using the Add Hardware wizard to add a printer. Nor does it prevent users from running other programs to add printers.\n\nThis policy does not delete printers that users have already added. However, if users have not added a printer when this policy is applied, they can’t print.\n\nNote: You can use printer permissions to restrict the use of printers without setting a policy. In the Printers folder, right-click a printer, click Properties, and then click the Security tab."
NoAddPrinter="Disable addition of printers"
NoAddRemovePrograms_Help="Prevents users from using Add/Remove Programs.\n\nThis policy removes Add/Remove Programs from Control Panel and removes the Add/Remove Programs item from menus.\n\nAdd/Remove Programs lets users install, uninstall, repair, add, and remove features and components of Windows 2000 and a wide variety of Windows programs. Programs published or assigned to the user appear in Add/Remove Programs.\n\nIf you disable this policy or do not configure it, Add/Remove Programs is available to all users.\n\nWhen enabled, this policy takes precedence over the other policies in this folder.\n\nThis policy does not prevent users from using other tools and methods to install or uninstall programs."
NoAddRemovePrograms="Disable Add/Remove Programs"
NoBackButton_Help="Removes the Back button from the Open dialog box.\n\nThis policy, and others in this folder, lets you remove new features added in Windows 2000, so that the Open dialog box looks like it did in Windows NT 4.0 and earlier. These policies only affect programs that use the standard Open dialog box provided to developers of Windows programs.\n\nTo see an example of the standard Open dialog box, run Notepad and, from the File menu, click Open."
NoBackButton="Hide the common dialog back button"
NoBalloonTip_Help="Hides popup text on the Start menu.\n\nWhen you hold the cursor over an item on the Start menu, the system displays popup text providing information about the item, such as the path to a file, the URL for a Web shortcut, or a brief description of program.\n\nIf you enable this policy, this popup text does not appear on the Start menu."
NoBalloonTip="Disable Balloon Tips on Start Menu items"
NoChangeAnimation_Help="Prevents users from selecting the option to animate the movement of windows, menus, and lists.\n\nIf you enable this policy, the "Use transition effects for menus and tooltips" option in Display in Control Panel is disabled.\n\nEffects, such as animation, are designed to enhance the user's experience but might be confusing or distracting to some users."
NoChangeAnimation="Disable UI to change menu animation setting"
NoChangeKeyboardNavigationIndicators_Help="Disables the "Hide keyboard navigation indicators until I use the ALT key" option in Display in Control Panel.\n\nWhen this Display Properties option is selected, the underlining that indicates a keyboard shortcut character (hot key) does not appear on menus until you press ALT.\n\nEffects, such as transitory underlines, are designed to enhance the user's experience but might be confusing or distracting to some users."
NoChangeKeyboardNavigationIndicators="Disable UI to change keyboard navigation indicator setting"
NoChangeStartMenu_Help="Prevents users from using the drag-and-drop method to reorder or remove items on the Start menu. Also, it removes context menus from the Start menu.\n\nIf you disable this policy or do not configure it, users can remove or reorder Start menu items by dragging and dropping the item. They can display context menus by right-clicking a Start menu item.\n\nThis policy does not prevent users from using other methods of customizing the Start menu or performing the tasks available from the context menus.\n\nAlso, see the "Disable changes to Taskbar and Start Menu Settings" and the "Disable context menu for taskbar" policies."
NoChangeStartMenu="Disable drag-and-drop context menus on the Start Menu"
NoChangingWallPaper_Help="Prevents users from adding or changing the background design of the desktop.\n\nBy default, users can use the Background tab of Display in Control Panel to add a background design (wallpaper) to their desktop. If you enable this policy, the Background tab still appears, but all options on the tab are disabled.\n\nTo remove the Background tab, use the "Hide Background tab" policy.\n\nTo specify wallpaper for a group use the "Active Desktop Wallpaper" policy.\n\nAlso, see the "Allow only bitmapped wallpaper" policy."
NoClose_Help="Prevents users from shutting down or restarting Windows.\n\nThis policy removes the Shut Down option from the Start menu and disables the Shut Down button on the Windows Security dialog box, which appears when you press CTRL+ALT+DEL.\n\nThis policy prevents users from using the Windows user interface to shut down the system, although it does not prevent them from running programs that shut down Windows.\n\nIf you disable this policy or do not configure it, the Shut Down menu option appears, and the Shut Down button is enabled."
NoClose="Disable and remove the Shut Down command"
NoCloseDragDropBands_Help="Prevents users from manipulating desktop toolbars.\n\nIf you enable this policy, users cannot add or remove toolbars from the desktop. Also, users cannot drag toolbars onto or off of docked toolbars.\n\nNote: If users have added or removed toolbars, this policy prevents them from restoring the default configuration.\n\nTip: To view the toolbars that can be added to the desktop, right-click a docked toolbar (such as the taskbar beside the Start button), and point to "Toolbars."\n\nAlso, see the "Disable adjusting desktop toolbars" policy."
NoClosingComponents_Help="Prevents users from removing Web content from their Active Desktop.\n\nIn Active Desktop, you can add items to the desktop, but close them so they are not displayed. If you enable this policy, items added to the desktop cannot be closed; they always appear on the desktop.\n\nThis policy removes the list of the Active Desktop items from the Active Desktop menu. (To see this list, right-click the desktop and point to Active Desktop. The list appears at the bottom of the menu.) Also, it removes the check boxes from items on the Web tab in Display in Control Panel.\n\nThis policy does not prevent users from deleting items from their Active Desktop."
NoCommonGroups_Help="Removes items in the All Users profile from the Programs menu on the Start menu.\n\nBy default, the Programs menu contains items from the All Users profile and items from the user's profile. If you enable this policy, only items in the user's profile appear in the Programs menu.\n\nTip: To see the Program menu items in the All Users profile, on the system drive, go to Documents and Settings\All Users (WINNT)\Start Menu\Programs."
NoCommonGroups="Remove common program groups from Start Menu"
NoControlPanel_Help="Disables all Control Panel programs.\n\nThis policy prevents Control.exe, the program file for Control Panel, from starting. As a result, users cannot start Control Panel or run any Control Panel items.\n\nThis policy also removes Control Panel from the Start menu. (To open Control Panel, click Start, point to Settings, and then click Control Panel.) This policy also removes the Control Panel folder from Windows Explorer.\n\nIf users try to select a Control Panel item from the Properties item on a context menu, a message appears explaining that a policy prevents the action.\n\nAlso, see the "Disable Display in Control Panel" and "Disable programs on Settings menu" policies."
NoControlPanel="Disable Control Panel"
NoDeletePrinter_Help="Prevents users from deleting local and network printers.\n\nIf a user tries to delete a printer, such as by using the Delete option in Printers in Control Panel, a message appears explaining that a policy prevents the action.\n\nThis policy does not prevent users from running other programs to delete a printer."
NoDeletePrinter="Disable deletion of printers"
NoDeletingComponents_Help="Prevents users from deleting Web content from their Active Desktop.\n\nThis policy removes the Delete button from the Web tab in Display in Control Panel. As a result, users can temporarily remove, but not delete, Web content from their Active Desktop.\n\nThis policy does not prevent users from adding Web content to their Active Desktop.\n\nAlso, see the "Prohibit closing components" and "Disable all items" policies."
NoDesktop_Help="Removes icons, shortcuts, and other default and user-defined items from the desktop, including Briefcase, Recycle Bin, My Computer, and My Network Places.\n\nRemoving icons and shortcuts does not prevent the user from using another method to start the programs or opening the items they represent."
NoDesktop="Hide all icons on Desktop"
NoDFSTab_Help="Removes the DFS tab from Windows Explorer.\n\nThis policy removes the DFS tab from Windows Explorer and from other programs that use the Windows Explorer browser, such as My Computer. As a result, users cannot use this tab to view or change the properties of the Distributed File System (DFS) shares available from their computer.\n\nThis policy does not prevent users from using other methods to configure DFS."
NoDFSTab="Disable DFS tab"
NoDispAppearancePage_Help="Removes the Appearance tab from Display in Control Panel.\n\nThis policy prevents users from using Control Panel to change the colors or color scheme of the desktop and windows."
NoDisconnectMenu_Help="Removes the Disconnect item from the Shut Down Windows dialog box on Terminal Services clients.\n\nIf you enable this policy, the Disconnect item does not appear in the drop-down list of options in the Shut Down Windows dialog box. As a result, Terminal Services users cannot use this familiar method to disconnect their client from a Terminal Services server.\n\nThis policy affects the Shut Down Windows dialog box only. It does not prevent users from using other methods of disconnecting from a Terminal Services server."
NoDisconnectMenu="Remove Disconnect item from Start menu (Terminal Services only)"
NoDispBackgroundPage_Help="Removes the Background tab from Display in Control Panel.\n\nThis policy prevents users from using Control Panel to change the pattern and wallpaper on the desktop."
NoDispCpl_Help="Disables Display in Control Panel.\n\nIf you enable this policy, Display in Control Panel does not run. When users try to start Display, a message appears explaining that a policy prevents the action.\n\nAlso, see the "Disable Control Panel" and "Disable programs on Settings menu" policies."
NoDispScrSavPage_Help="Removes the Screen Saver tab from Display in Control Panel.\n\nThis policy prevents users from using Control Panel to add, configure, or change the screen saver on the computer."
NoDispSettingsPage_Help="Removes the Settings tab from Display in Control Panel.\n\nThis policy prevents users from using Control Panel to add, configure, or change the display settings on the computer."
NoDrives_Help="Removes the icons representing selected hard drives from My Computer, Windows Explorer, and My Network Places. Also, the drive letters representing the selected drives do not appear in the standard Open dialog box.\n\nTo use this policy, select a drive or combination of drives from the drop-down list. To display all drives, disable this policy or select the "Do not restrict drives" option from the drop-down list.\n\nNote: This policy removes the drive icons. Users can still gain access to drive contents by using other methods, such as by typing the path to a directory on the drive in the Map Network Drive dialog box, in the Run dialog box, or in a command window.\n\nAlso, this policy does not prevent users from using programs to access these drives or their contents. And, it does not prevent users from using the Disk Management snap-in to view and change drive characteristics.\n\nAlso, see the "Prevent access to drives from My Computer" policy."
NoDrives="Hide these specified drives in My Computer"
NoDrivesDropdown="Pick one of the following combinations"
NoEditingComponents_Help="Prevents users from changing the properties of Web content items on their Active Desktop.\n\nThis policy disables the Properties button on the Web tab in Display in Control Panel. Also, it removes the Properties item from the menu for each item on the Active Desktop. As a result, users can change the properties of an item, such as its synchronization schedule, password, or display characteristics."
NoEncryptOnMove="Do not automatically encrypt files moved to encrypted folders"
NoEncryptOnMove_Help="Prevents Windows Explorer from encrypting files that are moved to an encrypted folder.\n\nIf you disable this policy or do not configure it, Windows Explorer automatically encrypts files that are moved to an encrypted folder.\n\nThis policy applies only to files moved within a volume. When files are moved to other volumes, or if you create a new file in an encrypted folder, Windows Explorer encrypts those files automatically."
NoEntireNetwork_Help="Removes all computers outside of the user's workgroup or local domain from lists of network resources in Windows Explorer and My Network Places.\n\nIf you enable this policy, the system removes the Entire Network option and the icons representing networked computers from My Network Places and from the browser associated with the Map Network Drive option.\n\nThis policy does not prevent users from viewing or connecting to computers in their workgroup or domain. It also does not prevent users from connecting to remote computers by other commonly used methods, such as by typing the share name in the Run dialog box or the Map Network Drive dialog box.\n\nTo remove computers in the user's workgroup or domain from lists of network resources, use the "No "Computers Near Me" in My Network Places" policy."
NoEntireNetwork="No "Entire Network" in My Network Places"
NoFavoritesMenu_Help="Prevents users from adding the Favorites menu to the Start menu.\n\nThe Favorites menu does not appear on the Start menu by default. To display the Favorites menu, click Start, point to Settings, click Taskbar & Start Menu, click the Start Menu Options tab, and then, under Start Menu Settings, select Display Favorites. If you enable this policy, the Display Favorites item does not appear in the Start Menu Settings box.\n\nThe items that appear in the Favorites menu when you install Windows are preconfigured by the system to appeal to most users. However, users can add and remove items from this menu, and system administrators can create a customized Favorites menu for a user group.\n\nThis policy only affects the Start menu. The Favorites item still appears in Windows Explorer and in Internet Explorer."
NoFavoritesMenu="Remove Favorites menu from Start Menu"
NoFileMenu_Help="Removes the File menu from My Computer and Windows Explorer.\n\nThis policy does not prevent users from using other methods to perform tasks available on the File menu."
NoFileMenu="Remove File menu from Windows Explorer"
NoFileMRU_Help="Removes the list of most recently used files from the Open dialog box.\n\nIf you disable this policy or do not configure it, the "File name" field includes a dropdown list of recently used files. If you enable this policy, the "File name" field is a simple text box. Users must browse directories to find a file or type a file name in the text box.\n\nThis policy, and others in this folder, lets you remove new features added in Windows 2000, so that the Open dialog box looks like it did in Windows NT 4.0 and earlier. These policies only affect programs that use the standard Open dialog box provided to developers of Windows programs.\n\nTo see an example of the standard Open dialog box, run Notepad and, from the File menu, click Open."
NoFileMRU="Hide the dropdown list of recent files"
NoFind_Help="Removes the Search item from the Start Menu and disables some Windows Explorer search elements.\n\nThis policy removes the Search item from the Start menu and from the context menu that appears when you right-click the Start menu. Also, the system does not respond when users press the Application key (the key with the Windows logo)+ F.\n\nIn Windows Explorer, the Search item still appears on the Standard buttons toolbar, but the system does not respond when the user presses Ctrl + F. Also, Search does not appear in the context menu when you right-click an icon representing a drive or a folder.\n\nThis policy affects the specified user interface elements only. It does not affect Internet Explorer and does not prevent the user from using other methods to search.\n\nAlso, see the "Remove Search button from Windows Explorer" policy in User Configuration\Administrative Templates\Windows Components\Windows Explorer."
NoFind="Remove Search menu from Start Menu"
NoFolderOptions_Help="Removes the Folder Options item from all Windows Explorer menus and removes the Folder Options item from Control Panel. As a result, users cannot use the Folder Options dialog box.\n\nThe Folder Options dialog box lets users set many properties of Windows Explorer, such as Active Desktop, Web view, Offline Files, hidden system files, and file types.\n\nAlso, see the "Enable Active Desktop" policy in User Configuration\AdministrativeTemplates\Desktop\Active Desktop and the "Disable user configuration of Offline Files" policy in User Configuration\Administrative Templates\Network\Offline Files."
NoFolderOptions="Removes the Folder Options menu item from the Tools menu"
NoHardwareTab_Help="Removes the Hardware tab.\n\nThis policy removes the Hardware tab from Mouse, Keyboard, and Sounds and Multimedia in Control Panel. It also removes the Hardware tab from the Properties dialog box for all local drives, including hard drives, floppy disk drives, and CD-ROM drives. As a result, users cannot use the Hardware tab to view or change the device list or device properties, or use the Troubleshoot button to resolve problems with the device."
NoHardwareTab="Hide Hardware tab"
NoHelp_Help="Removes the Help command from the Start menu.\n\nThis policy only affects the Start menu. It does not remove the Help menu from Windows Explorer and does not prevent users from running Windows 2000 Help."
NoHelp="Remove Help menu from Start Menu"
NoHtmlWallpaper_Help ="Permits only bitmap images for wallpaper.\n\nThis policy limits the desktop background ("wallpaper") to bitmap (.bmp) files. If users select files with other image formats, such as JPEG, GIF, PNG, or HTML, the wallpaper does not load.\n\nThis policy is designed to avoid the Active Desktop prompt. When users select a wallpaper with an alternate image format, the system prompts them to enable Active Desktop. By limiting users to bitmapped files, the prompt is avoided.\n\nAlso, see the "Active Desktop Wallpaper" and the "Disable changing wallpaper" (in User Configuration\Administrative Templates\Control Panel\Display) policies."
NoInstrumentation_Help="Disables user tracking.\n\nThis policy prevents the system from tracking the programs users run, the paths they navigate, and the documents they open. The system uses this information to customize Windows features, such as personalized menus.\n\nIf you enable this policy, the system does not track these user actions. The system disables customized features that require user tracking information, including personalized menus.\n\nAlso, see the "Disable personalized menus" policy."
NoInstrumentation="Disable user tracking"
NoInternetIcon_Help="Removes the Internet Explorer icon from the desktop and from the Quick Launch bar on the taskbar.\n\nThis policy does not prevent the user from starting Internet Explorer by using other methods."
NoInternetIcon="Hide Internet Explorer icon on desktop"
NoLogOff_Help="Prevents the user from logging off of Windows 2000.\n\nThis policy does not let the user log off of the system by using any method, including programs run from the command line, such as scripts. It also disables or removes all menu items and buttons that log the user off of the system.\n\nAlso, see the "Disable Logoff on the Start Menu" policy."
NoLogoff="Disable Logoff"
NoManageMyComputerVerb="Hides the Manage item on the Windows Explorer context menu"
NoManageMyComputerVerb_Help="Removes the Manage item from the Windows Explorer context menu. This context menu appears when you right-click Windows Explorer or My Computer.\n\nThe Manage item opens Computer Management (Compmgmt.msc), a console tool which includes many of the primary Windows 2000 administrative tools, such as Event Viewer, Device Manager, and Disk Management. You must be an administrator to use many of the features of these tools.\n\nThis policy does not remove the Computer Management item from the Start Menu (Start, Programs, Administrative Tools, Computer Management), nor does it prevent users from using other methods to start Computer Management.\n\nTip: To hide all context menus, use the "Disable Windows Explorer's default context menu" policy."
NoMovingBands_Help="Prevents users from adjusting the length of desktop toolbars. Also, users cannot reposition items or toolbars on docked toolbars.\n\nThis policy does not prevent users from adding or removing toolbars on the desktop.\n\nNote: If users have adjusted their toolbars, this policy prevents them from restoring the default configuration.\n\nAlso see the "Disable adding, dragging, dropping and closing the Taskbar's toolbars" policy."
NoMyDocumentsIcon_Help="Removes most occurrences of the My Documents icon.\n\nThis policy removes the My Documents icon from the desktop, from Windows Explorer, from programs that use the Windows Explorer windows, and from the standard Open dialog box.\n\nThis policy does not prevent the user from using other methods to gain access to the contents of the My Documents folder.\n\nThis policy does not remove the My Documents icon from the Start Menu. To do so, use the "Remove My Documents icon from Start Menu" policy.\n\nNote: To make changes to this policy effective, you must log off of and log back on to Windows 2000."
NoMyDocumentsIcon="Remove My Documents icon from desktop"
NoNetAndDialupConnect_Help="Prevents users from running Network and Dial-up Connections.\n\nThis policy prevents the Network and Dial-up Connections folder from opening. This policy also removes Network and Dial-up Connections from Settings on the Start menu.\n\nNetwork and Dial-up Connections still appears in Control Panel and in Windows Explorer, but if users try to start it, a message appears explaining that a policy prevents the action.\n\nAlso, see the "Disable programs on Settings menu" and "Disable Control Panel" policies and the policies in the Network and Dial-up Connections folder (Computer Configuration and User Configuration\Administrative Templates\Network\Network and Dial-up Connections)."
NoNetAndDialupConnect="Remove Network & Dial-up Connections from Start Menu"
NoNetConnectDisconnect_Help="Prevents users from using Windows Explorer or My Network Places to connect to other computers or to close existing connections.\n\nIf you enable this policy, the system removes the Map Network Drive and Disconnect Network Drive commands from the toolbar and Tools menus in Windows Explorer and My Network Places and from menus that appear when you right-click the Windows Explorer or My Network Places icons. It also removes the Add Network Place option from My Network Places.\n\nThis policy does not prevent users from connecting to another computer by typing the name of a shared folder in the Run dialog box."
NoNetConnectDisconnect="Remove "Map Network Drive" and "Disconnect Network Drive""
NoNetHood_Help="Removes the My Network Places icon from the desktop.\n\nThis policy only affects the desktop icon. It does not prevent users from connecting to the network or browsing for shared computers on the network."
NoNetHood="Hide My Network Places icon on desktop"
NoOptions_Help="Removes the Folder Options item from all Windows Explorer menus and removes the Internet Options item from Internet Explorer. This policy also removes the Folder Options icon from Control Panel.\n\nFolder Options appears on the Tools menu in both Control Panel and Windows Explorer. (To open Folder Options, click My Computer, click My Documents, and then click My Network Places). Folder Options also appears as an item in Control Panel.\n\nThe Folder Options dialog box lets users set many properties of Windows Explorer, such as enabling Active Desktop, setting a single-click option for icons, displaying hidden system files, adding and deleting file types, and saving local copies of network files.\n\nInternet Options appears on the Tools menu in Internet Explorer. The Internet Options dialog box is the primary configuration tool for Internet Explorer. It lets users customize their displays, establish security and content standards, configure LAN and dial-up connections, set advanced browser options, and gain access to Certificate Manager and Microsoft Wallet.\n\nThis policy is more restrictive than the "Remove the Folder Options menu item from the Settings menu" policy, which removes Folder Options, but displays Internet Options."
NoPlacesBar_Help="Removes the shortcut bar from the Open dialog box.\n\nThis policy, and others in this folder, lets you remove new features added in Windows 2000, so that the Open dialog box looks like it did in Windows NT 4.0 and earlier. These policies only affect programs that use the standard Open dialog box provided to developers of Windows programs.\n\nTo see an example of the standard Open dialog box, run Notepad and, from the File menu, click Open."
NoPlacesBar="Hide the common dialog places bar"
NoRecentDocsHistory_Help="Prevents the system from saving shortcuts to documents the user has most recently opened.\n\nBy default, the system saves a shortcut to each of the non-program files the user most recently opened and displays the shortcuts on the Start menu under Documents. The shortcuts let users easily review and restart recently used documents.\n\nIf you enable this policy, the system does not save shortcuts to the Documents menu.\n\nYou can use this policy, in coordination with the "Remove Documents menu from Start Menu" and "Clear history of recently opened documents on exit" policies in this folder, to customize your policy for managing access to recently opened files.\n\nIf you enable this policy and do not select the "Remove Documents menu from Start Menu" policy, the Documents menu appears on the Start menu, but it is empty.\n\nAlso, see also the "Maximum number of Recent documents” policy located in UserConfiguration\Administrative Templates\Windows Components\Windows Explorer)."
NoRecentDocsHistory="Do not keep history of recently opened documents"
NoRecentDocsMenu_Help="Removes the Documents menu from the Start menu.\n\nThe Documents menu contains links to the non-program files that users have most recently opened. It appears so that users can easily reopen the documents.\n\nYou can use this policy, in coordination with the "Do not keep history of recently opened documents" and "Clear history of recently opened documents on exit" policies in this folder, to customize your policy for managing access to recently opened files.\n\nAlso, see the Maximum number of Recent documents" policy located in User Configuration\Administrative Templates\Windows Components\Windows Explorer."
NoRecentDocsMenu="Remove Documents menu from Start Menu"
NoRecentDocsNetHood="Do not add shares of recently opened documents to My Network Places"
NoRecentDocsNetHood_Help="Remote shared folders are not added to My Network Places whenever you open a document in the shared folder.\n\nIf you disable this policy or do not configure it, then when you open a document in a remote shared folder, the system adds a connection to the shared folder to My Network Places.\n\nIf you enable this policy, shared folders are not added to My Network Places automatically when you open a document in the shared folder."
NoRemovePage_Help="Removes the Change or Remove Programs button from the Add/Remove Programs bar. As a result, users cannot view or change the attached page.\n\nThe Change or Remove Programs button lets users uninstall, repair, add, or remove features of installed programs.\n\nIf you disable this policy or do not configure it, the Change or Remove Programs page is available to all users.\n\nThis policy does not prevent users from using other tools and methods to delete or uninstall programs."
NoRemovePage="Hide Change or Remove Programs page"
NoResolveSearch_Help="Prevents the system from conducting a comprehensive search of the target drive to resolve a shortcut.\n\nBy default, when the system cannot find the target file for a shortcut (.lnk), it searches all paths associated with the shortcut. If the target file is located on an NTFS partition, the system then uses the target's file ID to find a path. If the resulting path is not correct, it conducts a comprehensive search of the target drive in an attempt to find the file.\n\nIf you enable this policy, the system does not conduct the final drive search. It just displays a message explaining that the file is not found.\n\nNote: This policy only applies to target files on NTFS partitions. FAT partitions do not have this ID tracking and search capability.\n\nAlso, see the "Do not track Shell shortcuts during roaming" and the "Do not use the tracking-based method when resolving shell shortcuts" policies."
NoResolveSearch="Do not use the search-based method when resolving shell shortcuts"
NoResolveTrack_Help="Prevents the system from using NTFS tracking features to resolve a shortcut.\n\nBy default, when the system cannot find the target file for a shortcut (.lnk), it searches all paths associated with the shortcut. If the target file is located on an NTFS partition, the system then uses the target's file ID to find a path. If the resulting path is not correct, it conducts a comprehensive search of the target drive in an attempt to find the file.\n\nIf you enable this policy, the system does not try to locate the file by using its file ID. It skips this step and begins a comprehensive search of the drive specified in the target path.\n\nNote: This policy only applies to target files on NTFS partitions. FAT partitions do not have this ID tracking and search capability.\n\nAlso, see the "Do not track Shell shortcuts during roaming" and the "Do not use the search-based method when resolving shell shortcuts" policies."
NoResolveTrack="Do not use the tracking-based method when resolving shell shortcuts"
NoRun_Help="Removes the Run command from the Start menu and removes the New Task (Run) command from Task Manager. Also, users with extended keyboards can no longer display the Run dialog box by pressing Application key (the key with the Windows logo) + R.\n\nThis policy affects the specified interface only. It does not prevents users from using other methods to run programs."
NoRun="Remove Run menu from Start Menu"
NoRunAsInstallPrompt_Help="Prevents users from submitting alternate logon credentials to install a program.\n\nThis policy suppresses the "Install Program As Other User" dialog box for local and network installations. This dialog box, which prompts the current user for the user name and password of an administrator, appears when users who are not administrators try to install programs locally on their computers. This policy allows administrators who have logged on as regular users to install programs without logging off and logging on again using their administrator credentials.\n\nMany programs can be installed only by an administrator. If you enable this policy and a user does not have sufficient permissions to install a program, the installation continues with the current user's logon credentials. As a result, the installation might fail, or it might complete but not include all features. Or it might appear to complete successfully, but the installed program might not operate correctly.\n\nIf you disable this policy, or do not configure it, the "Install Program As Other User" dialog box appears whenever users install programs locally on the computer.\n\nBy default, users are not prompted for alternate logon credentials when installing programs from a network share. If enabled, this policy overrides the "Request credentials for network installations" policy."
NoRunasInstallPrompt="Do not request alternate credentials"
NoSaveSettings_Help="Prevents users from saving certain changes to the desktop.\n\nIf you enable this policy, users can change the desktop, but some changes, such as the position of open windows or the size and position of the taskbar, are not saved when users log off. However, shortcuts placed on the desktop are always saved."
NoSaveSettings="Don't save settings at exit"
NoSecurityMenu_Help="Removes the Windows Security item from the Settings menu on Terminal Services clients.\n\nIf you enable this policy, the Windows Security item does not appear in Settings menu on the Start menu. As a result, users must type a security attention sequence, such as Ctrl+Alt+End, to open the Windows Security dialog box on a Terminal Services client.\n\nThis policy is designed to prevent inexperienced users from logging on to Terminal Services inadvertently."
NoSecurityMenu="Remove Security option from Start menu (Terminal Services only)"
NoServices_Help="Prevents users from using Add/Remove Programs to configure installed services.\n\nThis policy removes the Set up services section of the Add/Remove Windows Components page. The Set up services section lists system services that have not been configured and offers users easy access to the configuration tools.\n\nIf you disable this policy or do not configure it, Set up services appears only when there are unconfigured system services. If you enable this policy, Set up services never appears.\n\nThis policy does not prevent users from using other methods to configure services.\n\nNote: When Set up services does not appear, clicking the Add/Remove Windows Components button starts the Windows Component wizard immediately. Because the only remaining option on the Add/Remove Windows Components page starts the wizard, that option is selected automatically, and the page is bypassed.\n\nTo remove Set up services and prevent the Windows Component wizard from starting, enable the "Hide Add/Remove Windows Components page" policy. If the "Hide Add/Remove Windows Components page" policy is enabled, this policy is ignored."
NoServices="Go directly to Components wizard"
NoSetFolders_Help="Prevents Control Panel, Printers, and Network and Dial-up Connections from running.\n\nThis policy removes the Control Panel, Printers, and Network and Dial-up Connection folders from Settings on the Start menu, and from My Computer and Windows Explorer. It also prevents the programs represented by these folders (such as Control.exe) from running.\n\nHowever, users can still start Control Panel items by using other methods, such as right-clicking the desktop to start Display or right-clicking My Computer to start System.\n\nAlso, see the "Disable Control Panel," "Disable Display in Control Panel," and "Remove Network and Dial-up Connections from Start Menu" policies."
NoSetFolders="Disable programs on Settings menu"
NoSetTaskbar_Help="Removes the Taskbar & Start Menu item from Settings on the Start menu. This policy also prevents the user from opening the Taskbar Properties dialog box.\n\nIf the user right-clicks the taskbar and then clicks Properties, a message appears explaining that a policy prevents the action."
NoSetTaskbar="Disable changes to Taskbar and Start Menu Settings"
NoShellSearchButton="Remove Search button from Windows Explorer"
NoShellSearchButton_Help="Removes the Search button from the Windows Explorer toolbar.\n\nThis policy removes the Search button from the Standard Buttons toolbar that appears in Windows Explorer and other programs that use the Windows Explorer window, such as My Computer and My Network Places.\n\nIt does not remove the Search button or affect any search features of Internet browser windows, such as the Internet Explorer window.\n\nThis policy does not affect the Search items on the Windows Explorer context menu or on the Start menu. To remove Search from the Start menu, use the "Remove Search menu from Start menu" policy (in User Configuration\Administrative Templates\Start Menu & Taskbar). To hide all context menus, use the "Disable Windows Explorer's default context menu" policy."
NoSMMyDocuments_Help="Removes the My Documents icon from the Start Menu and its submenus.\n\nThis policy only removes the icon. It does not prevent the user from using other methods to gain access to the contents of the My Documents folder.\n\nNote: To make changes to this policy effective, you must log off of and log back on to Windows 2000.\n\nAlso, see the "Remove My Documents icon from desktop" policy."
NoSMMyDocuments="Remove My Documents icon from Start Menu"
NoStartMenuSubFolders_Help="Hides all folders on the user-specific (top) section of the Start menu. Other items appear, but folders are hidden.\n\nThis policy is designed for use with redirected folders. Redirected folders appear on the main (bottom) section of the Start menu. However, the original, user-specific version of the folder still appears on the top section of the Start menu. Because the appearance of two folders with the same name might confuse users, you can use this policy to hide user-specific folders.\n\nNote that this policy hides all user-specific folders, not just those associated with redirected folders.\n\nIf you enable this policy, no folders appear on the top section of the Start menu. If users add folders to the Start Menu directory in their user profiles, the folders appear in the directory but not on the Start menu.\n\nIf you disable this policy or do not configured it, Windows 2000 displays folders on both sections of the Start menu."
NoStartMenuSubFolders="Remove user's folders from the Start Menu"
NoSupportInfo_Help="Removes links to the Support Info dialog box from programs on the Change or Remove Programs page.\n\nPrograms listed on the Change or Remove Programs page can include a "Click here for support information" hyperlink. When clicked, the hyperlink opens a dialog box that displays troubleshooting information, including a link to the installation files and data that users need to obtain product support, such as the Product ID and version number of the program. The dialog box also includes a hyperlink to support information on the Internet, such as the Microsoft Product Support Services Web page.\n\nIf you disable this policy or do not configure it, the Support Info hyperlink appears.\n\nNote: Not all programs provide a support information hyperlink."
NoSupportInfo="Disable Support Information"
NoTrayContextMenu_Help="Hides the menus that appear when you right-click the taskbar and items on the taskbar, such as the Start button, the clock, and the taskbar buttons.\n\nThis policy does not prevent users from using other methods to issue the commands that appear on these menus."
NoTrayContextMenu="Disable context menus for the taskbar"
NoViewContextMenu_Help="Removes shortcut menus from the desktop and Windows Explorer. Shortcut menus appear when you right-click an item.\n\nIf you enable this policy, menus do not appear when you right-click the desktop or when you right-click the items in Windows Explorer. This policy does not prevent users from using other methods to issue commands available on the shortcut menus."
NoViewContextMenu="Disable Windows Explorer's default context menu"
NoViewOnDrive_Help="Prevents users from using My Computer to gain access to the content of selected drives.\n\nIf you enable this policy, users cannot view the contents of the selected drives in My Computer, Windows Explorer, or My Network Places. Also, they cannot use the Run dialog box, the Map Network Drive dialog box, or the Dir command to view the directories on these drives.\n\nTo use this policy, select a drive or combination of drives from the drop-down list. To allow access to all drive directories, disable this policy or select the "Do not restrict drives" option from the drop-down list.\n\nNote: The icons representing the specified drives still appear in My Computer, but if users double-click the icons, a message appears explaining that a policy prevents the action.\n\nAlso, this policy does not prevent users from using programs to access local and network drives. And, it does not prevent them from using the Disk Management snap-in to view and change drive characteristics.\n\nAlso, see the "Hide these specified drives in My Computer" policy."
NoViewOnDrive="Prevent access to drives from My Computer"
NoWelcomeTips_Help="Supresses the "Getting Started with Windows 2000" welcome screen.\n\nThis policy hides the welcome screen that is displayed on Windows 2000 Professional each time the user logs on.\n\nUsers can still display the "Getting Started with Windows 2000" welcome screen by selecting it from the Start menu or by typing "Welcome" in the Run dialog box.\n\nThis policy applies only to Windows 2000 Professional. It does not affect the "Configure Your Server on a Windows 2000 Server" screen on Windows 2000 Server.\n\nNote: This policy appears in the Computer Configuration and User Configuration folders. if both policies are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nTip: To display the welcome screen, click Start, point to Programs, point to Accessories, point to System Tools, and then click "Getting Started." To suppress the welcome screen without setting a policy, clear the "Show this screen at startup" check box on the welcome screen."
NoWelcomeTips="Don't display welcome screen at logon"
NoWindowsSetupPage_Help="Removes the Add/Remove Windows Components button from the Add/Remove Programs bar. As a result, users cannot view or change the associated page.\n\nThe Add/Remove Windows Components button lets users configure installed services and use the Windows Component wizard to add, remove, and configure components of Windows 2000 from the installation files.\n\nIf you disable this policy or do not configure it, the Add/Remove Windows Components button is available to all users.\n\nThis policy does not prevent users from using other tools and methods to configure services or add or remove program components. However, this policy blocks user access to the Windows Component wizard."
NoWindowsSetupPage="Hide Add/Remove Windows Components page"
NoWindowsUpdate_Help="Prevents users from connecting to the Windows Update Web site.\n\nThis policy blocks user access to the Windows Update Web site at http://windowsupdate.microsoft.com. Also, the policy removes the Windows Update hyperlink from the Start Menu and from the Tools menu in Internet Explorer.\n\nWindows Update, the online extension of Windows, offers software updates to keep a user’s system up-to-date. The Windows Update Product Catalog determines any system files, security fixes, and Microsoft updates that users need and shows the newest versions available for download.\n\nAlso, see the "Hide the "Add programs from Microsoft" option" policy."
NoWindowsUpdate="Disable and remove links to Windows Update"
NoWorkGroupContents_Help="Removes computers in the user's workgroup and domain from lists of network resources in Windows Explorer and My Network Places.\n\nIf you enable this policy, the system removes the "Computers Near Me" option and the icons representing nearby computers from My Network Places. This policy also removes these icons from the Map Network Drive browser.\n\nThis policy does not prevent users from connecting to computers in their workgroup or domain by other commonly used methods, such as typing the share name in the Run dialog box or the Map Network Drive dialog box.\n\nTo remove network computers from lists of network resources, use the "No Entire Network in My Network Places" policy."
NoWorkgroupContents="No "Computers Near Me" in My Network Places"
PD_DOWNLOAD="Download profile"
PD_USELOCAL="Use local profile"
PhysicalLocation_Help="Specifies the default location criteria used when searching for printers.\n\nThis policy is a component of the Location Tracking feature of Windows 2000 printers. To use this policy, enable Location Tracking by enabling the "Pre-populate printer search location text" policy.\n\nWhen Location Tracking is enabled, the system uses the specified location as a criteria when users search for printers. The value you type here overrides the actual location of the computer conducting the search.\n\nType the location of the user's computer. When users search for printers, the system uses the specified location (and other search criteria) to find a printer nearby. You can also use this policy to direct users to a particular printer or group of printers that you want them to use.\n\nIf you disable this policy or do not configure it and the user does not type a location as a search criteria, the system searches for a nearby printer based on the IP address and subnet mask of the user's computer."
PhysicalLocation_Name="Location"
PhysicalLocation_Tip1="Enter the location of this computer. Use a '/' character to"
PhysicalLocationSupport_Help="Enables the physical Location Tracking support feature of Windows 2000 printers.\n\nLocation tracking lets you design a location scheme for your enterprise and assign computers and printers to locations in your scheme. Location tracking overrides the standard method of locating and associating users and printers, which uses the IP address and subnet mask of a computer to estimate its physical location and proximity to other computers.\n\nIf you enable Location Tracking, a Browse button appears beside the Location field in the Find Printers dialog box. (To go to the Browse button, click Start, click Search, and click For printers.) The Browse button also appears on the General tab of the Properties dialog box for a printer. It lets users browse for printers by location without their having to know the precise location (or location naming scheme). Also, if you enable the "Computer location" policy, the default location you type appears in the Location field.\n\nIf you disable this policy or do not configure it, Location Tracking is disabled. Printer proximity is estimated based on IP address and subnet mask."
PhysicalLocationSupport_Tip1="Use this policy to enable or disable pre-populating the location"
PhysicalLocationSupport_Tip2="search text when searching for printers in the Active Directory."
PhysicalLocationSupport_Tip3="The default setting is to not pre-populate the location search text."
Pol_AlwaysPinSubFolders="Subfolders always available offline"
Pol_AlwaysPinSubFolders_Help ="Makes subfolders available offline whenever their parent folder is made available offline.\n\nThis policy automatically extends the "make available offline" setting to all new and existing subfolders of a folder. Users do not have the option of excluding subfolders.\n\nIf you enable this policy, then when you make a folder available offline, all folders within that folder are also made available offline. Also, new folders that you create within a folder that is available offline are made available offline when the parent folder is synchronized.\n\nIf you disable this policy or do not configure it, the system asks users whether they want subfolders to be made available offline when they make a parent folder available offline."
Pol_AssignedOfflineFiles_Help="Lists network files and folders that are always available for offline use. This policy makes the specified files and folders available offline to users of the computer.\n\nTo assign a folder, click Show and then click Add. In the "Type the name of the item to be added" box, type the fully qualified UNC path to the file or folder. Leave the "Enter the value of the item to be added" field blank.\n\nNote: This policy appears in the Computer Configuration and User Configuration folders. If both policies are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration."
Pol_CustomGoOfflineActions_Help="Determines how computers respond when they are disconnected from particular offline file servers. This policy overrides the default response, a user-specified response, and the response specified in the "Action on server disconnect" policy.\n\nThis policy also disables the "Exception list" section on the Offline Files tab. This prevents users from trying to change the option while a policy controls it.\n\nTo use this policy, click Show, and then click Add. In the "Type the name of the item to be added" box, type the server's computer name. Then, in the "Type the value of the item to be added" box, type "0" if users can work offline when they are disconnected from this server, or type "1" if they cannot.\n\nThis policy appears in the Computer Configuration and User Configuration folders. if both policies are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nTip: To configure this setting without establishing a policy, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then click Advanced. This policy corresponds to the settings in the "Exception list" section."
Pol_CustomGoOfflineActions="Non-default server disconnect actions"
Pol_DefCacheSize_Help="Limits the percentage of the computer's disk space that can be used to store automatically-cached offline files.\n\nThis policy also disables the "Amount of disk space to use for temporary offline files" option on the Offline Files tab. This prevents users from trying to change the option while a policy controls it.\n\nAutomatic caching can be set on any network share. When a user opens a file on the share, the system automatically stores a copy of the file on the user's computer.\n\nThis policy does not limit the disk space available for files that user's make available offline manually.\n\nIf you enable this policy, you can specify an automatic-cache disk space limit.\n\nIf you disable this policy, the system limits the space that automatically-cached files occupy to 10 percent of the space on the system drive.\n\nIf you do not configure this policy, disk space for automatically-cached files is limited to 10 percent of the system drive by default, but users can change it.\n\nTip: To \
change the amount of disk space used for automatic caching without setting a policy, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then use the slider bar associated with the "Amount of disk space to use for temporary offline files" option."
Pol_DefCacheSize="Default cache size"
Pol_Enabled_Help="Determines whether the Offline Files feature is enabled.\n\nThis policy also disables the "Enable Offline Files" option on the Offline Files tab. This prevents users from trying to change the option while a policy controls it.\n\nOffline Files saves a copy of network files on the user's computer for use when the computer is not connected to the network.\n\nIf you enable this policy, Offline Files is enabled and users cannot disable it.\n\nIf you disable this policy, Offline Files is disabled and users cannot enable it.\n\nBy default, Offline Files is enabled on Windows 2000 Professional and is disabled on Windows 2000 Server.\n\nTip: To enable Offline Files without setting a policy, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then click "Enable Offline Files."\n\nNote: To make changes to this policy effective, you must restart Windows 2000."
Pol_Enabled="Enabled"
Pol_EventLoggingLevel_Help="Determines which events the Offline Files feature records in the event log.\n\nOffline Files records events in the Application log in Event Viewer when it detects errors. By default, Offline Files records an event only when the offline files storage cache is corrupted. However, you can use this policy to specify additional events you want Offline Files to record.\n\nTo use this policy, from the "Enter" box, select the number corresponding to the events you want the system to log. The levels are cumulative; that is, each level includes the events in all preceding levels.\n\n"0" records an error when the offline storage cache is corrupted.\n\n"1" also records an event when the server hosting the offline file is disconnected from the network.\n\n"2" also records events when the local computer is connected and disconnected from the network.\n\n"3" also records an event when the server hosting the offline file is reconnected to the network.\n\nNote: This policy appears in the Computer Configuration and User Configuration folders. if both policies are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration."
Pol_EventLoggingLevel="Event logging level"
Pol_ExtExclusionList_Help="Lists types of files that cannot be used offline.\n\nThis policy lets you exclude certain types of files from automatic and manual caching for offline use. The system does not cache files of the type specified in this policy even when they reside on a network share configured for automatic caching. Also, if users try to make a file of this type available offline, the operation will fail and the following message will be displayed in the Synchronization Manager progress dialog box: "Files of this type cannot be made available offline."\n\nThis policy is designed to protect files that cannot be separated, such as database components.\n\nTo use this policy, type the file name extension in the "Extensions" box. To type more than one extension, separate the extensions with a semicolon (;).\n\nNote: To make changes to this policy effective, you must log off and log on again."
Pol_ExtExclusionList="Files not cached"
Pol_GoOfflineAction_Help="Determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.\n\nThis policy also disables the "When a network connection is lost" option on the Offline Files tab. This prevents users from trying to change the option while a policy controls it.\n\nIf you enable this policy, you can use the "Action" box to specify how computers in the group respond.\n\n-- "Work offline" indicates that the computer can use local copies of network files while the server is inaccessible.\n\n-- "Never go offline" indicates that network files are not available while the server is inaccessible.\n\nIf you disable this policy or select the "Work offline" option, users can work offline if disconnected.\n\nIf you do not configure this policy, users can work offline by default, but they can change this option.\n\nThis policy appears in the Computer Configuration and User Configuration folders. if both policies are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nTip: To configure this setting without establishing a policy, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, click Advanced, and then select an option in the "When a network connection is lost" section.\n\nAlso, see the "Non-default server disconnect actions" policy."
Pol_GoOfflineAction="Action on server disconnect"
Pol_NoCacheViewer_Help="Disables the Offline Files folder.\n\nThis policy disables the "View Files" button on the Offline Files tab. As a result, users cannot use the Offline Files folder to view or open copies of network files stored on their computer. Also, they cannot use the folder to view characteristics of offline files, such as their server status, type, or location.\n\nThis policy does not prevent users from working offline or from saving local copies of files available offline. Also, it does not prevent them from using other programs, such as Windows Explorer, to view their offline files.\n\nThis policy appears in the Computer Configuration and User Configuration folders. if both policies are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nTip: To view the Offline Files Folder, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then click "View Files.""
Pol_NoCacheViewer="Prevent use of Offline Files folder"
Pol_NoConfigCache_Help="Prevents users from enabling, disabling, or changing the configuration of Offline Files.\n\nThis policy removes the Offline Files tab from the Folder Options dialog box. It also removes the Settings item from the Offline Files context menu and disables the Settings button on the Offline Files Status dialog box. As a result, users cannot view or change the options on the Offline Files tab or Offline Files dialog box.\n\nThis is a comprehensive policy that locks down the configuration you establish by using other policies in this folder.\n\nThis policy appears in the Computer Configuration and User Configuration folders. if both policies are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nTip: This policy provides a quick method for locking down the default settings for Offline Files. To accept the defaults, just enable this policy. You do not have to disable any other policies in this folder."
Pol_NoConfigCache="Disable user configuration of Offline Files"
Pol_NoMakeAvailableOffline_Help="Prevents users from making network files and folders available offline.\n\nThis policy removes the "Make Available Offline" option from the File menu and from all context menus in Windows Explorer. As a result, users cannot designate files to be saved on their computer for offline use.\n\nHowever, this policy does not prevent the system from saving local copies of files that reside on network shares designated for automatic caching.\n\nThis policy appears in the Computer Configuration and User Configuration folders. if both policies are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration."
Pol_NoMakeAvailableOffline="Disable 'Make Available Offline'"
Pol_PurgeAtLogoff="At logoff, delete local copy of user’s offline files"
Pol_PurgeAtLogoff_Help="Deletes local copies of the user's offline files when the user logs off.\n\nThis policy specifies that automatically and manually cached offline files are retained only while the user is logged on to the computer. When the user logs off, the system deletes all local copies of offline files.\n\nIf you disable this policy or do not configure it, automatically and manually cached copies are retained on the user's computer for later offline use.\n\nCaution: Files are not synchronized before they are deleted. Any changes to local files since the last synchronization are lost."
Pol_NoReminders_Help="Hides or displays reminder balloons, and prevents users from changing the setting.\n\nReminder balloons appear above the Offline Files icon in the status area to notify users when they have lost the connection to a networked file and are working on a local copy of the file. Users can then decide how to proceed.\n\nIf you enable this policy, the system hides the reminder balloons, and prevents users from displaying them.\n\nIf you disable the policy, the system displays the reminder balloons, and prevents users from hiding them.\n\nIf this policy is not configured, reminder balloons are displayed by default when you enable offline files, but users can change the setting.\n\nTo prevent users from changing the setting while a policy is in effect, the system disables the "Enable reminders" option on the Offline Files tab\n\nThis policy appears in the Computer Configuration and User Configuration folders. If both policies are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nTip: To display or hide reminder balloons without establishing a policy, in Windows Explorer, on the Tools menu, click Folder Options, and then click the Offline Files tab. This policy corresponds to the "Enable reminders" check box."
Pol_NoReminders="Disable reminder balloons"
Pol_ReminderFreq_Help="Determines how often reminder balloon updates appear.\n\nThis policy also removes the "Display reminder balloon every ... minutes" option on the Offline Files tab. This prevents users from trying to change the option while a policy controls it.\n\nReminder balloons appear when the user's connection to a network file is lost or reconnected and are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this policy to change the update interval.\n\nThis policy appears in the Computer Configuration and User Configuration folders. if both policies are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nTip: To set reminder balloon frequency without establishing a policy, in Windows Explorer, on the Tools menu, click Folder Options, and then click the Offline Files tab. This policy corresponds to the "Display reminder balloons every ... minutes" option."
Pol_ReminderFreq="Reminder balloon frequency"
Pol_ReminderInitTimeout_Help="Determines how long the first reminder balloon for a network status change is displayed.\n\nReminder balloons appear when the user's connection to a network file is lost or reconnected and are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this policy to change the duration of the first reminder.\n\nThis policy appears in the Computer Configuration and User Configuration folders. if both policies are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration."
Pol_ReminderTimeout_Help="Determines how long updated reminder balloons are displayed.\n\nReminder balloons appear when the user's connection to a network file is lost or reconnected and are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this policy to change the duration of the update reminder.\n\nThis policy appears in the Computer Configuration and User Configuration folders. if both policies are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration."
Pol_ReminderTimeout="Reminder balloon lifetime"
Pol_SyncAtLogoff_Help="Determines whether offline files are fully synchronized when users log off.\n\nThis policy also disables the "Synchronize all offline files before logging off" option on the Offline Files tab. This prevents users from trying to change the option while a policy controls it.\n\nIf you enable this policy, offline files are fully synchronized. Full synchronization ensures that offline files are complete and current.\n\nIf you disable this policy, the system only performs a quick synchronization. Quick synchronization ensures that files are complete, but does not ensure that they are current.\n\nIf you do not configure this policy, the system performs a quick synchronization by default, but users can change this option.\n\nThis policy appears in the Computer Configuration and User Configuration folders. if both policies are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nTip: To change the synchronization method without setting a policy, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then select the "Synchronize all offline files before logging off" option."
Pol_SyncAtLogoff="Synchronize all offline files before logging off"
PolicyPolicies="Group Policy"
PrimaryDnsSuffix_Help="Specifies the primary Domain Name System (DNS) suffix for all affected computers. The primary DNS suffix is used in DNS name registration and DNS name resolution.\n\nThis policy lets you specify a primary DNS suffix for a group of computers, and prevents users, including administrators, from changing it.\n\nIf you disable this policy or do not configure it, each computer uses its local primary DNS suffix, which is usually the DNS name of Active Directory domain to which it is joined. However, administrators can use System in Control Panel to change the primary DNS suffix of a computer.\n\nTo use this policy, in the text box provided, type the entire primary DNS suffix you want to assign. For example, microsoft.com.\n\nThis policy does not disable the DNS Suffix and NetBIOS Computer Name dialog box that administrators use to change the primary DNS suffix of a computer. However, if administrators enter a suffix, that suffix is ignored while this policy is enabled.\n\nImportant: To make \
changes to this policy effective, you must restart Windows 2000 on all computers affected by the policy.\n\nNote: This policy has no effect on domain controllers.\n\nTip: To change the primary DNS suffix of a computer without setting a policy, click System in Control Panel, click the Network Identification tab, click Properties, click More, and then enter a suffix in the "Primary DNS suffix of this computer" box.\n\nFor more information about DNS, see "Domain Name System (DNS)" in Windows 2000 Help."
PrimaryDnsSuffix="Primary DNS Suffix"
PrimaryDnsSuffixBox="Enter a primary DNS suffix: "
PrinterDirectorySearchScope_Help="Specifies the Active Directory location where searches for printers begin.\n\nThe Add Printer wizard gives users the option of searching Active Directory for a shared printer. If you enable this policy, these searches begin at the location you specify in the "Default Active Directory path" box. Otherwise, searches begin at the root of Active Directory.\n\nThis policy only provides a starting point for Active Directory searches for printers. It does not restrict user searches through the Active Directory."
PrinterDirectorySearchScope_Name="Default Active Directory path"
PrinterDirectorySearchScope_Tip1="Enter a default Active Directory path where users start their "
PrinterDirectorySearchScope_Tip2="search for printers. This setting affects the printer "
PrinterDirectorySearchScope_Tip3="search dialog when started from the Add Printer wizard."
PrinterDirectorySearchScope_Tip4="e.g. To start search in domain1.mycompany.com enter path as"
PrinterDirectorySearchScope="Default Active Directory path when searching for printers"
Printers="Printers"
PrinterServerThread_Help="Announces the presence of shared printers to print browse master servers for the domain.\n\nOn Windows 2000 domains with Active Directory, shared printer resources are available in Active Directory and are not announced.\n\nIf you enable this policy, the print spooler announces shared printers to the print browse master servers. As a result, shared printers appear in the domain list in the Browse for Printer dialog box of the Add Printer wizard.\n\nIf you disable this policy, shared printers are not announced to print browse master servers, even if Active Directory is not available.\n\nIf you do not configure this policy, shared printers are announced to browse master servers only when Active Directory is not available.\n\nNote: A client license is used each time a client computer announces a printer to a print browse master on the domain."
PrinterServerThread_Tip1="Enabling this setting will cause the print subsystem to announce"
PrinterServerThread_Tip2="shared printers for printer browsing. Disable this setting if you"
PrinterServerThread_Tip3="do not want the print subsystem add shared printers to the browse list."
PrinterServerThread_Tip4="If this setting is not configured, shared printers will not be added to"
PrinterServerThread_Tip5="the browse list if a Directory Service is available, but will be added"
PrinterServerThread_Tip6="if a Directory Service is not available."
PrinterServerThread="Printer browsing"
PriorityLevel="Priority level:"
ProfileDlgTimeOut_Help="Determines how long the system waits for a user response before it uses a default value.\n\nThe default value is applied when the user does not respond to messages explaining that any of the following events has occurred:\n\n-- The system detects a slow connection between the user’s computer and the server that stores users' roaming user profiles.\n\n-- The system cannot access users’ server-based profiles when users log on or off.\n\n-- Users’ local profiles are newer than their server-based profiles.\n\nYou can use this policy to override the system's default value of 30 seconds. To use this policy, type a decimal number between 0 and 600 for the length of the interval."
ProfileDlgTimeOut="Timeout for dialog boxes"
ProfileDlgWaitInterval="Time (seconds)"
ProfileErrorAction="Log users off when roaming profile fails"
ProfileErrorAction_Help="Logs a user off automatically when the system cannot load the user's roaming user profile.\n\nThis policy is used when the system cannot find the roaming user profile or the profile contains errors which prevent it from loading correctly.\n\nIf you disable this policy or do not configure it, when the roaming profile fails, the system loads a local copy of the roaming user profile, if one is available. Otherwise, the system loads the default user profile (stored in %Systemroot%\Documents and Settings\Default User).\n\nAlso, see the "Delete cached copies of roaming profiles" policy."
ProfileErrorActionDesc="If an error occurs when loading the user's profile:"
ProfileSize="Max Profile size (KB)"
ProfileUnloadTimeout="Maximum retries to unload and update user profile"
ProfileUnloadTimeout_Help="Determines how many times the system tries to unload and update the registry portion of a user profile. When the number of trials specified by this policy is exhausted, the system stops trying. As a result, the user profile might not be current, and local and roaming user profiles might not match.\n\nWhen a user logs off of the computer, the system unloads the user-specific section of the registry (HKEY_CURRENT_USER) into a file (NTUSER.DAT) and updates it. However, if another program or service is reading or editing the registry, the system cannot unload it. The system tries repeatedly (at a rate of once per second) to unload and update the registry settings. By default, the system repeats its periodic attempts 60 times (over the course of one minute).\n\nIf you enable this policy, you can adjust the number of times the system tries to unload and update the user's registry settings. (You cannot adjust the retry rate.)\n\nIf you disable this policy or do not configure it, the \
system repeats its attempt 60 times.\n\nIf you set the number of retries to 0, the system tries just once to unload and update the user's registry settings. It does not try again.\n\nNote: This policy is particularly important to servers running Terminal Services. Because Terminal Services edits the user's registry settings when they log off, the system's first few attempts to unload the user settings are more likely to fail.\n\nThis policy does not affect the system's attempts to update the files in the user profile.\n\nTip: Consider increasing the number of retries specified in this policy if there are many user profiles stored in the computer's memory. This indicates that the system has not been able to unload the profile.\n\nAlso, check the Application Log in Event Viewer for events generated by Userenv. The system records an event whenever it tries to unload the registry portion of the user profile. The system also records an event when it fails to update the files in a user profile."
ProfileUnloadTimeoutPrompt="Max retries: "
PromptRunAsInstallNetPath_Help="Prompts users for alternate logon credentials during network-based installations.\n\nThis policy displays the "Install Program As Other User" dialog box even when a program is being installed from files on a network computer across a local area network connection.\n\nIf you disable this policy or do not configure it, this dialog box appears only when users are installing programs from local media.\n\nThe "Install Program as Other User" dialog box prompts the current user for the user name and password of an administrator. This policy allows administrators who have logged on as regular users to install programs without logging off and logging on again using their administrator credentials.\n\nIf the dialog box does not appear, the installation proceeds with the current user's permissions. If these permissions are not sufficient, the installation might fail, or it might complete but not include all features. Or, it might appear to complete successfully, but the installed program might not operate correctly.\n\nNote: If enabled, the "Do not request alternate credentials" policy takes precedence over the setting for this policy. When that policy is enabled, users are not prompted for alternate logon credentials on any installation."
PromptRunasInstallNetPath="Request credentials for network installations"
PropertyPages="Hide Property Pages"
PropertyPagesHelp="Prevents users from viewing and changing the properties of an existing task.\n\nThis policy removes the Properties item from the File menu in Scheduled Tasks and from the context menu that appears when you right-click a task. As a result, users cannot change any properties of a task. They can only see the properties that appear in Detail view and in the task preview.\n\nThis policy prevents users from viewing and changing characteristics such as the program the task runs, its schedule details, idle time and power management settings, and its security context.\n\nNote: This policy appears in the Computer Configuration and User Configuration folders. if both policies are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nTip: This policy affects existing tasks only. To prevent users from changing the properties of newly created tasks, use the "Disable Advanced Menu" policy."
PruneDownlevel_Found="Only if Print Server is found."
PruneDownlevel_Help="Determines whether the system prunes (deletes from Active Directory) printers that are not automatically republished. This policy applies to printers running operating systems other than Windows 2000 and to Windows 2000 printers published outside of their domain.\n\nThe Windows 2000 pruning service prunes printer objects from Active Directory when the computer that published them does not respond to contact requests. Computers running Windows 2000 detect and republish deleted printer objects when they rejoin the network. However, because non-Windows 2000 computers and computers in other domains cannot republish printers in Active Directory automatically, then, by default, the system never prunes their printer objects.\n\nYou can enable this policy to change the default behavior. To use this policy, select one of the following options from the "Prune non-republishing printers" box:\n\n-- "Never" specifies that printer objects that are not automatically republished are never pruned. "Never" is the default.\n\n-- "Only if Print Server is found" prunes printer objects that are not automatically republished only when the print server responds, but the printer is unavailable.\n\n-- "Whenever printer is not found" prunes printer objects that are not automatically republished whenever the host computer does not respond, just as it does with Windows 2000 printers.\n\nNote: This policy applies to printers published by using Active Directory Users and Computers or Pubprn.vbs. It does not apply to printers published by using Printers in Control Panel.\n\nTip: If you disable automatic pruning, remember to delete printer objects manually whenever you remove a printer or print server."
PruneDownlevel_Never="Never"
PruneDownlevel_NotFound="Whenever printer is not found."
PruneDownlevel_Tip1="Select the method by which non-republishing printers should be pruned."
PruneDownlevel="Prune printers that are not automatically republished"
PruningInterval_Help="Specifies how often the pruning service on a domain controller contacts computers to verify that their printers are operational.\n\nThe pruning service periodically contacts computers that have published printers. If a computer does not respond to the contact message (optionally, after repeated attempts), the pruning service "prunes" (deletes from Active Directory) printer objects the computer has published.\n\nBy default, the pruning service contacts computers every eight hours and allows two repeated contact attempts before deleting printers from Active Directory. You can use this policy to change the interval between contact attempts. To change the number of attempts, use the "Directory Pruning Retry" policy.\n\nNote: This policy is used only on domain controllers."
PruningInterval_Tip1="The Pruning Interval determines the period of time the pruner "
PruningInterval_Tip2="sleeps between checks for abandoned PrintQueues."
PruningInterval="Directory pruning interval"
PruningIntervalTitle="Interval:"
PruningNever="Never"
PruningPriority_Help="Sets the priority of the pruning thread.\n\nThe pruning thread, which runs only on domain controllers, deletes printer objects from Active Directory if the printer that published the object does not respond to contact attempts. This process keeps printer information in Active Directory current.\n\nThe thread priority influences the order in which the thread receives processor time and determines how likely it is to be preempted by higher priority threads.\n\nBy default, the pruning thread runs at normal priority. However, you can adjust the priority to improve the performance of this service.\n\nNote: This policy is used only on domain controllers."
PruningPriority_Tip1="Use this policy to change the pruning thread's priority."
PruningPriority="Directory pruning priority"
PruningRetries_Help="Specifies how many times the pruning service on a domain controller repeats its attempt to contact a computer before pruning the computer's printers.\n\nThe pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact message, the message is repeated for the specified number of times. If the computer still fails to respond, then the pruning service "prunes" (deletes from Active Directory) printer objects the computer has published.\n\nBy default, the pruning service contacts computers every eight hours and allows two retries before deleting printers from Active Directory. You can use this policy to change the number of retries. To change the interval between attempts, use the "Directory Pruning Interval" policy.\n\nNote: This policy is used only on domain controllers."
PruningRetries_Tip1="Pruning Retry determines the number of times the "
PruningRetries_Tip2="pruner will attempt to contact the print server before "
PruningRetries_Tip3="deleting an abandoned printer."
PruningRetries="Directory pruning retry"
PruningRetries0="No Retry"
PruningRetries1="1 Retry"
PruningRetries2="2 Retries"
PruningRetries3="3 Retries"
PruningRetries4="4 Retries"
PruningRetries5="5 Retries"
PruningRetries6="6 Retries"
PruningRetriesTitle="Retries:"
PublishPrinters_Help="Determines whether the computer's shared printers can be published in Active Directory.\n\nIf you enable this policy or do not configure it, users can use the "List in directory" option in the Printers folder or the Add Printer wizard to publish shared printers in Active Directory.\n\nIf you disable this policy, this computer's shared printers cannot be published in Active Directory and the "List in directory" option is disabled."
PublishPrinters_Tip1="Enable or disable this setting to allow or deny"
PublishPrinters_Tip2="publishing of printers on this machine. The default"
PublishPrinters_Tip3="is to allow this machine to publish printers."
PublishPrinters="Allow printers to be published"
RegionalOptions="Regional Options"
RestNoDrives="Do not restrict drives"
RestrictApps_Help="Limits the Windows programs that users have permission to run on the computer.\n\nIf you enable this policy, users can only run programs that you add to the List of Allowed Applications.\n\nThis policy only prevents users from running programs that are started by the Windows Explorer process. It does not prevent users from running programs such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt, Cmd.exe, this policy does not prevent them from starting programs in the command window that they are not permitted to start by using Windows Explorer."
RestrictApps_Tip1=" "
RestrictApps_Tip2="To create a list of allowed applications, click Show,"
RestrictApps_Tip3="then Add, and enter the application executable name"
RestrictApps="Run only allowed Windows applications"
RestrictAppsList="List of allowed applications"
RestrictCpls_Help="Hides all Control Panel items and folders except those specified in this policy.\n\nThis policy removes all Control Panel items (such as Network) and folders (such as Fonts) from the Control Panel window and the Start menu. It removes Control Panel items you have added to your system, as well the Control Panel items included in Windows 2000. The only items displayed in Control Panel are those you specify in this policy.\n\nTo display a Control Panel item, type the file name of the item, such as Ncpa.cpl (for Network). To display a folder, type the folder name, such as Fonts. If you do not specify any items or folders, the Control Panel window is empty.\n\nThis policy affects the Start menu and Control Panel window only. It does not prevent users from running any Control Panel items.\n\nAlso, see the "Disable Display in Control Panel" policy in User Configuration\Administrative Templates\Control Panel\Display.\n\nIf both the "Hide specified control panel applets" policy and the "Show only specified control panel applets" policy are enabled, the "Show only specified control panel applets" policy is ignored.\n\nTip: To find the file name of a Control Panel item, search for files with the .cpl file name extension in the %Systemroot%\System32 directory."
RestrictCpls_Tip1="To create a list of allowed control panel applets, click Show,"
RestrictCpls_Tip2="then Add, and enter the control panel file name (ends with .cpl)"
RestrictCpls_Tip3="or the name displayed under that item in the control panel."
RestrictCpls="Show only specified control panel applets"
RestrictCplsList="List of allowed control panel applets"
Restrictions="Restrictions"
RestrictUILangSelect="Restrict selection of Windows 2000 menus and dialogs language"
RestrictUILangSelect_Help="This policy restricts users to the specified language, by disabling the menus and dialogs control in the Regional Options control panel. If the specified language is not installed on the target computer, the language selection will default to English."
Run_Legacy_Logon_Script_Hidden_Explain="Hides the instructions in logon scripts written for Windows NT 4.0 and earlier.\n\nLogon scripts are batch files of instructions that run when the user logs on. By default, Windows 2000 displays the instructions in logon scripts written for Windows NT 4.0 and earlier in a command window as they run, although it does not display logon scripts written for Windows 2000.\n\nIf you enable this policy, Windows 2000 does not display logon scripts written for Windows NT 4.0 and earlier.\n\nAlso, see the "Run Logon Scripts Visible" policy."
Run_Logoff_Script_Visible_Explain="Displays the instructions in logoff scripts as they run.\n\nLogoff scripts are batch files of instructions that run when the user logs off. By default, the system does not display the instructions in the logoff script.\n\nIf you enable this policy, the system displays each instruction in the logoff script as it runs. The instructions appear in a command window. This setting is designed for advanced users.\n\nIf you disable this policy or do not configure it, the instructions are suppressed."
Run_Logon_Script_Sync_Help="Directs the system to wait for the logon scripts to finish running before it starts the Windows Explorer interface program and creates the desktop.\n\nIf you enable this policy, Windows Explorer does not start until the logon scripts have finished running. This setting assures that logon script processing is complete before the user starts working, but it can delay the appearance of the desktop.\n\nIf you disable this policy or do not configure it, the logon scripts and Windows Explorer are not synchronized and can run simultaneously.\n\nThis policy appears in the Computer Configuration and User Configuration folders. The policy set in Computer Configuration takes precedence over the policy set in User Configuration."
Run_Logon_Script_Visible_Explain="Displays the instructions in logon scripts as they run.\n\nLogon scripts are batch files of instructions that run when the user logs on. By default, the system does not display the instructions in the logon script.\n\nIf you enable this policy, the system displays each instruction in the logon script as it runs. The instructions appear in a command window. This setting is designed for advanced users.\n\nIf you disable this policy or do not configure it, the instructions are suppressed."
Run_Help="Specifies additional programs or documents that Windows starts automatically when a user logs on to the system.\n\nTo use this policy, click Show, click Add and, in the text box, type the name of the executable program (.exe) file or document file. Unless the file is located in the %Systemroot% directory, you must specify the fully qualified path to the file.\n\nNote: This policy appears in the Computer Configuration and User Configuration folders. if both policies are configured, the system starts the programs specified in the Computer Configuration policy just before it starts the programs specified in the User Configuration policy.\n\nAlso, see the "Disable legacy run list" and the "Disable the run once list" policies."
Run="Run these programs at user logon"
RunListBox="Items to run at logon"
Run_Shutdown_Script_Visible_Explain="Displays the instructions in shutdown scripts as they run.\n\nShutdown scripts are batch files of instructions that run when the user restarts the system or shuts it down. By default, the system does not display the instructions in the shutdown script.\n\nIf you enable this policy, the system displays each instruction in the shutdown script as it runs. The instructions appear in a command window.\n\nIf you disable this policy or do not configure it, the instructions are suppressed."
Run_Startup_Script_Sync_Help="Lets the system run startup scripts simultaneously.\n\nStartup scripts are batch files that run before the user is invited to log on. By default, the system waits for each startup script to complete before it runs the next startup script.\n\nIf you enable this policy, the system does not coordinate the running of startup scripts. As a result, startup scripts can run simultaneously.\n\nIf you disable this policy or do not configure it, a startup cannot run until the previous script is complete."
Run_Startup_Script_Visible_Explain="Displays the instructions in startup scripts as they run.\n\nStartup scripts are batch files of instructions that run before the user is invited to log on. By default, the system does not display the instructions in the startup script.\n\nIf you enable this policy, the system displays each instruction in the startup script as it runs. The instructions appear in a command window. This setting is designed for advanced users.\n\nIf you disable this policy or do not configure it, the instructions are suppressed."
SafeForScripting="Disable IE security prompt for Windows Installer scripts"
SafeForScripting_Help="Allows Web-based programs to install software on the computer without notifying the user.\n\nBy default, when a script hosted by an Internet browser tries to install a program on the system, the system warns users and allows them to select or refuse the installation. This policy suppresses the warning and allows the installation to proceed.\n\nThis policy is designed for enterprises that use Web-based tools to distribute programs to their employees. However, because this policy can pose a security risk, it should be applied cautiously."
ScreenSaverActive_Help="Enables desktop screen savers.\n\nIf you disable this policy, screen savers do not run. Also, this policy disables the Screen Saver section of the Screen Saver tab in Display in Control Panel. As a result, users cannot change the screen saver options.\n\nIf you do not configure it, this policy has no effect on the system.\n\nIf you enable it, a screen saver will run provided the following two condtions hold: First, a valid screensaver on the client is specified via the "Screensaver executable name" policy or via Control Panel on the client computer. Second, the screensaver timeout is set to a nonzero value via the policy or Control Panel.\n\nAlso, see the "Hide Screen Saver tab" policy."
ScreenSaverActive="Activate screen saver"
ScreenSaverFilename_Help="Specifies the screen saver for the user's desktop.\n\nIf you enable this policy, the system displays the specified screen saver on the user's desktop. Also, this policy disables the drop-down list of screen savers on the Screen Saver tab in Display in Control Panel, preventing users from changing the screen saver.\n\nIf you disable this policy, or do not configure it, users can select any screen saver.\n\nTo use this policy, type the name of the file that contains the screen saver, including the .scr file name extension. If the screen saver file is not in the %Systemroot%\System32 directory, enter the fully qualified path to the file.\n\nIf the specified screen saver is not installed on a computer to which this policy applies, the policy is ignored.\n\nNote: This policy can be superceded by disabling the "Activate screen saver" policy. If "Activate screen saver" is disabled, this policy is ignored and screen savers do not run."
ScreenSaverIsSecure_Help="Determines whether screen savers used on the computer are password protected.\n\nIf you enable this policy, all screen savers are password protected. If you disable this policy, password protection cannot be set on any screen saver.\n\nThis policy also disables the "Password protected" check box on the Screen Saver tab in Display in Control Panel, preventing users from changing the password protection setting.\n\nIf you do not configure this policy, users can choose whether or not to set password protection on each screen saver.\n\nThis policy is used only when a screen saver is specified for the computer. To specify a screen saver on a computer, in Control Panel, double-click Display, and then click the Screen Saver tab. To specify a screen saver in a policy, use the "Screen saver executable name" policy.\n\nNote: To remove the Screen Saver tab, use the "Hide Screen Saver tab" policy."
ScreenSaverIsSecure="Password protect the screen saver"
ScreenSaverTimeOut="Screen Saver timeout"
ScreenSaverTimeOut_Tip1="Number of seconds to wait to enable the Screen Saver"
ScreenSaverTimeOutFreqSpin="Seconds:"
ScreenSaverTimeOut_Help="Specifies how much user idle time must elapse before the screen saver is launched.\n\nWhen configured, this idle time can be set from a minimum of 1 second to a maximum of 86400 seconds, or 24 hours. If set to zero, the screen saver will not be launched.\n\nThis policy has no effect under any of the following circumstances:\n\n - The policy is disabled or not configured.\n - The wait time is set to zero.\n - The "Activate screen saver" policy is disabled.\n - Neither the "Screen saver executable name" policy\n nor the Screen Saver tab of the client computer's\n Display Properties dialog box specifies a valid,\n existing screensaver program on the client.\n\nWhen not configured, whatever wait time is set on the client through the Screen Saver tab of the Display Properties dialog box is used. The default is 15 minutes."
Script_Tip1="Wait for the logon scripts to complete before starting"
Script_Tip2="the users's shell. If this value is also set in the"
Script_Tip3="Computer section, that value takes precedence."
Script_Tip4="User section, this value takes precedence."
SearchOrder_Help="Specifies the order in which Windows Installer searches for installation files.\n\nBy default, the Windows Installer searches the network first, then removable media (floppy drive, CD-ROM, or DVD), and finally, the Internet (URL).\n\nTo change the search order, enable the policy, and then type the letters representing each file source in the order that you want Windows Installer to search.:\n\n-- "n" represents the network;\n\n-- "m" represents media;\n\n-- "u" represents URL, or the Internet.\n\nTo exclude a file source, omit or delete the letter representing that source type."
SearchOrder="Search order"
SearchOrderT1="Order in which to search the three types of sources."
SearchOrderT2="n = network, m = media (CD), u = URL"
SearchOrderT3="Leave letter(s) out to remove that type of source from the search."
SearchOrderT4="A few valid examples: nmu, n, nu, mn"
ServerAppsServices="Server Applications and Services"
ServerName="Server name:"
ShellName="Custom user interface"
ShellName_Help="Specifies an alternate user interface for Windows 2000.\n\nThe Explorer program (Explorer.exe) creates the familiar Windows interface, but you can use this policy to specify an alternate interface. If you enable this policy, the system start the interface you specify instead of Explorer.exe.\n\nTo use this policy, copy your interface program to a network share or to your system drive. Then, enable this policy, and type the name of the interface program, including the file name extension, in the Shell name text box. If the interface program file is not located in a folder specified in the Path environment variable for your system, enter the fully qualified path to the file.\n\nIf you disable this policy or do not configure it, the policy is ignored and the system displays the Explorer interface.\n\nTip: To find the folders indicated by the Path environment variable, click System Properties in Control Panel, click the Advanced tab, click the Environment Variables button, and then, in the System variables box, click Path."
ShellNameInst="Interface file name (for example, Explorer.exe)"
SizeMessage="Custom Message"
SlowLinkDefault_Help="Directs the system to wait for the remote copy of the roaming user profile to load, even when loading is slow. Also, the system waits for the remote copy when the user is notified about a slow connection, but does not respond in the time allowed.\n\nThis policy and related policies in this folder together define the system's response when roaming user profiles are slow to load.\n\nIf you disable this policy or do not configure it, then when a remote profile is slow to load, the system loads the local copy of the roaming user profile. The local copy is also used when the user is consulted (as set in the "Prompt user when slow link is detected" policy), but does not respond in the time allowed (as set in the "Timeout for dialog boxes" policy).\n\nWaiting for the remote profile is appropriate when users move between computers frequently and the local copy of their profile is not always current. Using the local copy is desirable when quick logging on is a priority.\n\nImportant: If the "Do \
not detect slow network connections" policy is enabled, this policy is ignored. Also, if the "Delete cached copies of roaming profiles" policy is enabled, there is no local copy of the roaming profile to load when the system detects a slow connection."
SlowLinkDefault="Wait for remote user profile"
SlowLinkTimeOut_Help="Defines a slow connection for roaming user profiles.\n\nIf the server on which the user's roaming user profile resides takes longer to respond than the thresholds set by this policy allow, then the system considers the connection to the profile to be slow.\n\nThis policy and related policies in this folder together define the system's response when roaming user profiles are slow to load.\n\nThis policy establishes thresholds for two tests. For computers connected to IP networks, the system measures the rate at which the remote server returns data in response to an IP ping message. To set a threshold for this test, in the Connection speed box, type a decimal number between 0 and 4,294,967,200, representing the minimum acceptable transfer rate in kilobits per second. By default, if the server returns fewer than 500 kilobits of data per second, it is considered to be slow.\n\nFor non-IP computers, the system measures the responsiveness of the remote server's file system. To set a threshold for this test, in the Time box, type a decimal number between 0 and 20,000, representing the maximum acceptable delay, in milliseconds. By default, if the server's file system does not respond within 120 milliseconds, it is considered to be slow.\n\nConsider increasing this value for clients using DHCP Service-assigned addresses or for computers accessing profiles across dial-up connections.\n\nImportant: If the "Do not detect slow network connections" policy is enabled, this policy is ignored. Also, if the "Delete cached copies of roaming profiles" policy is enabled, there is no local copy of the roaming profile to load when the system detects a slow connection."
SlowLinkTimeOut="Slow network connection timeout for user profiles"
SlowLinkWaitInterval="Time (milliseconds)"
StartMenu="Start Menu & Taskbar"
StartMenuLogoff_Help="Removes the "Log Off <username>" item from the Start menu and prevents users from restoring it.\n\nIf you enable this policy, the Log Off <username> item does not appear in the Start menu. This policy also removes the Display Logoff item from Start Menu Options. As a result, users cannot restore the Log Off <username> item to the Start Menu.\n\nIf you disable this policy or do not configure it, users can use the Display Logoff item to add and remove the Log Off item.\n\nThis policy affects the Start menu only. It does not affect the Log Off item on the Windows Security dialog box that appears when you press Ctrl+Alt+Del, and it does not prevent users from using other methods to log off.\n\nTip: To add or remove the Log Off item on a computer, click Start, click Settings, click Taskbar & Start Menu, click the Start Menu Options tab and, in the Start Menu Settings box, click Display Logoff.\n\nSee also: "Disable Logoff" in User Configuration\Administrative Templates\System\Logon/Logoff."
StartMenuLogoff="Disable Logoff on the Start Menu"
StdCheckT="Check to force setting on; uncheck to force setting off."
SystemControl="System"
sz_ActiveDesktop_Title="Active Desktop"
sz_AdminComponents_Title="Add/Delete items"
sz_ATC_AdminAddItem="Enter URL(s) of desktop item(s) to Add (space separated): "
sz_ATC_AdminDeleteItem="Enter URL(s) of desktop item(s) to Delete (space separated): "
sz_ATC_DisableAdd="Prohibit adding items"
sz_ATC_DisableClose="Prohibit closing items"
sz_ATC_DisableDel="Prohibit deleting items"
sz_ATC_DisableEdit="Prohibit editing items"
sz_ATC_NoComponents="Disable all items"
sz_DB_DragDropClose="Disable adding, dragging, dropping and closing the Taskbar's toolbars"
sz_DWP_NoHTMLPaper="Allow only bitmapped wallpaper"
sz_WallPaper_Title="Desktop WallPaper Settings"
TaskCreation="Disable New Task Creation"
TaskCreationHelp="Prevents users from creating new tasks.\n\nThis policy removes the Add Scheduled Task item that starts the New Task wizard. Also, the system does not respond when users try to move, paste, or drag programs or documents into the Scheduled Tasks folder.\n\nNote: This policy appears in the Computer Configuration and User Configuration folders. if both policies are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nImportant: This policy does not prevent administrators of a computer from using At.exe to create new tasks or prevent administrators from submitting tasks from remote computers."
TaskDeletion="Disable Task Deletion"
TaskDeletionHelp="Prevents users from deleting tasks from the Scheduled Tasks folder.\n\nThis policy removes the Delete item from the Edit menu in the Scheduled Tasks folder and from the menu that appears when you right-click a task. Also, the system does not respond when users try to cut or drag a task from the Scheduled Tasks folder.\n\nNote: This policy appears in the Computer Configuration and User Configuration folders. if both policies are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.\n\nImportant: This policy does not prevent administrators of a computer from using At.exe to delete tasks."
TransferRateTip1="This policy allows you to define what a slow connection is."
TransferRateTip2="Connections below this speed are considered slow and"
TransferRateTip3="connections above this speed are considered fast."
TransferRateTip4="Enter 0 to disable slow link detection."
TransferRateTip5="For more details, see the Explain tab."
TransferRateTip6="If the profile server has IP connectivity, the connection"
TransferRateTip7="speed policy will be used. If the profile server does not"
TransferRateTip8="have IP connectivity, the SMB timing will be used."
TransferRateTip9="or"
TransformsSecure="Cache transforms in secure location on workstation"
TransformsSecure_Help="Saves copies of transform files in a secure location on the local computer.\n\nTransform files consist of instructions to modify or customize a program during installation. By default, Windows Installer stores transform files in the Application Data directory in the user's profile. When a user reinstalls, removes, or repairs an installation, the transform file is available, even if the user is on a different computer or isn’t connected to the network.\n\nIf you enable this policy, the transform file is saved in a secure location on the user's computer instead of in the user profile. Because Windows Installer requires the transform file in order to repeat an installation in which the transform file was used, the user must be using the same computer or be connected to the original or identical media to reinstall, remove, or repair the installation.\n\nThis policy is designed for enterprises that must take special precautions to prevent unauthorized or malicious editing of transform files."
UILang1="English"
UILang2="Japanese"
UILang3="Korean"
UILang4="German"
UILang5="Simplified Chinese"
UILang6="Traditional Chinese"
UILang7="French"
UILang8="Spanish"
UILang9="Italian"
UILang10="Swedish"
UILang11="Dutch"
UILang12="Brazilian"
UILang13="Finnish"
UILang14="Norwegian"
UILang15="Danish"
UILang16="Hungarian"
UILang17="Polish"
UILang18="Russian"
UILang19="Czech"
UILang20="Greek"
UILang21="Portuguese"
UILang22="Turkish"
UILang23="Arabic"
UILang24="Hebrew"
UILangSelect="Restrict users to the following language:"
UserANDMachineT="This policy must be set for the machine and the user to be enforced."
UserORMachineT="This policy may be set for the machine or for the user."
UserPolicyMode_Help="Applies alternate user policies when a user logs on to a computer affected by this policy.\n\nThis policy directs the system to apply the set of Group Policy objects for the computer to any user who logs on to a computer affected by this policy. It is intended for special-use computers, such as those in public places, laboratories, and classrooms, where you must modify the user policy based on the computer that is being used.\n\nBy default, the user's Group Policy objects determine which user policies apply. If this policy is enabled, then, when a user logs on to this computer, the computer's Group Policy objects determine which set of Group Policy objects applies.\n\nTo use this policy, select one of the following policy modes from the Mode box:\n\n-- "Replace" indicates that the user policies defined in the computer's Group Policy objects replace the user policies normally applied to the user.\n\n-- "Merge" indicates that the user policies defined in the computer's Group Policy \
objects and the user policies normally applied to the user are combined. If the policy settings conflict, the user policies in the computer's Group Policy objects take precedence over the user's normal policies.\n\nIf you disable this policy or do not configure it, the user's Group Policy objects determines which user policies apply.\n\nNote: This policy is effective only when both the computer account and the user account are in Windows 2000 domains."
UserPolicyMode_Merge="Merge"
UserPolicyMode_Replace="Replace"
UserPolicyMode="User Group Policy loopback processing mode"
UserPolicyModeOp="Mode:"
UserProfiles="Profiles"
VerboseStatus_Help="Directs the system to display highly detailed status messages.\n\nIf you enable this policy, the system displays status message that reflect each step in the process of starting, shutting down, logging on or logging off the system.\n\nThis policy is designed for sophisticated users that require this information.\n\nNote: This policy is ignored if the "Disable Boot / Shutdown / Logon / Logoff status messages" policy is enabled."
VerboseStatus="Verbose vs normal status messages"
VerifyPublishedState_Help="Directs the system to periodically verify that the printers published by this computer still appear in Active Directory. Also, this policy specifies how often the system repeats the verification.\n\nBy default, the system verifies published printers when it starts. This policy provides for periodic verification while the computer is operating.\n\nTo enable this additional verification, enable this policy, and then select a verification interval.\n\nTo disable verification, disable or do not configure this policy, or set the verification interval to "Never."
VerifyPublishedState_Tip1="Verify that all published printers are in the Active Directory."
VerifyPublishedState="Check published state"
VerifyPublishedState12Hours="12 Hours"
VerifyPublishedState1Day="1 Day"
VerifyPublishedState1Hour="1 Hour"
VerifyPublishedState30Minutes="30 Minutes"
VerifyPublishedState4Hours="4 Hours"
VerifyPublishedState8Hours="8 Hours"
VerifyPublishedStateNever="Never"
VerifyPublishedStateTitle="Published State Check Interval"
WAB="Windows Address Book"
Wallpaper="Active Desktop Wallpaper"
Wallpaper_Help="Specifies the desktop background ("wallpaper") displayed on all users' desktops.\n\nThis policy lets you specify the wallpaper on users' desktops and prevents users from changing the image or its presentation. The wallpaper you specify can be stored in a bitmap (*.bmp), JPEG (*.jpg), or HTML (*.htm, *.html) file.\n\nTo use this policy, type the fully-qualified path and name of the file that stores the wallpaper image. You can type a local path, such as C:\Winnt\Logo.bmp or a UNC path, such as \\Server\Share\Logo.bmp.\n\nIf the specified file is not available when the user logs on, no wallpaper is displayed. Users cannot specify alternate wallpaper.\n\nYou can also use this policy to specify that the wallpaper image be centered, tiled, or stretched. Users cannot change this specification.\n\nIf you disable this policy or do not configure it, no wallpaper is displayed. However, users can select the wallpaper of their choice.\n\nNote: This policy requires that Active Desktop be enabled. By default, Active Desktop is disabled. To use a policy to enable Active Desktop, use the "Enable Active Desktop" policy.\n\nAlso, see the "Allow only bitmapped wallpaper" and the "Disable changing wallpaper" policies."
WallpaperName="Wallpaper Name:"
WallpaperStyle="Wallpaper Style:"
WallpaperStyle_Center="Center"
WallpaperStyle_Tile="Tile"
WallpaperStyle_Stretch="Stretch"
Wallpaper_Tip1="Specifiy location and name"
Wallpaper_Tip2="Example: Using a local path: C:\Winnt\Logo.bmp"
Wallpaper_Tip3="Example: Using a UNC path: \\Server\Share\Logo.bmp"
Wallpaper_Tip4=" "
WarnUser="Notify user when profile storage space is exceeded."
WarnUserTimeout="Remind user every X minutes:"
WFP="Windows File Protection"
WFPDllCacheDir_Help="Specifies an alternate location for the Windows File Protection cache.\n\nTo use the policy, enable the policy, and enter the fully qualified local path to the new location in the "Cache file path" box.\n\nIf you disable this policy or do not configure it, the Windows File Protection cache is located in the %Systemroot%\System32\Dllcache directory.\n\nNote: Do not put the cache on a network shared directory."
WFPDllCacheDir="Specify Windows File Protection cache location"
WFPDllCacheDirBox="Cache file path:"
WFPQuota_Help="Specifies the maximum amount of disk space that can be used for the Windows File Protection file cache.\n\nWindows File Protection adds protected files to the cache until the cache content reaches the quota. If the quota is greater than 50 MB, WFP adds other important Windows 2000 files to the cache until the cache size reaches the quota.\n\nTo use this policy, enable the policy, and enter the maximum amount of disk space to be used (in MB). To indicate that the cache size is unlimited, select "4294967295" as the maximum amount of disk space.\n\nIf you disable this policy or do not configure it, the default value is set to 50 MB on Windows 2000 Professional and is unlimited (4294967295 MB) on Windows 2000 Server."
WFPQuota="Limit Windows File Protection cache size"
WFPQuota_Tip1="To indicate that the cache size is not limited, select the"
WFPQuota_Tip2=" maximum value, 4294967295."
WFPQuota_Size="Cache size (in MB)"
WFPScan_Help="Determines when Windows File Protection scans protected files. This policy directs Windows File Protection to enumerate and scan all system files for changes.\n\nYou can use this policy to direct Windows File Protection to scan files more often. By default, files are scanned only during setup.\n\nTo use this policy, enable the policy and select a rate from the "Scanning Frequency" box.\n\n-- "Do not scan during startup," the default, scans files only during setup.\n\n-- "Scan during startup" also scans files each time you start Windows 2000. This setting delays each startup.\n\n-- "Scan once" scans files the next time you start the system.\n\nNote: This policy affects file scanning only. It does not affect the standard background file change detection that Windows File Protection provides."
WFPScan="Set Windows File Protection scanning"
WFPScan_NotAtBoot="Do not scan during startup"
WFPScan_AtBoot="Scan during startup"
WFPScan_Once="Scan once"
WFPScanList="Scanning frequency:"
WFPShowProgress_Help="Hides the file scan progress window.\n\nThis window provides status information to sophisticated users, but might confuse novices.\n\nIf you enable this policy, the file scan window does not appear during file scanning.\n\nIf you disable this policy or do not configure it, the file scan progress window appears."
WFPShowProgress="Hide the file scan progress window"
Y2K_Help="Determines how programs interpret two-digit years.\n\nThis policy specifies the largest two-digit year interpreted as being preceded by 20. All numbers less than or equal to the specified value are interpreted as being preceded by 20. All numbers greater than the specified value are interpreted as being preceded by 19.\n\nFor example, the default value, 2029, specifies that all two-digit years less than or equal to 29 (00 to 29) are interpreted as being preceded by 20, that is 2000 to 2029. Conversely, all two-digit years greater than 29 (30 to 99) are interpreted as being preceded by 19, that is, 1930 to 1999.\n\nThis policy only affects the programs that use this Windows feature to interpret two-digit years. If a program does not interpret two-digit years correctly, consult the documentation or manufacturer of the program."
Y2K="Century interpretation for Year 2000"
Y2KSysCtrl="Specify the maximum year for which two-digit years are interpreted as being 21st century:"
