Appendix B: Group Policy Settings Listed Under the Internet Communication Management Category

 

Applies To: Windows 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 8

In this appendix

Overview of Group Policy settings listed under Internet Communication Management

Controlling multiple Group Policy settings through the Restrict Internet Communications setting

Group Policy settings that affect computer configuration

Group Policy settings that affect user configuration

Overview of Group Policy settings listed under Internet Communication Management

Windows contains a variety of Group Policy settings that can help you control the way that operating system features communicate across the Internet. This appendix describes the Group Policy settings that are presented under Internet Communication Management. It also describes how the Restrict Internet communication setting controls multiple other policy settings.

Important

The Restrict Internet communication policy setting controls the policy settings under Internet Communication Management only. In this document, when there is a procedure about a policy setting that is controlled by Restrict Internet communication, a note after the procedure describes the control relationship.

You can find Internet Communication Management in the following two locations in the Group Policy Management Console:

  • In Computer Configuration, click Policies (if present), and then click Administrative Templates\System.

  • In User Configuration, click Policies (if present), and then click Administrative Templates\System.

For information about using Group Policy, see Group Policy Overview.

Controlling multiple Group Policy settings through the Restrict Internet Communications setting

There are multiple ways to configure the Group Policy settings under Internet Communication Management. You can configure policy settings individually, which means you could configure, for example, Turn off Event Viewer "Events.asp" links differently from Turn off Windows Error Reporting. Alternatively, the policy setting called Restrict Internet communication allows you to enable or disable the entire collection of policy settings at one time.

If you want to enable or disable Restrict Internet communication, and then create exceptions to this master policy setting by configuring individual policy settings in Internet Communication Management, you must use two Group Policy Objects (GPOs).

Before you begin, ensure that you understand how processing and precedence works for multiple GPOs. Choose or create a GPO with a lower precedence than another GPO. In the GPO with lower precedence, enable or disable Restrict Internet communication. Then, in the GPO that has precedence, apply the individual policy settings that are exceptions to the master policy setting.

If you do not use two GPOs when you set Restrict Internet communication and the individual policy settings that are exceptions to the master policy setting, the policy settings might not work as expected. To check the effect of multiple Group Policy settings, you can view Group Policy Results in the GPMC.

For more information, see Group Policy Planning and Deployment Guide on the TechNet website.

Group Policy settings that affect computer configuration

This subsection describes the Group policy settings that are under Computer Configuration in Internet Communication Management (Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communications Settings). These policy settings apply to all users of an affected computer, and they come into effect when the computer starts or when Group Policy is refreshed.

All of the policy settings can also be enabled or disabled in one step by enabling or disabling the master policy setting that controls them, Restrict Internet communication. This policy setting is described in Controlling multiple Group Policy settings through the Restrict Internet Communications setting earlier in this section.

Note

This appendix describes only the policy settings that are available under Internet Communication Management. For information about all the Group Policy settings that are available, see the Group Policy Settings Reference on the Microsoft website.

Individual Group Policy settings that affect computer configuration

Note

The Restrict Internet communication policy setting interacts with all of the policy settings in the following list of Computer configuration policy settings.

More details about each policy setting are available in the Explain text for the policy setting. To view Explain text, select the policy setting in Group Policy and click the Extended tab, or open the policy setting and click the Explain tab.

  • Turn off access to all Windows Update features: Specifies whether Windows Update can be used to update the operating system on this computer.

  • Turn off access to the Store: Specifies whether the Store service is used to find an application to open a file with an unhandled file type or protocol association. If you enable this policy setting, Look for an app in the Store in the Open With dialog is removed. If you disable or do not configure this policy setting, the user is allowed to use the Store service and Store is available in the Open With dialog.

  • Turn off Automatic Root Certificates Update: Specifies whether to automatically update root certificates by using the list of trusted certification authorities that Microsoft maintains on the Windows Update website. If you enable this policy setting, when a user is presented with a certificate that is issued by an untrusted root authority, the user's computer will not contact the Windows Update website.

  • Turn off downloading of print drivers over HTTP: Specifies whether to allow this computer to download print drivers over HTTP when needed.

  • Turn off Event Viewer "Events.asp" links: Specifies whether the Internet links that are shown within events in Event Viewer are activated. When such a link is activated and the user clicks it, information that identifies the event is sent to a Microsoft website so that explanatory text, if available, can be sent back to the user.

  • Turn off handwriting personalization data sharing: Turns off data sharing from the handwriting recognition personalization tool. The handwriting recognition personalization tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection.

    If you enable this policy, Tablet PC users cannot choose to share writing samples from the handwriting recognition personalization tool with Microsoft. If you disable this policy, Tablet PC user writing samples from the handwriting recognition personalization tool will automatically be shared with Microsoft. If you do not configure this policy, Tablet PC users can choose if they want to share their writing samples from the handwriting recognition personalization tool with Microsoft.

  • Turn off handwriting recognition error reporting: Specifies whether users can report errors that they encounter in a Tablet PC Input Panel. This policy setting is related to the policy setting Turn off Windows Error Reporting. If you turn off Windows Error Reporting, you are also turning off error reporting for handwriting recognition.

    This policy setting is also described in Windows Error Reporting and the Problem Reports and Solutions Feature in Windows 8 and Windows Server 2012 in this document.

  • Turn off Help and Support Center "Did you know?" content: This policy setting is deprecated. See Turn off Windows Online in Group Policy settings that affect user configuration later in this section.

  • Turn off Help and Support Center Microsoft Knowledge Base search: This policy setting is deprecated. See Turn off Windows Online in Group Policy settings that affect user configuration later in this section.

  • Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com: This policy setting is deprecated.

  • Turn off Internet download for web publishing and online ordering wizards: Specifies whether Windows should download a list of providers for the Order Prints Wizard. By default, Windows displays providers that are downloaded from a Microsoft website in addition to providers that are specified in the registry.

    If you enable this policy setting, Windows will not download providers, and only the service providers that are stored in the local registry are displayed. When Windows 8 is installed, but the Order Prints Wizard has not been used, no service providers are stored in the local registry. If this Group Policy setting is applied at that time, the wizard will not display links to service providers.

    This policy does not affect Windows Server 2012 

  • Turn off Internet File Association service: Specifies whether to use the web-based File Association service or to use only locally stored information about file name extensions and file types. It also specifies the applications or features to use when opening a particular file type. The file association web service is used only when a user tries to open a file and there is no locally stored information about the file name extension.

  • Turn off printing over HTTP: Specifies whether to allow printing over HTTP from this computer. This policy setting does not control whether the computer can act as an Internet print server.

  • Turn off Registration if URL connection is referring to Microsoft.com: This policy is deprecated.

  • Turn off Search Companion content file updates: This policy setting is deprecated.

  • Turn off the "Order Prints" picture task: Specifies whether the Order Prints Wizard can be run from Windows Photo Gallery.

    This policy does not affect Windows Server 2012.

  • Turn off the "Publish to web" task for files and folders: This policy setting is deprecated.

  • Turn off the Windows Messenger Customer Experience Improvement Program: This policy setting is deprecated.

  • Turn off Windows Customer Experience Improvement Program: Specifies whether to opt out users from the Windows Customer Experience Improvement Program. If you enable this policy setting, all users are opted out of Windows Customer Experience Improvement Program.

    This policy setting is also described in Manage Privacy: Windows Customer Experience Improvement Program and Resulting Internet Communication.

  • Turn off Windows Error Reporting: Specifies whether error reports from a system or application that has stopped responding are sent to Microsoft. Error reports are used to improve the quality of the product. This policy setting overrides any user setting that is made from the Control Panel for error reporting.

    This policy setting and other ways of controlling error reporting through Group Policy are described in Manage Privacy: Windows Error Reporting and Resulting Internet Communication.

  • Turn off Windows Network Connectivity Status Indicator active tests: Prevents Network Connectivity Status Indicator (NCSI) from performing a network connectivity test that involves attempting to make a connection across the Internet.

  • Turn off Windows Update device driver searching: Specifies whether Windows searches Windows Update for device drivers when no local drivers for a device are present.

Group Policy settings that affect user configuration

This subsection describes the policy settings under User Configuration in Internet Communication Management (User Configuration\Administrative Templates\System\Internet Communication Management\Internet Communications Settings). These policy settings apply to the individual user, and they come into effect when the user signs in or when Group Policy is refreshed.

These policy settings are located in User Configuration under Policies (if present), in Administrative Templates\System\Internet Communication Management\Internet Communication settings.

All of the policy settings can be enabled or disabled in one step by enabling or disabling the master policy setting that controls them, Restrict Internet communication. This policy setting is described in Controlling multiple Group Policy settings through the Restrict Internet Communications setting earlier in this section.

Note

This appendix describes only the policy settings that are available under Internet Communication Management. For information about all the Group Policy settings that are available, see the Group Policy Settings Reference on the Microsoft website.

Group Policy settings that affect user configuration

The Restrict Internet communication policy setting interacts with all of the policy settings in the following list of user configuration policy settings under Internet Communication Management. You can also select the policy setting in Group Policy and click the Extended tab, or open the policy setting and click the Explain tab.

  • Turn off access to the Store: Specifies whether the Store service is used to find an application to open a file that has an unhandled file type or protocol association. When a user opens a file type or protocol that is not associated with any applications on the computer, the user is given the choice to select a local application or use the Store service to find an application. If you enable this policy setting, the Look for an app in the Store item in the Open With dialog is removed. If you disable or do not configure this policy setting, the user is allowed to use the Store service and the Store item is available in the Open With dialog.

  • Turn off downloading of print drivers over HTTP: Specifies whether to allow this computer to download print drivers over HTTP when needed.

  • Turn off handwriting personalization data sharing: Turns off data sharing from the handwriting recognition personalization tool. The handwriting recognition personalization tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection.

    If you enable this policy, Tablet PC users cannot choose to share writing samples from the handwriting recognition personalization tool with Microsoft. If you disable this policy, Tablet PC user writing samples from the handwriting recognition personalization tool will automatically be shared with Microsoft. If you do not configure this policy, Tablet PC users can choose whether they want to share their writing samples from the handwriting recognition personalization tool with Microsoft.

  • Turn off handwriting recognition error reporting: Specifies whether users can report errors that they encounter in the Tablet PC Input Panel. This policy setting is related to Turn off Windows Error Reporting, which is described in Individual Group Policy settings that affect computer configuration. If you turn off Windows Error Reporting, you are also turning off error reporting for handwriting recognition.

    This policy setting is also described in Windows Error Reporting and the Problem Reports and Solutions Feature in Windows 7 and Windows Server 2008 R2.

  • Turn off Help Experience Improvement Program: Specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it. If this setting is enabled, this policy prevents users from participating in the Help Experience Improvement program. If this setting is disabled or not configured, users will be able to turn on the Help Experience Improvement program feature from the Help and Support settings page.

  • Turn off Help Ratings: Specifies whether, when Online Help is turned on, a user can enter feedback into a form at the bottom of a Help topic, and then send that feedback to Microsoft.

  • Turn off Internet download for web publishing and online ordering wizards: Specifies whether Windows should download a list of providers for the Order Prints Wizard. By default, Windows displays providers that are downloaded from a Microsoft website in addition to providers that are specified in the registry.

    If you enable this policy setting, Windows will not download providers, and only the service providers that are stored in the local registry are displayed. When Windows is installed, but the Order Prints Wizard has not been used, no service providers are stored in the local registry. If this Group Policy setting is applied at that time, the wizard will not display links to service providers.

  • Turn off Internet File Association service: Specifies whether to use the web-based File Association service or to use only locally stored information about file name extensions and file types. It also specifies the applications or features to use when opening a particular file type. The File Association service is used only when a user tries to open a file and there is no locally stored information about the file name extension.

  • Turn off printing over HTTP: Specifies whether to allow printing over HTTP for this user. This policy setting does not control whether the computer can act as an Internet print server.

  • Turn off the "Order Prints" picture task: Specifies whether the Order Prints Wizard can be run from Windows Photo Gallery.

    This setting was deprecated in Windows Server 2012.

  • Turn off the “Publish to Web” task for files and folders: Specifies whether the tasks "Publish this file to the Web," "Publish this folder to the Web," and "Publish the selected items to the Web," are available from File and Folder Tasks in Windows folders. The Web Publishing Wizard is used to download a list of providers, and it allows users to publish content to the web. If you enable this setting, these tasks are removed from File and Folder Tasks in Windows folders. If you disable or do not configure this setting, the tasks will be shown.

  • Turn off Windows Online: Specifies whether users can see updated Help topics that Microsoft makes available across the Internet. If you turn off Windows Online, you also turn off Help Ratings and the Windows Customer Experience Improvement Program (which are dependent on the Windows Online policy setting).

  • Turn off the Windows Messenger Customer Experience Improvement Program: This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used. If you enable this policy setting, Windows Messenger does not collect usage information, and the user settings to enable the collection of usage information are not shown. If you disable this policy setting, Windows Messenger collects anonymous usage information, and the setting is not shown. If you do not configure this policy setting, users have the choice to opt in and allow information to be collected.