Appendix C: Group Policy Settings Listed Under the Internet Communication Management Category in Windows 7 and Windows Server 2008 R2
Applies To: Windows 7, Windows Server 2008 R2
In this appendix
Overview of Group Policy settings listed under the Internet Communication Management category
Controlling multiple Group Policy settings through the Restrict Internet Communications setting
Group Policy settings that affect computer configuration
Group Policy settings that affect user configuration
Overview of Group Policy settings listed under the Internet Communication Management category
Windows® 7 and Windows Server® 2008 R2 contain a variety of Group Policy settings that can help you control the way that operating system features communicate across the Internet. This appendix describes the Group Policy settings that are presented under the Internet Communication Management category. It also describes how the Restrict Internet communication setting controls multiple other policy settings.
Important
The Restrict Internet communication policy setting controls the policy settings under Internet Communication Management only. In this document, when there is a procedure about a policy setting that is controlled by Restrict Internet communication, a note after the procedure describes the control relationship.
You can find Internet Communication Management in the following two locations in the Group Policy Management Console:
In Computer Configuration under Policies (if present), in Administrative Templates\System.
In User Configuration, under Policies (if present), in Administrative Templates\System.
For information about using the Group Policy Management Console (GPMC), see Appendix B: Resources for Learning About Group Policy for Windows 7 and Windows Server 2008 R2.
Controlling multiple Group Policy settings through the Restrict Internet Communications setting
There are multiple ways to configure the Group Policy settings under Internet Communication Management in Windows 7 and Windows Server 2008 R2. You can configure policy settings individually, which means you could configure, for example, Turn off Event Viewer "Events.asp" links differently from Turn off Windows Error Reporting. Alternatively, the policy setting called Restrict Internet communication allows you to enable or disable the entire collection of policy settings at one time.
If you want to enable or disable Restrict Internet communication and then create exceptions to this master policy setting by configuring individual policy settings in Internet Communication Management, you must use two Group Policy objects (GPOs).
Before you begin, ensure that you understand how processing and precedence works for multiple GPOs (for more information, see Help in the Group Policy Management Console (GPMC). Choose or create a GPO with a lower precedence than another GPO. In the GPO with lower precedence, enable or disable Restrict Internet communication. Then, in the GPO that has precedence, apply the individual policy settings that are exceptions to the master policy setting.
If you do not use two GPOs when you set Restrict Internet communication and the individual policy settings that are exceptions to the master policy setting, the policy settings might not work as expected. To check the effect of multiple Group Policy settings, you can view Group Policy Results in the GPMC.
For more information, see Group Policy processing and precedence on the Microsoft® Web site.
Group Policy settings that affect computer configuration
This subsection describes the Group policy settings that are under Computer Configuration in Internet Communication Management. (The policy settings under User Configuration are described later in this appendix.) These policy settings apply to all users of an affected computer, and they come into effect when the computer starts or when Group Policy is refreshed.
These policy settings are located in Computer Configuration under Policies (if present), in Administrative Templates\System\Internet Communication Management\Internet Communication settings.
All of the policy settings can be enabled or disabled in one step by enabling or disabling the master policy setting that controls them, Restrict Internet communication. This policy setting is located in Computer Configuration under Policies (if present), in Administrative Templates\System\Internet Communication Management, and it is described in Controlling multiple Group Policy settings through the Restrict Internet Communications setting earlier in this section.
Note
This appendix describes only the policy settings that are available under Internet Communication Management. For information about all the Group Policy settings that are available in Windows 7 and Windows Server 2008 R2, see the Group Policy Settings Reference on the Microsoft Web site.
Individual Group Policy settings that affect computer configuration for Windows Server 2008 R2
Note
The Restrict Internet communication policy setting interacts with all of the policy settings in the following list.
The following list describes the Computer configuration policy settings. More details about each policy setting are available in the Explain text for the policy setting. To view Explain text, select the policy setting in Group Policy and click the Extended tab, or open the policy setting and click the Explain tab.
Turn off access to all Windows Update features: Specifies whether Windows Update can be used to update the operating system on this computer.
This policy setting is described in the Windows Update and Resulting Internet Communication in Windows Server 2008 section in this document.
Turn off Automatic Root Certificates Update: Specifies whether to automatically update root certificates by using the list of trusted certification authorities that Microsoft maintains on the Windows Update Web site. If you enable this policy setting, when a user is presented with a certificate that is issued by an untrusted root authority, the user's computer will not contact the Windows Update Web site.
Turn off downloading of print drivers over HTTP: Specifies whether to allow this computer to download print drivers over HTTP when needed.
This policy setting and other policy settings related to Internet printing are described in the Internet Printing and Resulting Internet Communication in Windows 7 and Windows Server 2008 R2 section in this document.
Turn off Event Viewer "Events.asp" links: Specifies whether the Internet links that are shown within events in Event Viewer are activated. When such a link is activated and the user clicks it, information that identifies the event is sent to a Microsoft Web site so that explanatory text, if available, can be sent back to the user.
This policy setting and the information that is sent and received when an Event Viewer link is clicked are described in the Event Viewer and Resulting Internet Communication in Windows 7 and Windows Server 2008 R2 section in this document.
Turn off handwriting personalization data sharing: Turns off data sharing from the handwriting recognition personalization tool. The handwriting recognition personalization tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection.
If you enable this policy, Tablet PC users cannot choose to share writing samples from the handwriting recognition personalization tool with Microsoft. If you disable this policy, Tablet PC user writing samples from the handwriting recognition personalization tool will automatically be shared with Microsoft. If you do not configure this policy, Tablet PC users can choose whether or not they want to share their writing samples from the handwriting recognition personalization tool with Microsoft.
Turn off handwriting recognition error reporting: Specifies whether users can report errors that they encounter in the Tablet PC Input Panel. This policy setting is related to the policy setting Turn off Windows Error Reporting. If you turn off Windows Error Reporting, you are also turning off error reporting for handwriting recognition.
This policy setting is also described in Windows Error Reporting and the Problem Reports and Solutions Feature in Windows 7 and Windows Server 2008 R2 in this document.
Turn off Help and Support Center "Did you know?" content: This policy setting does not affect Windows 7 and Windows Server 2008 R2. For a similar policy setting that affects Windows 7 and Windows Server 2008 R2, see Turn off Windows Online in Group Policy settings that affect user configuration later in this section.
Turn off Help and Support Center Microsoft Knowledge Base search: This policy setting does not affect Windows 7 and Windows Server 2008 R2. For a similar policy setting that affects Windows 7 and Windows Server 2008 R2, see Turn off Windows Online in Group Policy settings that affect user configuration later in this section.
Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com: This policy setting does not affect Windows 7 and Windows Server 2008 R2.
Turn off Internet download for Web publishing and online ordering wizards: Specifies whether Windows should download a list of providers for the Order Prints Wizard. By default, Windows displays providers that are downloaded from a Windows Web site in addition to providers that are specified in the registry.
If you enable this policy setting, Windows will not download providers and only the service providers that are stored in the local registry are displayed. When Windows 7 is installed but the Order Prints Wizard has not been used, no service providers are stored in the local registry. If this Group Policy setting is applied at that time, the wizard will not display links to service providers.
This policy has an effect in Windows Server 2008 R2 only if the Desktop Experience is installed. This policy setting is also described in Appendix J: Wizards in Windows 7 and Windows Server 2008 R2 Related to Connecting to the Internet in this document.
Turn off Internet File Association service: Specifies whether to use the Web-based File Association service or whether to use only locally stored information about file name extensions and file types. It also specifies the applications or features to use when opening a particular file type. The file association Web service is used only when a user tries to open a file and there is no locally stored information about the file name extension.
This policy setting is also described in the File Association Web Service and Resulting Internet Communication in Windows 7 and Windows Server 2008 R2 section in this document.
Turn off printing over HTTP: Specifies whether to allow printing over HTTP from this computer. Note that this policy setting does not control whether the computer can act as an Internet print server.
This policy setting and other policy settings related to Internet printing are described in the Internet Printing and Resulting Internet Communication in Windows 7 and Windows Server 2008 R2 section in this document.
Turn off Registration if URL connection is referring to Microsoft.com: This policy setting does not affect Windows 7 and Windows Server 2008 R2.
Turn off Search Companion content file updates: This policy setting does not affect Windows 7 and Windows Server 2008 R2.
Turn off the "Order Prints" picture task: Specifies whether the Order Prints Wizard can be run from Windows Photo Gallery.
This policy has an effect in Windows Server 2008 R2 only if the Desktop Experience is installed. This policy setting is also described in Appendix J: Wizards in Windows 7 and Windows Server 2008 R2 Related to Connecting to the Internet in this document.
Turn off the "Publish to Web" task for files and folders: This policy setting does not affect Windows 7 and Windows Server 2008 R2.
Turn off the Windows Messenger Customer Experience Improvement Program: This policy setting does not affect Windows 7 and Windows Server 2008 R2.
Turn off Windows Customer Experience Improvement Program: Specifies whether to opt users out of Windows Customer Experience Improvement Program. If you enable this policy setting, all users are opted out of Windows Customer Experience Improvement Program.
This policy setting is also described in the Windows Customer Experience Improvement Program and Resulting Internet Communication in Windows 7 and Windows Server 2008 R2 section in this document.
This policy setting and root certificate updates are described in the Certificate Support and Resulting Internet Communication in Windows 7 and Windows Server 2008 R2 section in this document.
Turn off Windows Error Reporting: Specifies whether error reports from a system or application that has stopped responding are sent to Microsoft. Error reports are used to improve the quality of the product. This policy setting overrides any user setting that is made from the Control Panel for error reporting.
This policy setting and other ways of controlling error reporting through Group Policy are described in the Windows Error Reporting and the Problem Reports and Solutions Feature in Windows 7 and Windows Server 2008 R2 section in this document.
Turn off Windows Network Connectivity Status Indicator active tests: Prevents Network Connectivity Status Indicator (NCSI) from performing a network connectivity test that involves attempting to make a connection across the Internet. For more information about NCSI, see Appendix H: Network Connectivity Status Indicator and Resulting Internet Communication in Windows 7 and Windows Server 2008 R2.
Turn off Windows Update device driver searching: Specifies whether Windows searches Windows Update for device drivers when no local drivers for a device are present.
This policy setting is described in the Device Manager, Hardware Wizards, and Resulting Internet Communication in Windows 7 and Windows Server 2008 R2 section in this document.
Turn off Windows Movie Maker automatic codec downloads: This policy setting does not affect Windows 7 and Windows Server 2008 R2.
Group Policy settings that affect user configuration
This subsection describes the policy settings under User Configuration in Internet Communication Management. These policy settings apply to the individual user, and they come into effect when the user logs on or when Group Policy is refreshed.
These policy settings are located in User Configuration under Policies (if present), in Administrative Templates\System\Internet Communication Management\Internet Communication settings.
All of the policy settings can be enabled or disabled in one step by enabling or disabling the master policy setting that controls them, Restrict Internet communication. This policy setting is located in User Configuration under Policies (if present), in Administrative Templates\System\Internet Communication Management, and it is described in Controlling multiple Group Policy settings through the Restrict Internet Communications setting earlier in this section.
Note
This appendix describes only the policy settings available under Internet Communication Management. For information about all the Group Policy settings that are available in Windows 7 and Windows Server 2008 R2, see the Group Policy Settings Reference on the Microsoft Web site.
Group Policy settings that affect user configuration in Windows 7 and Windows Server 2008 R2
Note
The Restrict Internet communication policy setting interacts with all of the policy settings in the following list.
The following list represents the user configuration policy settings under Internet Communication Management that affect Windows 7 and Windows Server 2008 R2. You can also select the policy setting in Group Policy and click the Extended tab, or open the policy setting and click the Explain tab.
Turn off downloading of print drivers over HTTP: Specifies whether to allow this computer to download print drivers over HTTP when needed.
This policy setting and other policy settings that are related to Internet printing are described in the Internet Printing and Resulting Internet Communication in Windows 7 and Windows Server 2008 R2 section in this document.
Turn off handwriting personalization data sharing: Turns off data sharing from the handwriting recognition personalization tool. The handwriting recognition personalization tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection.
If you enable this policy, Tablet PC users cannot choose to share writing samples from the handwriting recognition personalization tool with Microsoft. If you disable this policy, Tablet PC user writing samples from the handwriting recognition personalization tool will automatically be shared with Microsoft. If you do not configure this policy, Tablet PC users can choose whether or not they want to share their writing samples from the handwriting recognition personalization tool with Microsoft.
Turn off handwriting recognition error reporting: Specifies whether users can report errors that they encounter in the Tablet PC Input Panel. This policy setting is related to Turn off Windows Error Reporting, which is described in Individual Group Policy settings that affect computer configuration for Windows Server 2008 R2 earlier in this appendix. If you turn off Windows Error Reporting, you are also turning off error reporting for handwriting recognition.
This policy setting is also described in the Windows Error Reporting and the Problem Reports and Solutions Feature in Windows 7 and Windows Server 2008 R2 section in this document.
Turn off Help Experience Improvement Program: Specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it. If this setting is enabled, this policy prevents users from participating in the Help Experience Improvement program. If this setting is disabled or not configured, users will be able to turn on the Help Experience Improvement program feature from the Help and Support settings page.
Turn off Help Ratings: Specifies whether, when Online Help is turned on, a user can enter feedback into a form at the bottom of a Help topic, and then send that feedback back to Microsoft.
This policy setting is also described in Help and Support Features that Communicate Through the Internet in Windows 7 and Windows Server 2008 R2 in this document.
Turn off Internet download for Web publishing and online ordering wizards: Specifies whether Windows should download a list of providers for the Order Prints Wizard. By default, Windows displays providers that are downloaded from a Windows Web site in addition to providers that are specified in the registry.
If you enable this policy setting, Windows will not download providers and only the service providers that are stored in the local registry are displayed. When Windows 7 is installed but the Order Prints Wizard has not been used, no service providers are stored in the local registry. If this Group Policy setting is applied at that time, the wizard will not display links to service providers.
This setting affects users on Windows Server 2008 R2 only if the Desktop Experience is installed. This policy setting is also described in Appendix J: Wizards in Windows 7 and Windows Server 2008 R2 Related to Connecting to the Internet in this document.
Turn off Internet File Association service: Specifies whether to use the Web-based File Association service or whether to use only locally stored information about file name extensions and file types. It also specifies the applications or features to use when opening a particular file type. The file association Web service is used only when a user tries to open a file and there is no locally stored information about the file name extension.
This policy setting is also described in the File Association Web Service and Resulting Internet Communication in Windows 7 and Windows Server 2008 R2 section in this document.
Turn off printing over HTTP: Specifies whether to allow printing over HTTP for this user. This policy setting does not control whether the computer can act as an Internet print server.
This policy setting and other policy settings that are related to Internet printing are described in the Internet Printing and Resulting Internet Communication in Windows 7 and Windows Server 2008 R2 section in this document.
Turn off the "Order Prints" picture task: Specifies whether the Order Prints Wizard can be run from Windows Photo Gallery.
This setting affects users on Windows Server 2008 R2 only if the Desktop Experience is installed. This policy setting is also described in Appendix J: Wizards in Windows 7 and Windows Server 2008 R2 Related to Connecting to the Internet in this document.
Turn off the “Publish to Web” task for files and folders: Specifies whether the tasks "Publish this file to the Web," "Publish this folder to the Web," and "Publish the selected items to the Web," are available from File and Folder Tasks in Windows folders. The Web Publishing Wizard is used to download a list of providers and allow users to publish content to the Web. If you enable this setting, these tasks are removed from the File and Folder tasks in Windows folders. If you disable or do not configure this setting, the tasks will be shown.
Turn off the Windows Messenger Customer Experience Improvement Program: Specifies whether Windows Messenger collects statistical information about how Windows Messenger software and service is used. With the Customer Experience Improvement program, users can allow Microsoft to collect information about how the product is used. This information is used to improve the product in future releases.
If you enable this setting, Windows Messenger will not collect usage information and the user settings to enable the collection of usage information will not be shown. If you disable this setting, Windows Messenger will collect usage information and the setting will not be shown. If you do not configure this setting, users will have the choice to opt-in and allow information to be collected.
Windows Messenger is not included in Windows 7 and Windows Server 2008 R2.
Turn off Windows Online: Specifies whether users can see updated Help topics that Microsoft makes available across the Internet. If you turn off Windows Online, you also turn off Help Ratings and the Windows Customer Experience Improvement Program (which are dependent on the Windows Online policy setting).
This policy setting is also described in Help and Support Features that Communicate Through the Internet in Windows 7 and Windows Server 2008 R2 in this document.