Internet Communication Management Policy Settings

  • Article

SP2 provides new Group Policy settings, which are designed primarily to control the way in which components in Windows XP with SP2 communicate with the Internet. These settings are in the Administrative Templates\System\Internet Communication Management node in Group Policy Object Editor. Many of these settings are available in both Computer Configuration and User Configuration. The settings in Computer Configuration apply to all users of a computer running Windows XP with SP2 and come into effect when the computer starts, and the settings in User Configuration affect individual users and are applied when the users log on.

You can use the policy settings in Internet Communication Management to manage various tasks that involve the exchange of information between computers in their organization and the Internet. For example, you can use Internet Communication policy settings to manage tasks such as preventing computers from connecting to the Internet to obtain device drivers, controlling the flow of information to the Internet from the file association Web service, redirecting the requests that result from users clicking links in Event Viewer to a Web server in your organization, and so on. In some cases such as highly managed environments, you might want to redirect users to an internal server in their network to accomplish some of these tasks rather than allowing users to connect to the Internet.

All policy settings provide informational text which you can view in Group Policy Object Editor by selecting the policy setting and opening the setting and clicking the Explain tab, or by clicking the Extended tab.

~note.gif  Note
This white paper focuses only on the Group Policy settings for managing communications between computers and the Internet. For detailed information about the various technologies involved and to learn about alternate methods for managing Internet communication settings, see the “Using Windows XP Professional with Service Pack 2 in a Managed Environment: Controlling Communication with the Internet” white paper on the Microsoft Web site at https://go.microsoft.com/fwlink/?LinkId=29133.

Bb457143.3squares(en-us,TechNet.10).gif

On This Page

Using One Policy Setting to Control All Internet Communication Management Policy Settings
Managing the Online Print, Web Publishing, and Add Network Place Wizards
Disabling Information Collection by Windows Messenger
Controlling the Behavior of Help and Support Center
Controlling Windows Error Reporting
Managing File Association Web Service
Preventing Internet Connection Wizard from Connecting to Microsoft
Managing the Display of Internet Links in Event Viewer
Managing Automatic Updates of Root Certificates
Controlling the Windows Registration Wizard
Controlling the Search Companion Feature
Controlling Printing over HTTP
Managing Windows Update Searches Related to the Plug and Play Feature
Managing Windows Movie Maker Features

Using One Policy Setting to Control All Internet Communication Management Policy Settings

You can enable one policy setting to configure all Internet Communication Management policy settings.

Restrict Internet communication

The Restrict Internet communication policy setting controls Windows components that can access the Internet to accomplish tasks which require Internet resources. If you enable this setting, all the policy settings in the Internet Communication settings node are set to Enabled. This policy setting affects only the components managed by policy settings in the Internet Communication settings node of Group Policy Object Editor; the policy settings are described in the subsections that follow.

It is recommended that you configure the Restrict Internet communication policy setting in a separate GPO from any GPOs in which you configure the individual policy settings in the Internet Communication settings node. This approach allows you to provide stronger security for the computers in your organization.

For example, as a general rule, you might want to create highly restricted (locked-down) Group Policy configurations for your workstations to prevent Windows from communicating with the Internet to accomplish tasks related to all the Internet Communication Management policy settings. To do this, you can enable the Restrict Internet communication policy setting in a GPO and link that GPO to the target groups of computers and users.

If necessary, you can create separate GPOs to configure individual Internet Communication Management policy settings for users that might require access to some of the tasks controlled by these policy settings. You can then scope the application of the GPO by using security group filtering, and by using Group Policy options such as Enforced (previously known as No Override) or Block Inheritance to ensure that the policy settings are correctly applied to the target users and computers.

For more information about Group Policy processing and precedence, see the “Group Policy Infrastructure” white paper on the Microsoft Web site at https://go.microsoft.com/fwlink/?LinkId=14950, and see the Group Policy Management Console Help.

~note.gif  Note
If you view Restrict Internet communication and it is set as Not Configured, and you have configured individual Internet communication settings that you do not want to change, do not click Apply. If you click Apply, the Not Configured setting is applied to all the individual settings controlled by the Restrict Internet communication policy setting. That is, all settings contained in the Restrict Internet communication node are set as Not Configured.

Managing the Online Print, Web Publishing, and Add Network Place Wizards

In Windows XP with SP2, users can click tasks in Windows Explorer to run several wizards to perform tasks such as ordering picture prints online (Online Print Wizard), signing up for a service that offers online storage space (Add Network Place Wizard), or publishing files that can be viewed in a browser (Web Publishing Wizard). These wizards present the user with one or more service providers from which to request the online service. The task or wizard obtains the names and URLs of these service providers from two sources: a list stored locally (in the registry) and a list stored on a Microsoft Web site. By default, Windows displays providers from a list on the Microsoft Web site in addition to providers listed in the registry.

You can use the following Group Policy settings to control the way in which these wizards and tasks work and to control the way in which these components communicate with the Internet:

  • Turn off the "Publish to Web" task for files and folders. This policy setting specifies whether the tasks for publishing items to the Web are available from File and Folder Tasks in Windows folders. The Web publishing tasks are Publish this file to the Web, Publish this folder to the Web, and Publish the selected items to the Web.

  • Turn off Internet download for Web publishing and online ordering wizards. This policy setting specifies whether Windows should download a list of providers for the Web Publishing Wizard, the Add Network Place Wizard, and the Online Print Wizard. By default, Windows displays providers downloaded from a Windows Web site in addition to providers specified in the registry.

  • Turn off the "Order Prints" picture task. This policy setting specifies whether the Order Prints Online task is available from Picture Tasks in Windows folders. This setting disables the Online Print Ordering Wizard.

These policy settings are available for both User and Computer Configuration.

For more information about controlling the use of the Add Network Place Wizard and the Web Publishing Wizard, see “Appendix G: Add Network Place Wizard and Web Publishing Wizard” of the “Using Windows XP Professional with Service Pack 2 in a Managed Environment: Controlling Communication with the Internet” white paper on the Microsoft Web site at https://go.microsoft.com/fwlink/?LinkId=29133.

Disabling Information Collection by Windows Messenger

With the Microsoft Customer Experience Improvement program, users can allow Microsoft to collect anonymous information about how the product is used. This information is used to improve the product in future releases. You can use Group Policy to prevent Windows Messenger from collecting usage information and to hide the user settings to enable the collection of usage information.

To control whether Windows Messenger collects usage information, you can use the Turn off the Windows Messenger Customer Experience Improvement Program policy setting. This policy setting is available for both User and Computer Configuration policy settings.

For more information about managing Windows Messenger, see the “Windows Messenger” section of the “Using Windows XP Professional with Service Pack 2 in a Managed Environment: Controlling Communication with the Internet,” white paper on the Microsoft Web site at https://go.microsoft.com/fwlink/?LinkId=29133.

Controlling the Behavior of Help and Support Center

Help and Support is a Help portal that is included in Windows Millennium Edition and in all versions of Windows XP, including Windows XP Professional with SP2, and Windows Server 2003. SP2 provides new policy settings that you can use for configuring the Did you know? and Online Search areas of Help and Support.

  • Turn off Help and Support Center "Did you know?" content. This policy setting specifies whether to show the Did you know? section of Help and Support Center. By default, this content is dynamically updated when users are connected to the Internet and open Help and Support Center. When you enable this policy setting, Help and Support Center does not retrieve or display Did you know? content; enabling the policy removes the Did you know? section.

    ~note.gif  Note
    The content in the Did you know? section remains static indefinitely without an Internet connection, therefore, you might want to enable this setting for users who do not have Internet access. Enabling this policy setting prevents the Did you know? section from displaying.

  • Turn off Help and Support Center Microsoft Knowledge Base search. This policy setting specifies whether users can perform a Microsoft Knowledge Base search from Help and Support Center. Enabling this setting removes the Knowledge Base section from the Help and Support Center Set search options page and only the Help content on the local computer is searched.

For more information about the Headlines and Online Search features in Help and Support Center, see the “Help and Support Center: The Headlines and Online Search Features” section of the “Using Windows XP Professional with Service Pack 2 in a Managed Environment: Controlling Communication with the Internet” white paper on the Microsoft Web site at https://go.microsoft.com/fwlink/?LinkId=29133.

Controlling Windows Error Reporting

The Windows Error Reporting feature in Windows XP with SP2 provides functionality that allows Microsoft to gather and analyze data from errors related to the operating system, Windows components, and applications. Windows Error Reporting gives users the opportunity to send data about errors to Microsoft and to receive back information about them that might prevent the issues from occurring again. Microsoft developers use Windows Error Reporting data to address the top customer issues in a timely manner and to improve the quality of Microsoft products.

When users send error reports to Microsoft, Microsoft might respond with information to users such as a fix, a workaround, or a link to a Web site for updated drivers, patches, or Microsoft Knowledge Base articles if the information is available.

In Windows XP with SP2, error reporting is enabled by default and users can choose to report errors to Microsoft. When an error occurs, a dialog box is displayed allowing the user to report the problem. When a user chooses to report the problem, technical information about the problem is collected and then sent to Microsoft over the Internet. No information is sent unless the user confirms that the error report is to be sent to Microsoft. A user who is logged on as an administrator can choose to report system and application errors; a user who is not logged on as an administrator can choose to report application errors.

Users with administrative credentials can configure or disable error reporting by using Control Panel\System\Advanced tab. Users can configure error reporting to send specified information such as system errors (Stop errors) only, or errors for Windows components, such as Windows Explorer or Microsoft Internet Explorer. Users can also send information for applications, such as Microsoft Word.

Since error reporting is a valuable service, it is recommended that you do not disable it, but that you control what information is reported and where it is sent. For an organization where privacy is a concern, the IT department can use the Corporate Error Reporting tool for reviewing and filtering error reports before they are sent to Microsoft. The Corporate Error Reporting (CER) 2.0 tool allows You to manage error reports and error messages created by the Windows® Error Reporting client (WER) in Windows XP and Windows Server 2003™ and error-reporting clients (ER) included in other Microsoft programs. If error-reporting clients are configured to work with CER 2.0, error reports are redirected to a secure CER shared directory instead of being sent to Microsoft.

For more information about the Microsoft Corporate Error Reporting tool, see “Corporate Error Reporting” on the Microsoft Corporate Reporting Web site at https://go.microsoft.com/fwlink/?LinkId=15195.

Although it is not recommended, you can completely disable error reporting on client computers by using Group Policy. You can use the Turn off Windows Error Reporting Group Policy setting to control Windows Error Reporting to prevent the flow of information to and from the Internet.

Turn off Windows Error Reporting

This policy setting specifies whether Windows Error Reporting information can be sent to Microsoft. This setting overrides any user setting made from Control Panel for error reporting. If you enable this setting, users are not be given the option to report errors. Typically, this is not recommended.

Two related policy settings are available in Computer Configuration\Administrative Templates\System\Error Reporting which might affect this policy setting, Configure Error Reporting and Display Error Notification.

  • Configure Error Reporting. This policy setting specifies how errors are reported and what information is sent when Error Reporting is enabled.

    This policy setting does not enable or disable error reporting, to do so, use the Turn off Windows Error Reporting policy in Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings.

    If you enable the Configure Error Reporting policy setting, it overrides any settings made by using Control Panel for error reporting, and default values are used for any error reporting policies that are not configured (even if settings were adjusted by using Control Panel).

  • Display Error Notification. This policy setting controls whether or not a user is given the choice to report an error. When you enable Display Error Notification, the user is notified that an error has occurred and is given access to details about the error.

For more information about the Windows Error Reporting feature, see the “Windows Error Reporting” section of the "Using Windows XP Professional with Service Pack 2 in a Managed Environment: Controlling Communication with the Internet,” white paper on the Microsoft Web site at https://go.microsoft.com/fwlink/?LinkId=29133.

Managing File Association Web Service

The file association Web service in Windows XP with SP2 extends the scope of information stored locally by the operating system about file name extensions, file types, and the applications or components to use when opening a particular file type. The operating system first checks for the file association information locally. If no local information is available about the file name extension and its associated file type, the operating system offers the user the option of looking for more information on a Microsoft Web site.

You can prevent the file association Web service by using the Turn off Internet File Association service Group Policy setting in SP2. This policy setting is available for both User and Computer Configuration.

For more detailed information about managing the File Association Web service, see the “File Association Web Service” section of the “Using Windows XP Professional with Service Pack 2 in a Managed Environment: Controlling Communication with the Internet” white paper on the Microsoft Web site at https://go.microsoft.com/fwlink/?LinkId=29133.

Preventing Internet Connection Wizard from Connecting to Microsoft

In Windows XP with SP2 you use the New Connection Wizard to create Internet and other types of network connections for home and small office networks. The New Connection Wizard starts the Internet Connection Wizard, which you use to create a connection to the Internet.

You can control how users can use the Internet Connection Wizard by configuring the Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com policy setting. This policy setting specifies whether the Internet Connection Wizard can connect to Microsoft to download a list of Internet Service Providers (ISPs).

Outlook Express also starts the Internet Connection Wizard if a user takes actions to set up a mail account or a newsgroup account. You can prevent the Internet Connection Wizard from running, by using the Don't run specified Windows applications policy setting to prevent Outlook Express from running. The Don't run specified Windows applications policy setting, in User Configuration\Administrative Templates\System, prevents Windows from running the programs you specify.

For information about alternate methods to prevent access to Outlook Express and for detailed information about managing Internet Connection Wizard, see the “Outlook Express 6”and “Appendix I: New Connection Wizard and Internet Connection Wizard” sections of the “Using Windows XP Professional with Service Pack 2 in a Managed Environment: Controlling Communication with the Internet” white paper on the Microsoft Web site at https://go.microsoft.com/fwlink/?LinkId=29133.

Users can access event logs for the computer to which they are currently logged on through Control Panel\Administrative Tools\Event Viewer. The user can obtain detailed information about a particular event by either double-clicking the event or selecting the event and clicking Properties on the Action menu. The Properties dialog box provides a description of the event, which can contain one or more links to Help.

Links can either be to Microsoft servers or to servers managed by the software vendor for the component that generated the event. On computers running Windows XP with SP2, most events that originate from Microsoft products have standard text containing a URL at the end of the description.

When users click the link, they are asked to confirm that the information presented to them can be sent over the Internet. If the user clicks Yes, the information listed is sent to the Web site named in the link. The parameters in the original URL are replaced by a standard list of parameters whose contents are detailed in the confirmation dialog box.

To access the relevant Help information provided by the link in the Event Properties dialog box, the user must send the information listed about the event. The collected data is confined to what is required to retrieve more information about the event from the Microsoft Knowledge Base. User names and e-mail addresses, names of files unrelated to the logged event, computer addresses, and any other forms of personally identifiable information are not collected.

You might want to prevent users from sending information over the Internet through this link and accessing a Web site. Alternatively, you might want to redirect the requests that result from users clicking links in Event Viewer so that the requests go to a Web server in your organization. In Windows XP with SP2, you can manage either of these options by using Group Policy. These policy settings include: Turn off Event Viewer "Events.asp" links, Events.asp URL, Events.asp program, and Events.asp program command line parameters.

For more information about preventing the flow of information to and from the Internet through Event Viewer, see the “Event Viewer” section of the “Using Windows XP Professional with Service Pack 2 in a Managed Environment: Controlling Communication with the Internet” white paper on the Microsoft Web site at https://go.microsoft.com/fwlink/?LinkId=29133.

Managing Automatic Updates of Root Certificates

The Update Root Certificates is an optional component in Windows XP with SP2, which is designed to automatically check the list of trusted authorities on the Windows Update Web site when this check is required by a user’s application. Specifically, if the application is presented with a certificate issued by a certification authority that is not directly trusted, the Update Root Certificates component (if present) contacts the Windows Update Web site to determine if Microsoft has added the certification authority to its list of trusted authorities. If the certification authority has been added to the Microsoft list of trusted authorities, its certificate is automatically added to the trusted certificate store on the user’s computer.

Preventing the Flow of Information to and from the Internet by the Update Root Certificates Component

To prevent the Update Root Certificates component in Windows XP with SP2 from communicating automatically with the Windows Update Web site, you can disable this component by using the Turn off Automatic Root Certificates Update Group Policy setting. This policy setting specifies whether to automatically update root certificates using the list of trusted certification authorities that Microsoft maintains on the Windows Update Web site.

For more information about certificates and the Update Root Certificates component, see the “Certificate Support and the Update Root Certificates Component” section of the "Using Windows XP Professional with Service Pack 2 in a Managed Environment: Controlling Communication with the Internet” white paper on the Microsoft Web site at https://go.microsoft.com/fwlink/?LinkId=29133.

Controlling the Windows Registration Wizard

Product registration involves the provision of personally identifiable information, such as an e-mail address, to Microsoft for the purpose of receiving information about product updates and special offers. Registration is usually done on a per-product basis and is not required.

In a managed environment, you might want to prevent users from registering the product with Microsoft. You can configure Group Policy to prevent online registration with Microsoft by using the Turn off Registration if URL connection is referring to Microsoft.com policy setting.

For detailed information about product activation and registration and the Windows Registration Wizard, see the “Activation and Registration Associated with a New Installation or an Upgrade” section of the “Using Windows XP Professional with Service Pack 2 in a Managed Environment: Controlling Communication with the Internet” white paper on the Microsoft Web site at https://go.microsoft.com/fwlink/?LinkId=29133.

Controlling the Search Companion Feature

Search Companion in Windows XP with SP2 improves the search process by consolidating search tasks, optimizing searches for the most common scenarios, and offering suggestions for refining the search.

In a managed environment, you can disable the Search Companion Web service by preventing Search Companion from checking for and downloading updated versions of the XML files that it uses. To do this, you can enable the Turn off Search Companion content file updates policy setting.

For more information about the Search Companion feature, see the “Controlling Search Companion to Prevent the Flow of Information to and from the Internet” section of the “Using Windows XP Professional with Service Pack 2 in a Managed Environment: Controlling Communication with the Internet” white paper on the Microsoft Web site at https://go.microsoft.com/fwlink/?LinkId=29133.

Controlling Printing over HTTP

Computers running Windows XP with SP2 can use Internet printing to print to printers located anywhere in the world by sending print jobs using HTTP.

Computers running Windows XP can also use Internet Information Services (IIS) or a Web peer server to create a Web page that provides information about printers as well as the transport for printing over the Internet.

SP2 provides new Group Policy settings to restrict communications between computers in your organization and the Internet by controlling Internet printing. You can use these policies to manage the following tasks for client computers:

  • Turn off printing over HTTP to disable Internet printing on computers running Windows XP.

  • Turn off downloading of print drivers over HTTP to prevent the downloading of print drivers over HTTP on computers running Windows XP.

Web-based Printing

To disable Internet printing on computers that are running IIS, in Computer Configuration\Administrative Templates\Printers, select the Web-based Printing policy setting, and select Disabled.

For more information about Internet printing, and the use of IIS in a controlled environment, see the “Internet Printing” and the “Internet Information Services in Windows XP SP2” sections of the “Using Windows XP Professional with Service Pack 2 in a Managed Environment: Controlling Communication with the Internet” white paper on the Microsoft Web site at https://go.microsoft.com/fwlink/?LinkId=29133.

For detailed information about the Internet Printing Protocol (IPP), and planning, deploying and managing Windows print servers, see the “Effectively Using IPP Printing” white paper on the Microsoft Web site at https://go.microsoft.com/fwlink/?LinkId=29131.

Windows Plug and Play provides ease of support for installing devices on computers in your network. You can simply plug in a Plug and Play device and Windows does the rest by searching locally for the driver and prompting to find out whether to also search Windows Update, installing the driver, updating the system, and allocating resources. After you install a Plug and Play device, the driver is configured and loaded dynamically, typically without requiring user input.

The Plug and Play feature is built into Windows XP and is always available. When a user who is logged on as an administrator installs a Plug and Play device, if a driver is not found or if only a non-digitally signed driver is found, Windows XP first searches locally for an appropriate device driver. If the computer is connected to the Internet, Windows XP with SP2 prompts the user to find out whether to also search Windows Update for the latest device driver. If a signed driver is found, Windows XP with SP2 does not search Windows Update.

As an IT administrator in a highly-managed network environment, you might want to control whether Windows XP with SP2 searches the Windows Update Web site for the latest device driver, and if so, whether the person installing or updating the device is prompted before the Internet search begins. You can control both of these options by using Group Policy. By default, Windows XP with SP2 prompts users about whether to search Windows Update for drivers, unless an administrator made an explicit choice about whether to search Windows Update. See “Controlling Automatic Updates of Device Drivers through Windows Update.”

There are also policy settings that you can use to disable any access to Windows Update. If you do prevent access to Windows Update, there is the option for manually downloading the updates from the Windows Update Catalog, whereby they can be distributed on your organization's network as needed.

Using Group Policy to disable access to Windows Update as a search location for device drivers, and to configure driver search locations, is described next.

Controlling Automatic Updates of Device Drivers through Windows Update

Windows automatically updates device drivers using Plug and Play. Therefore, you might want to exercise various levels of control over the ability of a user who logs on to a client computer as an administrator to install new hardware and to update hardware devices and drivers.

When you install new hardware, Windows XP searches for drivers in the %Windir%\Inf directory of the local hard drive first. If a driver is not found, the Found New Hardware wizard appears and Windows XP searches the floppy drive, the CD drive, and prompts to search Windows Update. By using Group Policy, you can control whether to access Windows Update when Windows XP searches for drivers.

You can use Group Policy to configure the driver search locations to:

  • Control whether Windows Update is included when Plug and Play searches for a device driver. To do this, use the Turn off Windows Update device driver searching policy setting.

  • Suppress the prompt that is displayed by default before Plug and Play begins searching the Windows Update Web site for a device driver. To do this, use the Turn off Windows Update device driver search prompt policy setting.

  • Turn off all access to Windows Update. To do this, you can use the Turn off access to all Windows Update features policy setting. If you turn off all access to Windows Update, it also means Plug and Play cannot search Windows Update.

For more information about controlling access to Windows Update and for alternative approaches to updating software such as Software Update Services, see the “Windows Update and Automatic Updates” section of the “Using Windows XP Professional with Service Pack 2 in a Managed Environment: Controlling Communication with the Internet” white paper on the Microsoft Web site at https://go.microsoft.com/fwlink/?LinkId=29133.

Turn off Windows Update device driver searching

This policy specifies whether Windows searches Windows Update for device drivers when no local drivers for a device are present. If you set this setting to Enabled, Windows Update is not searched when a new device is installed. This policy setting is in Computer Configuration\Administrative Templates\Internet Communication Management\Internet Communication settings.

If you set Turn off Windows Update device driver searching to Disabled, and if no local device driver is found, Windows Update is searched. If this policy setting is set to Not Configured (default), users are prompted before searching Windows Update for device drivers.

~note.gif  Note
There is a related policy setting called Turn off Windows Update device driver search prompt in Computer Configuration\Administrative Templates\System; this policy specifies whether the administrator is prompted about going to Windows Update to search for device drivers using the Internet. The Turn off Windows Update device driver search prompt policy setting has effect only if the associated Turn off Windows Update device driver searching policy setting is set as either Disabled or Not Configured, both of which allow searching Windows Update.

Turn off Windows Update device driver search prompt

This policy setting specifies whether you are prompted about going to Windows Update to search for device drivers using the Internet. If this setting is set to Enabled, the prompt that is normally displayed before Windows Update is searched for a device driver is suppressed. This policy setting is in both Computer Configuration and User Configuration in the Administrative Templates\System node.

~note.gif  Note
This setting has effect only if the associated Turn off Windows Update device driver searching policy setting in Administrative Templates\System\Internet Communication Management\Internet Communication settings is set to either Disabled or Not Configured, both of which allow searching Windows Update.
If the Turn off Windows Update device driver search prompt policy setting is set to Disabled or Not Configured and Turn off Windows Update device driver searching is also set to either Disabled or Not Configured, the administrator will be prompted for consent before going to Windows Update to search for device drivers.

Turn off access to all Windows Update features

This policy setting specifies whether Windows Update features can be used on this computer.

For more detailed information about using Plug and Play in a managed environment, searching of Windows Update for device drivers, and managing the Windows Update features, see the “Plug and Play,” “Device Manager and Hardware Wizards,” and “Windows Update and Automatic Updates” sections of the Using Windows XP Professional with Service Pack 2 in a Managed Environment: Controlling Communication with the Internet white paper on the Microsoft Web site at https://go.microsoft.com/fwlink/?LinkId=29133.

Managing Windows Movie Maker Features

Windows Movie Maker allows users to bring together video, audio, and other multimedia content, then arrange and edit the content to create a finished movie. After creating the movie, users can save it on a hard disk, CD, or DVD, send it in an e-mail, or send it to a video hosting provider on the Web. These tasks are kept simple with an interface based mostly on drag-and-drop and on short lists of tasks from which to choose.

Windows Movie Maker can display links to Web sites, such as a link to a potential video hosting provider, and can automatically download missing codecs for audio and video files. (A codec—compressor/decompressor—is software that compresses or decompresses audio or video data.)

In a managed environment, you can use Group Policy to manage the following aspects of Windows Movie Maker:

You can prevent users from running Windows Movie Maker. For example, you can prevent users from running Movie Maker to edit their home movies on their corporate computers. To do this, use the Do not allow Windows Movie Maker to run policy setting.

You can control whether Windows Movie Maker can do the following:

  • Automatically download codecs. You can enable a policy setting to prevent Movie Maker from automatically downloading and installing supplemental video and audio decoders. To do this, use the Turn off Windows Movie Maker automatic codec downloads policy setting.

  • Display links to Web sites. For example, you can use a policy setting to prevent Movie Maker from linking to Internet Web pages to provide additional Help information and to prevent users from viewing the Movie Maker privacy statement. To manage this, use the Turn off Windows Movie Maker online Web links policy setting.

  • Save movies to an online video hosting provider. For example, you can enable a policy setting to prevent their employees from uploading their edited movies to a video hosting provider. To do this, use the Turn off Windows Movie Maker saving to online video hosting provider policy setting.

For more detailed information about managing Windows Movie Maker features, see the “Windows Movie Maker” section of the “Using Windows XP Professional with Service Pack 2 in a Managed Environment: Controlling Communication with the Internet” white paper on the Microsoft Web site at https://go.microsoft.com/fwlink/?LinkId=29133.

For more information about Windows Movie Maker, see the online Help in Windows Movie Maker, or see “Create Home Movies with Windows Movie Maker” on the Microsoft Web site at: https://go.microsoft.com/fwlink/?LinkId=26240.