Save or just connect, but now you should utilize all your monitors. Use GPO to force use of XDDM rather than WDDM. Use DNS name resolution when a single-label domain name is used, by appending different registered DNS suffixes, if the AllowSingleLabelDnsDomain setting is not enabled. Specifically, those with onboard + Nvidia Quadro cards. Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers. (Image-2) Version of WDDM of the GPU driver on The Windows System Back to the top Info: Show message when opening sites in Microsoft Edge using Enterprise Mode, Specify use of ActiveX Installer Service for installation of ActiveX controls, Turn off ability to pin sites in Internet Explorer on the desktop, Turn off add-on performance notifications, Turn off configuration of pop-up windows in tabbed browsing, Turn off Managing SmartScreen Filter for Internet Explorer 8, Turn off suggestions for all user-installed providers, Turn off the auto-complete feature for web addresses, Turn off the Security Settings Check feature, Automatic Maintenance Activation Boundary, Turn off Automatic Download and Update of Map Data, Turn off unsolicited network traffic on the Offline Maps settings page, Enable automatic MDM enrollment using default Azure AD credentials, Block all consumer Microsoft account user authentication, Display additional text to clients when they need to perform an action, Configure local setting override for reporting to Microsoft MAPS, Configure the 'Block at First Sight' feature, Send file samples when further analysis is required, Exclude files and paths from Attack Surface Reduction Rules, Prevent users and apps from accessing dangerous websites, Define the rate of detection events for logging, Specify additional definition sets for network traffic inspection, Configure local setting override for the removal of items from Quarantine folder, Configure removal of items from Quarantine folder, Configure local setting override for monitoring file and program activity on your computer, Configure local setting override for monitoring for incoming and outgoing file activity, Configure local setting override for scanning all downloaded files and attachments, Configure local setting override for turn on behavior monitoring, Configure local setting override to turn off Intrusion Prevention System, Configure local setting override to turn on real-time protection, Configure monitoring for incoming and outgoing file and program activity, Define the maximum size of downloaded files and attachments to be scanned, Monitor file and program activity on your computer, Scan all downloaded files and attachments, Turn on network protection against exploits of known vulnerabilities, Turn on process scanning whenever real-time protection is enabled, Configure local setting override for the time of day to run a scheduled full scan to complete remediation, Specify the day of the week to run a scheduled full scan to complete remediation, Specify the time of day to run a scheduled full scan to complete remediation, Configure time out for detections in critically failed state, Configure time out for detections in non-critical failed state, Configure time out for detections in recently remediated state, Configure time out for detections requiring additional action, Configure Windows software trace preprocessor components, Check for the latest virus and spyware security intelligence before running a scheduled scan, Configure local setting override for maximum percentage of CPU utilization, Configure local setting override for scheduled quick scan time, Configure local setting override for scheduled scan time, Configure local setting override for schedule scan day, Configure local setting override for the scan type to use for a scheduled scan, Configure low CPU priority for scheduled scans, Define the number of days after which a catch-up scan is forced, Specify the day of the week to run a scheduled scan, Specify the interval to run quick scans per day, Specify the maximum depth to scan archive files, Specify the maximum percentage of CPU utilization during a scan, Specify the maximum size of archive files to be scanned, Specify the scan type to use for a scheduled scan, Specify the time of day to run a scheduled scan, Start the scheduled scan only when computer is on but not in use, Turn on removal of items from scan history folder, Allow notifications to disable security intelligence based reports to Microsoft MAPS, Allow real-time security intelligence updates based on reports to Microsoft MAPS, Allow security intelligence updates from Microsoft Update, Allow security intelligence updates when running on battery power, Check for the latest virus and spyware security intelligence on startup, Define file shares for downloading security intelligence updates. XP Display Driver Model (XPDM or XDDM): XPDM drivers supply a user interface that visually resembles the Windows XP*/2000* user . Open Local Group Policy Editor Remove Default Programs link from the Start menu. If you have an RDP shortcut you use right click it and select edit, other wise when you open RDP click show options in the bottom left. Turn off the display of thumbnails and only display icons. To solve "Your Remote Desktop Service session has ended. This is a known Vista/Windows 7 limitation. Easy fix! Prevent users from adding files to the root of their Users Files folder. Share Improve this answer Follow answered Oct 4, 2019 at 16:32 Therefore, you won't see the GPU installed on your host PC in Device Manager or utilitize its performance. The Windows Display Driver Model (WDDM) requires that a graphics hardware vendor supply a paired user-mode display driver and kernel-mode display driver (or display miniport driver ). Right-click on the adapter and select " Update Driver ". By typing gpedit.msc in the Start menu or Run box (Win+R) Browse to: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment Find the item "Use WDDM graphics display driver for Remote Desktop Connections" and disable it. If you disable this policy setting, Remote Desktop Connections will NOT use WDDM graphics display driver. (found at Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Remote Session Environment) This thread is locked. Set the policy named Use WDDM graphics display driver for Remote Desktop Connections to Enabled. Disable binding directly to IPropertySetStorage without intermediate layers. - Use WDDM graphics display driver for Remote Desktop Connections Background: PAM was experiencing slowness in opening RDP session for some Windows target device The issue was solved after turn off this group policy for Windows target device side. Disable the built-in graphics card will force the system to use a single card. The black screen issue has to do with a new RDP display driver (WDDM) used in 1903. If you have Windows 10 Pro, run gpedit.msc and navigate to the following: Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Remote Session Environment Set the Use WDDM graphics display driver for Remote Desktop Connections policy to Disabled The Windows Vista* operating system supports two driver models: WDDM: Drivers based on WDDM provide the 3D graphical Windows Aero* user interface experience. Use WDDM graphics display driver for Remote Desktop Connections to DISABLED This forces RDP to use the old (and now deprecated XDDM drivers) After rebooting, behaviour returns to normal and after disconnecting from an RDP session the RDP host (target machine) no longer shows DWM.EXE consuming CPU. Sign up for a free GitHub account to open an issue and contact its maintainers and the community. On the displayed panel, right-click the Use the hardware default graphics adapter for all Remote Desktop Services sessionsentry and then select Editfrom the displayed context menu. Configure telemetry opt-in change notifications. Step 3: Select the Disable device option from the context menu. For this change to take effect, you must restart Windows. Solution 5. If you enable or do not configure this policy setting, Remote Desktop Connections will use WDDM graphics display driver. In the VM, set a codec that is appropriate for the anticipated end-user workloads. On the left, click the Citrix VDA Non-Admin Users GPO to highlight it. Turn off the display of thumbnails and only display icons on network folders, Turn off Windows Libraries features that rely on indexed file data, Allow Windows Runtime apps to revoke enterprise data, Configure Traditional Chinese IME version, Do not include Non-Publishing Standard Glyph in the candidate list, Restrict character code range of conversion, Turn on misconversion logging for misconversion report, Custom Instant Search Internet search provider, File menu: Disable closing the browser and Explorer windows, File menu: Disable Save As menu option, File menu: Disable Save As Web Page Complete, Help menu: Remove 'For Netscape Users' menu option, Help menu: Remove 'Send Feedback' menu option, Help menu: Remove 'Tip of the Day' menu option, Tools menu: Disable Internet Options menu option, View menu: Disable Full Screen menu option, Hide the button (next to the New Tab button) that opens Microsoft Edge, Turn off details in messages about Internet connection problems, Start the Internet Connection Wizard automatically, Allow the display of image download placeholders, Turn on printing of background colors and images, Turn off inline AutoComplete in File Explorer, Prevent specifying the color of links that have already been clicked, Prevent specifying the color of links that have not yet been clicked, Disable adding schedules for offline pages, Disable channel user interface completely, Disable downloading of site subscription content, Disable editing and creating of schedule groups, Disable editing schedules for offline pages, Disable removing schedules for offline pages, File size limits for Restricted Sites zone, Turn off automatic download of the ActiveX VersionList, Disable customizing browser toolbar buttons, Disable changing Calendar and Contact settings, Disable changing Profile Assistant settings, Disable changing Temporary Internet files settings, Disable external branding of Internet Explorer, Display error message on proxy script download failure, Identity Manager: Prevent users from using Identities, Notify users if Internet Explorer is not the default web browser, Position the menu bar above the navigation bar, Search: Disable Find Files via F3 within the browser, Turn on the auto-complete feature for user names and passwords on forms, Use Automatic Detection for dial-up connections, Permit use of Applications preference extension, Permit use of Control Panel Settings (Computers), Permit use of Control Panel Settings (Users), Permit use of Data Sources preference extension, Permit use of Devices preference extension, Permit use of Drive Maps preference extension, Permit use of Environment preference extension, Permit use of Folder Options preference extension, Permit use of Folders preference extension, Permit use of Ini Files preference extension, Permit use of Internet Settings preference extension, Permit use of Local Users and Groups preference extension, Permit use of Network Options preference extension, Permit use of Network Shares preference extension, Permit use of Power Options preference extension, Permit use of Printers preference extension, Permit use of Regional Options preference extension, Permit use of Registry preference extension, Permit use of Scheduled Tasks preference extension, Permit use of Services preference extension, Permit use of Shortcuts preference extension, Permit use of Start Menu preference extension, Group Policy tab for Active Directory Tools, Restrict the user from entering author mode, Restrict users to the explicitly permitted list of snap-ins, Configure the inclusion of Microsoft Edge tabs into Alt-Tab, Prevent Application Sharing in true color, Prevent changing DirectSound Audio setting, Allow persisting automatic acceptance of Calls. The WDDM graphics display driver for Remote Desktop Connection which is enabled by default in Windows 10 v2004 and above needs to be disabled as it is not supported by the Citrix VDA. You are right - when I set the GPO "Use WDDM graphics display driver for Remote Desktop Connections -> Disable" it does fix the CPU issue and the freezing issue. Disconnecting from remote desktop session then causes hangs in OpenDL device enumeration. Use the Windows + R key and the dxdiag command, then press Enter to type and then press Enter to open the DirectX Diagnostic Tool. Limit Enhanced diagnostic data to the minimum required by Windows Analytics, Allow uploads while the device is on battery while under set Battery level (percentage), Delay Background download Cache Server fallback (in seconds), Delay background download from http (in secs), Delay Foreground download Cache Server fallback (in seconds), Delay Foreground download from http (in secs), Enable Peer Caching while the device connects via VPN, Maximum Background Download Bandwidth (in KB/s), Maximum Background Download Bandwidth (percentage), Maximum Foreground Download Bandwidth (in KB/s), Maximum Foreground Download Bandwidth (percentage), Minimum disk size allowed to use Peer Caching (in GB), Minimum Peer Caching Content File Size (in MB), Minimum RAM capacity (inclusive) required to enable use of Peer Caching (in GB), Select a method to restrict Peer Selection, Set Business Hours to Limit Background Download Bandwidth, Set Business Hours to Limit Foreground Download Bandwidth. Click Apply, OK and close the Local Group Policy Editor. In this case, the Remote Desktop Connections will use XDDM graphics display driver. Not me though, I wanted to use WDDM drivers, but found it lead to frequent crashed Remote Desktop sessions on my Win 10 2004+ machines. Simple fix! Spice (1) flag Report. - go to Computer Configuration > Policies >Windows Settings >Administrative Templates >Windows Components >Remote Desktop Services >Remote Desktop Session Host >Remote Session Environment], - set the Policy [Use WDDM graphics display driver for Remote Desktop Connections] to Disabled. Configure additional sources for untrusted files in Windows Defender Application Guard. Step-By-Step Guide Step 1. Do not reinitialize a pre-existing roamed user profile when it is loaded on a machine for the first time, Do not show the 'new application installed' notification. Do not allow compression on all NTFS volumes, Do not allow encryption on all NTFS volumes, Disable delete notifications on all volumes, Selectively allow the evaluation of a symbolic link, Redirect folders on primary computers only, Use localized subfolder names when redirecting Start Menu and My Documents, Configure Applications preference logging and tracing, Configure Data Sources preference logging and tracing, Configure Devices preference logging and tracing, Configure Drive Maps preference logging and tracing, Configure Environment preference logging and tracing, Configure Files preference logging and tracing, Configure Folder Options preference logging and tracing, Configure Folders preference logging and tracing, Configure Ini Files preference logging and tracing, Configure Internet Settings preference logging and tracing, Configure Local Users and Groups preference logging and tracing, Configure Network Options preference logging and tracing, Configure Network Shares preference logging and tracing, Configure Power Options preference logging and tracing, Configure Printers preference logging and tracing, Configure Regional Options preference logging and tracing, Configure Registry preference logging and tracing, Configure Scheduled Tasks preference logging and tracing, Configure Services preference logging and tracing, Configure Shortcuts preference logging and tracing, Configure Start Menu preference logging and tracing, Allow asynchronous user Group Policy processing when logging on through Remote Desktop Services, Allow cross-forest user policy and roaming user profiles, Always use local ADM files for Group Policy Object Editor. go to " Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Remote Session Environment " set the following parameters to Enabled Use hardware graphics adapters for all Remote Desktop Services sessions Another way to launch the device manager is by pressing Windows + R to launch the Run application and typing "devmgmt.msc". To create these display drivers, perform the following steps: Step 1: Learn about Windows architecture and drivers. In the main window, double-click Use WDDM graphics display driver for remote Desktop Connections. blank windows. Do not allow pinning programs to the Taskbar, Do not allow pinning Store app to the Taskbar, Do not allow taskbars on more than one display, Do not display any custom toolbars in the taskbar, Do not display or track items in Jump Lists from remote locations, Do not keep history of recently opened documents, Do not search programs and Control Panel items, Do not use the search-based method when resolving shell shortcuts, Do not use the tracking-based method when resolving shell shortcuts, Force Start to be either full screen size or menu size, Go to the desktop instead of Start when signing in, Gray unavailable Windows Installer programs Start Menu shortcuts, Prevent changes to Taskbar and Start Menu Settings, Prevent users from adding or removing toolbars, Prevent users from customizing their Start Screen, Prevent users from moving taskbar to another screen dock location, Prevent users from uninstalling applications from Start, Remove access to the context menus for the taskbar, Remove All Programs list from the Start menu, Remove Clock from the system notification area, Remove common program groups from Start Menu. Under the Experiences tab, uncheck Persistent bitmap caching and continue connecting. Configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0. Allow Secure Boot for integrity validation, Choose how BitLocker-protected operating system drives can be recovered, Configure pre-boot recovery message and URL, Configure TPM platform validation profile (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2), Configure TPM platform validation profile for BIOS-based firmware configurations, Configure TPM platform validation profile for native UEFI firmware configurations, Configure use of hardware-based encryption for operating system drives, Configure use of passwords for operating system drives, Disallow standard users from changing the PIN or password, Enable use of BitLocker authentication requiring preboot keyboard input on slates, Enforce drive encryption type on operating system drives, Require additional authentication at startup (Windows Server 2008 and Windows Vista), Require additional authentication at startup, Reset platform validation data after BitLocker recovery, Use enhanced Boot Configuration Data validation profile, Allow access to BitLocker-protected removable data drives from earlier versions of Windows, Choose how BitLocker-protected removable drives can be recovered, Configure use of hardware-based encryption for removable data drives, Configure use of passwords for removable data drives, Configure use of smart cards on removable data drives, Control use of BitLocker on removable drives, Deny write access to removable drives not protected by BitLocker, Enforce drive encryption type on removable data drives, Choose default folder for recovery password, Choose drive encryption method and cipher strength (Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10 [Version 1507]), Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later), Choose drive encryption method and cipher strength (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2), Choose how users can recover BitLocker-protected drives (Windows Server 2008 and Windows Vista), Disable new DMA devices when this computer is locked, Provide the unique identifiers for your organization, Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista), Validate smart card certificate usage rule compliance, Do not display the password reveal button, Enumerate administrator accounts on elevation, Prevent the use of security questions for local accounts, Require trusted path for credential entry, Allow device name to be sent in Windows diagnostic data, Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service, Configure collection of browsing data for Desktop Analytics, Configure Connected User Experiences and Telemetry, Configure diagnostic data upload endpoint for Desktop Analytics. Double-click Use WDDM graphics display driver for Remote Desktop Connections (available for Windows 10 version 1903 and newer Windows versions). Ignore the default list of blocked TPM commands, Ignore the local list of blocked TPM commands, Standard User Individual Lockout Threshold, Turn on TPM backup to Active Directory Domain Services, Add the Administrators security group to roaming user profiles, Control slow network connection timeout for user profiles, Delete user profiles older than a specified number of days on system restart, Disable detection of slow network connections, Do not check for user ownership of Roaming Profile Folders, Do not forcefully unload the users registry at user logoff, Do not log users on with temporary profiles, Download roaming profiles on primary computers only, Leave Windows Installer and Group Policy Software Installation Data, Maximum retries to unload and update user profile, Prevent Roaming Profile changes from propagating to the server, Prompt user when a slow network connection is detected, Set maximum wait time for the network if a user has a roaming user profile or remote home directory, Set roaming profile path for all users logging onto this computer, Set the schedule for background upload of a roaming user profile's registry file while user is logged on, User management of sharing user name, account picture, and domain information with apps (not desktop apps), Specify Windows File Protection cache location, Activate Shutdown Event Tracker System State Data feature, Allow Distributed Link Tracking clients to use domain resources, Do not automatically encrypt files moved to encrypted folders, Do not display Manage Your Server page at logon. Allow devices compliant with InstantGo or HSTI to opt out of pre-boot PIN. Define security intelligence location for VDI clients. Use WDDM graphics display driver for Remote Desktop Connections to DISABLED . Go to Use WDDM graphics display driver for Remote Desktop Connections, double-click it and choose Disabled . If you are using Windows 10 pro v1909, disable 'Use WDDM graphics display driver for Remote Desktop Connection'. This policy setting lets you enable WDDM graphics display driver for Remote Desktop Connections. Disable showing balloon notifications as toasts. - Use WDDM graphics display driver for Remote Desktop Connections Background: PAM was experiencing slowness in opening RDP session for some Windows target device The issue was solved after turn off this group policy for Windows target device side. Can confirm this works around the issue for me as well (only had to reconnect RDP, not reboot though). Click Display Make sure "Use all my monitory for the remote session" is checked. Then reboot! In the window that opens, select Disabled, and hit OK. Update configuration of group policies to apply new settings with the command: gpupdate /force. Step 6. Reboot your virtual machine. Turn on dynamic Content URI Rules for Windows store apps, Prevent backing up to optical media (CD/DVD), Prevent the user from running the Backup Status and Configuration program, Turn off the ability to back up data files, Turn off the ability to create a system image, Disallow locally attached storage as backup target, Allow domain users to log on using biometrics, Specify timeout for fast user switching events, Allow access to BitLocker-protected fixed data drives from earlier versions of Windows, Choose how BitLocker-protected fixed drives can be recovered, Configure use of hardware-based encryption for fixed data drives, Configure use of passwords for fixed data drives, Configure use of smart cards on fixed data drives, Deny write access to fixed drives not protected by BitLocker, Enforce drive encryption type on fixed data drives. For PDF files that have both landscape and portrait pages, print each in its own orientation. Environment Release : 3.3 Component : PRIVILEGED ACCESS MANAGEMENT Resolution There is no impact. Prioritize H.264/AVC 444 Graphics mode for Remote Desktop connections. In the Windows search box, type gpedit.msc, and press Enter. Configure the system to clear the TPM if it is not in a ready state. In Group Policy Editor under Remote Desktop Session Host -> Remote Session Environment . To do it, open the Local Group Policy Editor (gpedit.msc) and set Use WDDM graphics display driver for Remote Desktop Connections = Disabled in Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Remote Session Environment (or the same in the registry: reg add . Use WDDM graphics display driver for Remote Desktop Connections = Disabled. Right-click on Windows key and select Device Manager from the list of options available. Restrict unpacking and installation of gadgets that are not digitally signed. XPDM and WDDM display drivers cannot co-reside; all graphics adapters in a system must use the same display driver model. No side affects that I see. As the VDA cannot load the display driver, it would not be able to remote using HDX. For this, double the option, select ' Disable '. Computer Configuration > Administrative Templates >Windows Components > Remote Desktop Service Host > Remote Session Environment . Always prompt for password upon connection; Do not allow local administrators to customize permissions WDDM 1.2 compatible driver . * Right-click the current Graphics item in Device manager, and select "Update driver". The six solutions for the errors are presented in the following content, select the proper ones. [Computer Configuration->Policies->Windows Settings->Administrative Templates->Windows Components->Remote Desktop Services->Remote Desktop Session Host->Remote Session Environment], set the Policy [Use WDDM graphics display driver for Remote Desktop Connections] to Disabled. Background Intelligent Transfer Service (BITS), Microsoft Peer-to-Peer Networking Services, Windows Resource Exhaustion Detection and Resolution, Windows Standby/Resume Performance Diagnostics, Windows System Responsiveness Performance Diagnostics, Periodic check for updates to Internet Explorer and Internet Tools, Microsoft Secondary Authentication Factor, Windows Customer Experience Improvement Program, Resultant Set of Policy snap-in extensions, Search in Group Policy Administrative Templates, Force a specific background and accent color, Force a specific default lock screen and logon image, Prevent changing lock screen and logon image, Allow users to enable online speech recognition services, Force selected system UI language to overwrite the user UI language, Restricts the UI language Windows uses for all logged users, Apply the default user logon picture to all users, Do not allow the BITS client to use Windows Branch Cache, Do not allow the computer to act as a BITS Peercaching client, Do not allow the computer to act as a BITS Peercaching server, Limit the age of files in the BITS Peercache, Limit the maximum network bandwidth for BITS background transfers, Limit the maximum network bandwidth used for Peercaching, Limit the maximum number of BITS jobs for each user, Limit the maximum number of BITS jobs for this computer, Limit the maximum number of files allowed in a BITS job, Limit the maximum number of ranges that can be added to the file in a BITS job, Set default download behavior for BITS jobs on costed networks, Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers, Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers, Configure Client BranchCache Version Support, Enable Automatic Hosted Cache Discovery by Service Connection Point, Set percentage of disk space used for client computer cache, Allow DNS suffix appending to unqualified multi-label name queries, Allow NetBT queries for fully qualified domain names, Prefer link local responses over DNS when received over a network with higher precedence, Register DNS records with connection-specific DNS suffix, Turn off smart multi-homed name resolution, Handle Caching on Continuous Availability Shares, Offline Files Availability on Continuous Availability Shares, Disable password strength validation for Peer Grouping, Turn off Microsoft Peer-to-Peer Networking Services, Windows Defender Firewall: Allow ICMP exceptions, Windows Defender Firewall: Allow inbound file and printer sharing exception, Windows Defender Firewall: Allow inbound remote administration exception, Windows Defender Firewall: Allow inbound Remote Desktop exceptions, Windows Defender Firewall: Allow inbound UPnP framework exceptions, Windows Defender Firewall: Allow local port exceptions, Windows Defender Firewall: Allow local program exceptions, Windows Defender Firewall: Define inbound port exceptions, Windows Defender Firewall: Define inbound program exceptions, Windows Defender Firewall: Do not allow exceptions, Windows Defender Firewall: Prohibit notifications, Windows Defender Firewall: Prohibit unicast response to multicast or broadcast requests, Windows Defender Firewall: Protect all network connections, Windows Defender Firewall: Allow authenticated IPsec bypass, Do not show the "local access only" network icon, Prohibit installation and configuration of Network Bridge on your DNS domain network, Prohibit use of Internet Connection Firewall on your DNS domain network, Prohibit use of Internet Connection Sharing on your DNS domain network, Require domain users to elevate when setting a network's location, Route all traffic through the internal network, Specify domain location determination URL, Domains categorized as both work and personal, Enterprise resource domains hosted in the cloud, Allow or Disallow use of the Offline Files feature, At logoff, delete local copy of user's offline files, Enable file synchronization on costed networks, Prohibit user configuration of Offline Files, Remove "Make Available Offline" for these files and folders, Specify administratively assigned Offline Files, Synchronize all offline files before logging off, Synchronize all offline files when logging on, Turn on economical application of administratively assigned Offline Files, Set IP Stateless Autoconfiguration Limits State, Disable power management in connected standby mode, Enable Windows to soft-disconnect a computer from a network, Minimize the number of simultaneous connections to the Internet or a Windows Domain, Prohibit connection to non-domain networks when connected to domain authenticated network, Prohibit connection to roaming Mobile Broadband networks, Configuration of wireless settings using Windows Connect Now, Prohibit access of the Windows Connect Now wizards, Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services, Set Per-App Cellular Access UI Visibility, Sets how often a DFS Client discovers DC's, Add Printer wizard - Network scan page (Managed network), Add Printer wizard - Network scan page (Unmanaged network), Allow Print Spooler to accept client connections, Always rasterize content to be printed using a software rasterizer, Automatically publish new printers in Active Directory, Change Microsoft XPS Document Writer (MXDW) default output format to the legacy Microsoft XPS format (*.xps), Custom support URL in the Printers folder's left pane, Disallow installation of printers using kernel-mode drivers, Do not allow v4 printer drivers to show printer extensions, Enable Device Control Printing Restrictions, Execute print drivers in isolated processes, Extend Point and Print connection to search Windows Update, Limits print driver installation to Administrators, List of Approved USB-connected print devices, Override print driver execution compatibility setting reported by print driver, Package Point and print - Approved servers, Pre-populate printer search location text, Prune printers that are not automatically republished, Remove "Recently added" list from Start Menu, Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands, Customize message for Access Denied errors, Enable access-denied assistance on client for all file types, Microsoft Customer Experience Improvement Program (CEIP), Enable automatic cleanup of unused appv packages, Enable background sync to server when on battery power, Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection, Specify what to load in background (aka AutoLoad), Include command line in process creation events, Allow delegating default credentials with NTLM-only server authentication, Allow delegating fresh credentials with NTLM-only server authentication, Allow delegating saved credentials with NTLM-only server authentication, Remote host allows delegation of non-exportable credentials, Restrict delegation of credentials to remote servers, Deploy Windows Defender Application Control, Enable Device Health Attestation Monitoring and Reporting, Allow administrators to override Device Installation Restriction policies, Allow installation of devices that match any of these device IDs, Allow installation of devices that match any of these device instance IDs, Allow installation of devices using drivers that match these device setup classes, Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria, Display a custom message title when device installation is prevented by a policy setting, Display a custom message when installation is prevented by a policy setting, Prevent installation of devices not described by other policy settings, Prevent installation of devices that match any of these device IDs, Prevent installation of devices that match any of these device instance IDs, Prevent installation of devices using drivers that match these device setup classes, Prevent installation of removable devices, Time (in seconds) to force reboot when required for policy changes to take effect, Allow remote access to the Plug and Play interface, Do not send a Windows error report when a generic driver is installed on a device, Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point, Prevent device metadata retrieval from the Internet, Prevent Windows from sending an error report when a device driver requests additional software during installation, Prioritize all digitally signed drivers equally during the driver ranking and selection process, Specify search order for device driver source locations, Specify the search server for device driver updates, Turn off "Found New Hardware" balloons during device installation, Prevent redirection of devices that match any of these device Ids, Log event when quota warning level exceeded, Configure Per-Process System DPI settings, Allow local activation security check exemptions, Define Activation Security Check exemptions, Allow non-administrators to install drivers for these device setup classes, Turn off Windows Update device driver search prompt, Allow only USB root hub connected Enhanced Storage devices, Configure list of Enhanced Storage devices usable on your computer, Configure list of IEEE 1667 silos usable on your computer, Do not allow non-Enhanced Storage removable devices, Do not allow password authentication of Enhanced Storage devices, Do not allow Windows to activate Enhanced Storage devices, Lock Enhanced Storage when the computer is locked, File Classification Infrastructure: Display Classification tab in File Explorer, File Classification Infrastructure: Specify classification properties list, Configure maximum age of file server shadow copies.