Correctional Officer Williams 60 Days In, Articles U

Environment Release : 3.3 Component : PRIVILEGED ACCESS MANAGEMENT Resolution There is no impact.. The black screen issue has to do with a new RDP display driver (WDDM) used in 1903. Prioritize H.264/AVC 444 Graphics mode for Remote Desktop connections. No side affects that I see. This is the new best answer. Remove "Map Network Drive" and "Disconnect Network Drive", Remove File Explorer's default context menu, Remove the Search the Internet "Search again" link, Remove UI to change keyboard navigation indicator setting, Remove UI to change menu animation setting, Request credentials for network installations, Turn off common control and window animations, Turn off display of recent search entries in the File Explorer search box, Turn off the caching of thumbnails in hidden thumbs.db files, Turn off the display of snippets in Content view mode. The Primary Machine is a Windows PC, laptop or Surface Pro tablet. [Computer Configuration->Policies->Windows Settings->Administrative Templates->Windows Components->Remote Desktop Services->Remote Desktop Session Host->Remote Session Environment], set the Policy [Use WDDM graphics display driver for Remote Desktop Connections] to Disabled. Check the status of RDP Services in Services (I don't remember the exact error message.) The Windows Display Driver Model (WDDM) requires that a graphics hardware vendor supply a paired user-mode display driver and kernel-mode display driver (or display miniport driver ). Save or just connect, but now you should utilize all your monitors. set "Use WDDM graphics display driver for Remote Desktop Connections" to disabled Steps: - Disable the policy described above - Restart host computer (one you're remoting into) - re-connect via remote desktop - re-arrange desktop windows - disconnect - re-connect to test and verify nothing has been compacted back to primary monitor. For this, double the option, select ' Disable '. Easy fix! Hide the TPM Firmware Update recommendation. Configure Applications preference extension policy processing, Configure Data Sources preference extension policy processing, Configure Devices preference extension policy processing, Configure Direct Access connections as a fast network connection, Configure Drive Maps preference extension policy processing, Configure Environment preference extension policy processing, Configure Files preference extension policy processing, Configure Folder Options preference extension policy processing, Configure folder redirection policy processing, Configure Folders preference extension policy processing, Configure Group Policy slow link detection, Configure Ini Files preference extension policy processing, Configure Internet Explorer Maintenance policy processing, Configure Internet Settings preference extension policy processing, Configure Local Users and Groups preference extension policy processing, Configure Network Options preference extension policy processing, Configure Network Shares preference extension policy processing, Configure Power Options preference extension policy processing, Configure Printers preference extension policy processing, Configure Regional Options preference extension policy processing, Configure Registry preference extension policy processing, Configure Scheduled Tasks preference extension policy processing, Configure Services preference extension policy processing, Configure Shortcuts preference extension policy processing, Configure software Installation policy processing, Configure Start Menu preference extension policy processing, Configure user Group Policy loopback processing mode, Configure web-to-app linking with app URI handlers, Determine if interactive users can generate Resultant Set of Policy data, Enable AD/DFS domain controller synchronization during policy refresh, Remove users' ability to invoke machine policy refresh, Set Group Policy refresh interval for computers, Set Group Policy refresh interval for domain controllers, Specify startup policy processing wait time, Specify workplace connectivity wait time for policy processing, Turn off background refresh of Group Policy, Turn off Group Policy Client Service AOAC optimization, Turn off Local Group Policy Objects processing, Turn off access to all Windows Update features, Turn off Automatic Root Certificates Update, Turn off downloading of print drivers over HTTP, Turn off handwriting personalization data sharing, Turn off handwriting recognition error reporting, Turn off Help and Support Center "Did you know?" From what I understand, it isn't just the display adapter that causes the issue with affected chipsets, so putting a new video card in the machine or using a generic driver won't help (and it didn't for me). For PDF files that have both landscape and portrait pages, print each in its own orientation. Remove Default Programs link from the Start menu. If you have Windows 10 Pro, run gpedit.msc and navigate to the following: Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Remote Session Environment Set the Use WDDM graphics display driver for Remote Desktop Connections policy to Disabled Configure the system to clear the TPM if it is not in a ready state. Find your Citrix Admins group, and click OK. Sign up for a free GitHub account to open an issue and contact its maintainers and the community. Step 6. Share Improve this answer Follow answered Oct 4, 2019 at 16:32 Facebook Twitter LinkedIn To create these display drivers, perform the following steps: Step 1: Learn about Windows architecture and drivers. set the policy "Use WDDM graphics display driver for Remote Desktop Connections" to DISABLED. The problem is that Vic-3D 9 requires OpenGL 2.0 and the normal Remote Desktop graphics adapter supplies 1.1. . blank windows. Ignore the default list of blocked TPM commands, Ignore the local list of blocked TPM commands, Standard User Individual Lockout Threshold, Turn on TPM backup to Active Directory Domain Services, Add the Administrators security group to roaming user profiles, Control slow network connection timeout for user profiles, Delete user profiles older than a specified number of days on system restart, Disable detection of slow network connections, Do not check for user ownership of Roaming Profile Folders, Do not forcefully unload the users registry at user logoff, Do not log users on with temporary profiles, Download roaming profiles on primary computers only, Leave Windows Installer and Group Policy Software Installation Data, Maximum retries to unload and update user profile, Prevent Roaming Profile changes from propagating to the server, Prompt user when a slow network connection is detected, Set maximum wait time for the network if a user has a roaming user profile or remote home directory, Set roaming profile path for all users logging onto this computer, Set the schedule for background upload of a roaming user profile's registry file while user is logged on, User management of sharing user name, account picture, and domain information with apps (not desktop apps), Specify Windows File Protection cache location, Activate Shutdown Event Tracker System State Data feature, Allow Distributed Link Tracking clients to use domain resources, Do not automatically encrypt files moved to encrypted folders, Do not display Manage Your Server page at logon. When the Optiplex is the client in a remote desktop session and the host executes a restart, after . Turn off storage and display of search history, Prevent removable media source for any installation, Specify the order in which Windows Installer searches for installation files, Set action to take when logon hours expire, Prevent CD and DVD Media Information Retrieval, Prevent Music File Media Information Retrieval, Enables the use of Token Broker for AD FS authentication, SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services. The Windows Vista* operating system supports two driver models: WDDM: Drivers based on WDDM provide the 3D graphical Windows Aero* user interface experience. Then navigate to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Remote Session Environment. Spice (1) flag Report. Use the branch: Computer Configuration->Policies->Windows Settings->Administrative Templates->Windows Components->Remote Desktop Services->Remote Desktop Session Host->Remote Session Environment, set the Policy Use WDDM graphics display driver for Remote Desktop Connections to Disabled. As the VDA cannot load the display driver, it would not be able to remote using HDX. On the displayed panel, right-click the Use the hardware default graphics adapter for all Remote Desktop Services sessionsentry and then select Editfrom the displayed context menu. Can confirm this works around the issue for me as well (only had to reconnect RDP, not reboot though). Simple fix! Another user connected to ", you can go to way 6 to check login log. Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers. Register domain joined computers as devices, Configure the server address, refresh interval, and issuer certificate authority of a target Subscription Manager, Control Event Log behavior when the log file reaches its maximum size, Events.asp program command line parameters, Hide previous versions list for local files, Hide previous versions list for remote files, Hide previous versions of files on backup location, Prevent restoring local previous versions, Prevent restoring previous versions from backups, Prevent restoring remote previous versions, Allow the use of remote paths in file shortcut icons. "Use WDDM graphics display driver for Remote Desktop . To do it, open the Local Group Policy Editor (gpedit.msc) and set Use WDDM graphics display driver for Remote Desktop Connections = Disabled in Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Remote Session Environment (or the same in the registry: reg add . In the main window, double-click Use WDDM graphics display driver for remote Desktop Connections. By typing gpedit.msc in the Start menu or Run box (Win+R) Browse to: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment Find the item "Use WDDM graphics display driver for Remote Desktop Connections" and disable it. XPDM and WDDM display drivers cannot co-reside; all graphics adapters in a system must use the same display driver model. Configure additional sources for untrusted files in Windows Defender Application Guard. To delegate administration of this GPO to Citrix Admins: On the right, switch to the Delegation tab, and click Add. Computer Configuration > Administrative Templates >Windows Components > Remote Desktop Service Host > Remote Session Environment . Step 1: Select an appropriate GPU optimized Azure virtual machine size Click on the "Display" tab and look to the right under " Driver Model" under the Driver group box. Enable dragging of content from different domains across windows, Enable dragging of content from different domains within a window, Include local path when user is uploading files to a server, Initialize and script ActiveX controls not marked as safe, Launching applications and files in an IFRAME, Navigate windows and frames across different domains, Run .NET Framework-reliant components not signed with Authenticode, Run .NET Framework-reliant components signed with Authenticode, Script ActiveX controls marked safe for scripting, Show security warning for potentially unsafe files, Web sites in less privileged Web content zones can navigate into this zone, Intranet Sites: Include all local (intranet) sites not listed in other zones, Intranet Sites: Include all network paths (UNCs), Intranet Sites: Include all sites that bypass the proxy server, Locked-Down Restricted Sites Zone Template, Turn on certificate address mismatch warning, Turn on Notification bar notification for intranet content, Go to an intranet site for a one-word entry in the Address bar, Allow Internet Explorer to play media files that use alternative codecs, Prevent configuration of search on Address bar, Prevent configuration of top-result search on Address bar, Prevent specifying cipher strength update information URLs, Prevent changing the URL for checking updates to Internet Explorer and Internet Tools, Prevent specifying the update check interval (in days), Open Internet Explorer tiles on the desktop, Set how links are opened in Internet Explorer, Prevent the computer from loading toolbars and Browser Helper Objects when InPrivate Browsing starts, Turn off collection of InPrivate Filtering data, Deny all add-ons unless specifically allowed in the Add-on List, Remove "Run this time" button for outdated ActiveX controls in Internet Explorer, Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects, Turn off blocking of outdated ActiveX controls for Internet Explorer, Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains, Turn on ActiveX control logging in Internet Explorer, Change the maximum number of connections per host (HTTP 1.1), Maximum number of connections per server (HTTP 1.0), Set the maximum number of WebSocket connections per server, Install binaries signed by MD2 and MD4 signing technologies, Restricted Sites Zone Restricted Protocols, Allow fallback to SSL 3.0 (Internet Explorer), Do not display the reveal password button, Lock location of Stop and Refresh buttons, Add a specific list of search providers to the user's list of search providers, Allow "Save Target As" in Internet Explorer mode, Allow Internet Explorer 8 shutdown behavior, Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar, Automatically activate newly installed add-ons, Configure which channel of Microsoft Edge to use for opening redirected sites, Disable Automatic Install of Internet Explorer components, Disable changing Automatic Configuration settings, Disable changing secondary home page settings, Disable Internet Explorer 11 as a standalone browser, Disable Periodic Check for Internet Explorer software updates, Disable software update shell notifications on program launch, Do not allow users to enable or disable add-ons, Enable extended hot keys in Internet Explorer mode, Install new versions of Internet Explorer automatically, Keep all intranet sites in Internet Explorer, Let users turn on and use Enterprise Mode from the Tools menu, Make proxy settings per-machine (rather than per-user), Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet, Prevent bypassing SmartScreen Filter warnings, Prevent changing the default search provider, Prevent configuration of how windows open, Prevent configuration of new tab creation, Prevent Internet Explorer Search box from appearing, Prevent participation in the Customer Experience Improvement Program, Prevent per-user installation of ActiveX controls, Reset zoom to default for HTML dialogs in Internet Explorer mode, Restrict search providers to a specific list, Security Zones: Do not allow users to add/delete sites, Security Zones: Do not allow users to change policies, Security Zones: Use only machine settings. Use WDDM graphics display driver for Remote Desktop Connections = Disabled. Send all sites not included in the Enterprise Mode Site List to Microsoft Edge. In this case, the Remote Desktop Connections will use XDDM graphics display driver. If you enable or do not configure this policy setting, Remote Desktop Connections will use WDDM graphics display driver. - go to Computer Configuration > Policies >Windows Settings >Administrative Templates >Windows Components >Remote Desktop Services >Remote Desktop Session Host >Remote Session Environment], - set the Policy [Use WDDM graphics display driver for Remote Desktop Connections] to Disabled. Show message when opening sites in Microsoft Edge using Enterprise Mode, Specify use of ActiveX Installer Service for installation of ActiveX controls, Turn off ability to pin sites in Internet Explorer on the desktop, Turn off add-on performance notifications, Turn off configuration of pop-up windows in tabbed browsing, Turn off Managing SmartScreen Filter for Internet Explorer 8, Turn off suggestions for all user-installed providers, Turn off the auto-complete feature for web addresses, Turn off the Security Settings Check feature, Automatic Maintenance Activation Boundary, Turn off Automatic Download and Update of Map Data, Turn off unsolicited network traffic on the Offline Maps settings page, Enable automatic MDM enrollment using default Azure AD credentials, Block all consumer Microsoft account user authentication, Display additional text to clients when they need to perform an action, Configure local setting override for reporting to Microsoft MAPS, Configure the 'Block at First Sight' feature, Send file samples when further analysis is required, Exclude files and paths from Attack Surface Reduction Rules, Prevent users and apps from accessing dangerous websites, Define the rate of detection events for logging, Specify additional definition sets for network traffic inspection, Configure local setting override for the removal of items from Quarantine folder, Configure removal of items from Quarantine folder, Configure local setting override for monitoring file and program activity on your computer, Configure local setting override for monitoring for incoming and outgoing file activity, Configure local setting override for scanning all downloaded files and attachments, Configure local setting override for turn on behavior monitoring, Configure local setting override to turn off Intrusion Prevention System, Configure local setting override to turn on real-time protection, Configure monitoring for incoming and outgoing file and program activity, Define the maximum size of downloaded files and attachments to be scanned, Monitor file and program activity on your computer, Scan all downloaded files and attachments, Turn on network protection against exploits of known vulnerabilities, Turn on process scanning whenever real-time protection is enabled, Configure local setting override for the time of day to run a scheduled full scan to complete remediation, Specify the day of the week to run a scheduled full scan to complete remediation, Specify the time of day to run a scheduled full scan to complete remediation, Configure time out for detections in critically failed state, Configure time out for detections in non-critical failed state, Configure time out for detections in recently remediated state, Configure time out for detections requiring additional action, Configure Windows software trace preprocessor components, Check for the latest virus and spyware security intelligence before running a scheduled scan, Configure local setting override for maximum percentage of CPU utilization, Configure local setting override for scheduled quick scan time, Configure local setting override for scheduled scan time, Configure local setting override for schedule scan day, Configure local setting override for the scan type to use for a scheduled scan, Configure low CPU priority for scheduled scans, Define the number of days after which a catch-up scan is forced, Specify the day of the week to run a scheduled scan, Specify the interval to run quick scans per day, Specify the maximum depth to scan archive files, Specify the maximum percentage of CPU utilization during a scan, Specify the maximum size of archive files to be scanned, Specify the scan type to use for a scheduled scan, Specify the time of day to run a scheduled scan, Start the scheduled scan only when computer is on but not in use, Turn on removal of items from scan history folder, Allow notifications to disable security intelligence based reports to Microsoft MAPS, Allow real-time security intelligence updates based on reports to Microsoft MAPS, Allow security intelligence updates from Microsoft Update, Allow security intelligence updates when running on battery power, Check for the latest virus and spyware security intelligence on startup, Define file shares for downloading security intelligence updates. Do not allow compression on all NTFS volumes, Do not allow encryption on all NTFS volumes, Disable delete notifications on all volumes, Selectively allow the evaluation of a symbolic link, Redirect folders on primary computers only, Use localized subfolder names when redirecting Start Menu and My Documents, Configure Applications preference logging and tracing, Configure Data Sources preference logging and tracing, Configure Devices preference logging and tracing, Configure Drive Maps preference logging and tracing, Configure Environment preference logging and tracing, Configure Files preference logging and tracing, Configure Folder Options preference logging and tracing, Configure Folders preference logging and tracing, Configure Ini Files preference logging and tracing, Configure Internet Settings preference logging and tracing, Configure Local Users and Groups preference logging and tracing, Configure Network Options preference logging and tracing, Configure Network Shares preference logging and tracing, Configure Power Options preference logging and tracing, Configure Printers preference logging and tracing, Configure Regional Options preference logging and tracing, Configure Registry preference logging and tracing, Configure Scheduled Tasks preference logging and tracing, Configure Services preference logging and tracing, Configure Shortcuts preference logging and tracing, Configure Start Menu preference logging and tracing, Allow asynchronous user Group Policy processing when logging on through Remote Desktop Services, Allow cross-forest user policy and roaming user profiles, Always use local ADM files for Group Policy Object Editor. Block launching desktop apps associated with a URI scheme. Keep favorites in sync between Internet Explorer and Microsoft Edge, Prevent access to the about:flags page in Microsoft Edge, Prevent bypassing Windows Defender SmartScreen prompts for files, Prevent bypassing Windows Defender SmartScreen prompts for sites, Prevent changes to Favorites on Microsoft Edge, Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start, Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed, Prevent the First Run webpage from opening on Microsoft Edge, Prevent using Localhost IP address for WebRTC, Send all intranet sites to Internet Explorer 11, Show message when opening sites in Internet Explorer, Suppress the display of Edge Deprecation Notification, Allow companion device for secondary authentication, Microsoft Office 365 SharePoint Designer 2013, Ping the settings storage location before sync, Sync settings over metered connections even when roaming, Use User Experience Virtualization (UE-V), Prevent OneDrive files from syncing over metered connections, Prevent OneDrive from generating network traffic until the user signs in to OneDrive, Prevent the usage of OneDrive for file storage, Prevent the usage of OneDrive for file storage on Windows 8.1, Don't launch privacy settings experience on user logon, Make Parental Controls control panel visible on a Domain, Allow hibernate (S4) when starting from a Windows To Go workspace, Disallow standby sleep states (S1-S3) when starting from a Windows to Go workspace, Allow RDP redirection of other supported RemoteFX USB devices from this computer, Allow .rdp files from valid publishers and user's default .rdp settings, Configure server authentication for client, Do not allow hardware accelerated decoding, Prompt for credentials on the client computer, Specify SHA1 thumbprints of certificates representing trusted .rdp publishers, Do not use Remote Desktop Session Host server IP address when virtual IP address is not available, Select the network adapter to be used for Remote Desktop IP Virtualization, Turn off Windows Installer RDS Compatibility, Allow users to connect remotely by using Remote Desktop Services, Deny logoff of an administrator logged in to the console session, Restrict Remote Desktop Services users to a single Remote Desktop Services session, Set rules for remote control of Remote Desktop Services user sessions, Suspend user sign-in to complete app registration, Allow audio and video playback redirection, Do not allow smart card device redirection, Do not allow supported Plug and Play device redirection, Hide notifications about RD Licensing problems that affect the RD Session Host server, Use the specified Remote Desktop license servers, Do not set default client printer to be default printer in a session, Specify RD Session Host server fallback printer driver behavior, Use Remote Desktop Easy Print printer driver first, Limit the size of the entire roaming user profile cache, Set path for Remote Desktop Services Roaming User Profile, Set Remote Desktop Services User Home Directory, Use mandatory profiles on the RD Session Host server, Configure RD Connection Broker server name, Optimize visual experience for Remote Desktop Service Sessions, Optimize visual experience when using RemoteFX, Allow desktop composition for remote desktop sessions, Configure H.264/AVC hardware encoding for Remote Desktop Connections, Configure image quality for RemoteFX Adaptive Graphics, Enable RemoteFX encoding for RemoteFX clients designed for Windows Server 2008 R2 SP1, Enforce Removal of Remote Desktop Wallpaper, Prioritize H.264/AVC 444 graphics mode for Remote Desktop Connections, Remove "Disconnect" option from Shut Down dialog, Remove Windows Security item from Start menu, Use advanced RemoteFX graphics for RemoteApp, Use hardware graphics adapters for all Remote Desktop Services sessions, Use the hardware default graphics adapter for all Remote Desktop Services sessions, Use WDDM graphics display driver for Remote Desktop Connections, Always prompt for password upon connection, Do not allow local administrators to customize permissions, Require use of specific security layer for remote (RDP) connections, Require user authentication for remote connections by using Network Level Authentication, Server authentication certificate template, Set time limit for active but idle Remote Desktop Services sessions, Set time limit for active Remote Desktop Services sessions, Set time limit for logoff of RemoteApp sessions, Prevent automatic discovery of feeds and Web Slices, Prevent subscribing to or deleting a feed or a Web Slice, Turn off background synchronization for feeds and Web Slices, Turn on Basic feed authentication over HTTP, Force TIFF IFilter to perform OCR for every page in a TIFF document, Allow Cortana Page in OOBE on an AAD account, Always use automatic language detection when indexing content and properties, Don't search the web or display web results in Search, Don't search the web or display web results in Search over metered connections, Do not allow locations on removable drives to be added to libraries, Enable indexing of online delegate mailboxes, Enable indexing uncached Exchange folders, Enable throttling for online mail indexing, Prevent adding UNC locations to index from Control Panel, Prevent adding user-specified locations to the All Locations menu, Prevent automatically adding shared folders to the Windows Search index, Prevent clients from querying the index remotely, Prevent customization of indexed locations in Control Panel, Prevent indexing files in offline files cache, Prevent indexing Microsoft Office Outlook, Prevent indexing when running on battery power to conserve energy, Prevent the display of advanced indexing options for Windows Search in the Control Panel, Prevent unwanted iFilters and protocol handlers, Set large or small icon view in desktop search results, Stop indexing in the event of limited hard drive space, Turn on Security Center (Domain PCs only), Timeout for hung logon sessions during shutdown, Turn off legacy remote shutdown interface, Allow certificates with no extended key usage certificate attribute, Allow ECC certificates to be used for logon and authentication, Allow Integrated Unblock screen to be displayed at the time of logon, Display string when smart card is blocked, Force the reading of all certificates from the smart card, Notify user of successful smart card driver installation, Prevent plaintext PINs from being returned by Credential Manager, Reverse the subject name stored in a certificate when displaying, Turn on certificate propagation from smart card, Turn on root certificate propagation from smart card, Control Device Reactivation for Retail devices, Turn off KMS Client Online AVS Validation, Only display the private store within the Microsoft Store, Turn off Automatic Download and Install of updates, Turn off Automatic Download of updates on Win8 machines, Turn off the offer to update to the latest version of Windows, Do not allow printing to Journal Note Writer, For tablet pen input, don't show the Input Panel icon, For touch input, don't show the Input Panel icon, Include rarely used Chinese, Kanji, or Hanja characters, Turn off AutoComplete integration with Input Panel, Turn off password security in Input Panel, Turn off tolerant and Z-shaped scratch-out gestures, Hide Advanced Properties Checkbox in Add Scheduled Task Wizard, Allow uninstallation of language features when a language is uninstalled, Prohibit installing or uninstalling color profiles, Allow Corporate redirection of Customer Experience Improvement uploads, Tag Windows Customer Experience Improvement data with Study Identifier, Configure Corporate Windows Error Reporting, List of applications to always report errors for, List of applications to never report errors for, Automatically send memory dumps for OS-generated error reports, Prevent display of the user interface for critical errors, Send additional data when on battery power, Send data when on connected to a restricted/costed network, Enables or disables Windows Game Recording and Broadcasting, Allow enumeration of emulated smart card for all users, Use certificate for on-premises authentication, Use cloud trust for on-premises authentication, Use Windows Hello for Business certificates as smart card certificates, Allow suggested apps in Windows Ink Workspace, Allow users to browse for source while elevated, Allow users to use media source while elevated, Control maximum size of baseline file cache, Prevent Internet Explorer security prompt for Windows Installer scripts, Prevent users from using Windows Installer to install updates and upgrades, Prohibit non-administrators from applying vendor signed updates, Save copies of transform files in a secure location on workstation, Specify the types of events Windows Installer records in its transaction log, Turn off creation of System Restore checkpoints, Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot, Disable or enable software Secure Attention Sequence, Display information about previous logons during user logon, Report when logon server was not available during user logon, Sign-in and lock last interactive user automatically after a restart, Prevent Windows Media DRM Internet Access, Prevent Quick Launch Toolbar Shortcut Creation, Do not automatically start Windows Messenger initially, Set the default source path for Update-Help, Allow remote server management through WinRM, Disallow WinRM from storing RunAs credentials, Specify channel binding token hardening level, Specify maximum amount of memory in MB per Shell, Specify maximum number of processes per Shell, Specify maximum number of remote shells per user, Hide the Device performance and health area, Hide the Security processor (TPM) troubleshooter page.