Customizing the Microsoft Management Console 03-2007.doc
Page 1 of 43
Copyright © 2005 Curators of the University of Missouri
Customizing the Microsoft Management Console
There are many reasons that you may want to create a customized Microsoft
Management Console (MMC). We will be looking at some of the reasons and showing
examples of how to create specific consoles to perform tasks. By using custom consoles
we can streamline the repetitive tasks we perform every day. We can also create a
custom MMC to run on desktops as a means of increasing security.
What are the requirments?
Windows XP and higher
Windows Server 2003 Service Pack 1 Administration Tools Pack (Requires
XP/2003)
I will be using Windows XP-SP2 and the Windows 2003 Admin pack for all the
examples and instructions in this document. The items discussed in this document are
pertinent to Windows 2000/2003/XP.
In this document we will look at several ways to customize the console and reasons why
we would do this.
Goal:
Install the Windows Adminpak
Open a MMC console
Add/Remove Snap-In
Customize the Console
Customizing the Microsoft Management Console 03-2007.doc
Page 2 of 43
Copyright © 2005 Curators of the University of Missouri
Below is a list of Snap-in’s that are available by default in Windows XP and then what is
available after installing the adminpak:
Pre-Adminpak
Post-Adminpak
.NET Framework 1.1 Configuration
.NET Framework 1.1 Configuration
ActiveX Control
Active Directory Domains and Trusts
Certificates
Active Directory Schema
Component Services
Active Directory Sites and Services
Computer Management
Active Directory Users and Computers
Device Manager
ActiveX Control
Disk Defragmenter
Authorization Manager
Disk Management
Certificate Templates
Event Viewer
Certificates
Folder
Certification Authority
Group Policy Object Editor
Component Services
Indexing Service
Computer Management
IP Security Monitor
Device Manager
IP Security Policy Management
DHCP
Link to Web Address
Disk Defragmenter
Local Users and Groups
Disk Management
Performance Logs and Alerts
Distributed File System
Removable Storage Management
DNS
Resultant Set of Policies
Event Viewer
Security Configuration and Analysis
Folder
Security Templates
Group Policy Management
Services
Group Policy Object Editor
Shared Folders
Indexing Service
WMI Control
IP Security Monitor
IP Security Policy Management
Link to Web Address
Local Users and Groups
Performance Logs and Alerts
Print Management
Remote Desktops
Remote Storage
Removable Storage Management
Resultant Set of Policies
Security Configuration and Analysis
Security Templates
Services
Shared Folders
Telephony
UDDI Services
WINS
WMI Control
IIS Snap-in is installed on Windows XP from Add/Remove programs
Exchange tools are located on the Exchange CD
Customizing the Microsoft Management Console 03-2007.doc
Page 3 of 43
Copyright © 2005 Curators of the University of Missouri
By default, there are tools such as the Remote Administration snap-in that is not available
on workstations and is not listed when you click ‘Add snap-in’ on the file menu. In order
to gain access to these tools you must install the adminpak on all systems that require
access to specific services such as Active Directory Users and Computers, DNS etc.
You do NOT need to load this on systems that are using the MMC as a program launcher.
All 2000/XP systems have the MMC modules loaded for basic system management.
Windows 2003 SP1 Adminpak (Windows XP compatible) download at:
http://www.microsoft.com/downloads/details.aspx?familyid=E487F885-F0C7-436A-
A392-25793A25BAD7&displaylang=en
Windows 2000:
The adminpak is on the CD in the i386 directory. Copy this to a network share and
install where necessary.
All examples from this point use Windows XP with the 2003 SP1 adminpak.
Installing the Admin Pack
1. Download the admin pack from the link above
2. Double-click the installer
3. Security Warning Dialog
4. Click RUN
5. Select the location for the temp files
6. Click Ok
7. Create folder (Only comes up if you tell it a folder that does not exist)
8. Click Yes
9. Files are extracted
10. Browse to the location you specified to extract files
Customizing the Microsoft Management Console 03-2007.doc
Page 4 of 43
Copyright © 2005 Curators of the University of Missouri
11. Double-Click the adminpak.msi file
12. Welcome Dialog – Click next
13. Read EULA – Click “I Agree” (Only if you do!)
14. Click Next
15. Click Finish
You have now installed the Windows 2003 server admin pack. You have the tools
available on your workstation to manage all of the servers!
Remember: If there are updates (such as Windows 2003 SP2) make sure to get the
newest adminpak!
Now that we have some additional tools installed lets look at server management first.
We can create custom consoles that perform specific tasks or that allow us to consolidate
servers that perform the same role. For instance, we can create a custom console that
includes all of the IIS servers so that we can easily manage multiple systems within the
one console.
Let’s create a simple console that includes multiple servers. We will manage all the DNS
servers within the network.
1. Start / Run
2. MMC
3. Click Ok
4. Click File
Customizing the Microsoft Management Console 03-2007.doc
Page 5 of 43
Copyright © 2005 Curators of the University of Missouri
5. Add/Remove Snap-in…
6. Click Add
Customizing the Microsoft Management Console 03-2007.doc
Page 6 of 43
Copyright © 2005 Curators of the University of Missouri
7. Choose the snap-in that you need (DNS)
8. ADD the number of DNS modules for the number of servers that you want to
manage
9. When you have added the snap-ins click Close
10. Add/Remove Snap-in windows will show the snap-ins that have been chosen
Customizing the Microsoft Management Console 03-2007.doc
Page 7 of 43
Copyright © 2005 Curators of the University of Missouri
11. Click Ok
12. Click on the DNS Snap-in
13. Enter the machine information
14. Click Ok
Customizing the Microsoft Management Console 03-2007.doc
Page 8 of 43
Copyright © 2005 Curators of the University of Missouri
15. Repeat for the number of DNS servers that are managed
Save the Console
16. Click File / Save as…
17. Enter the name for the Console – All DNS Consoles.msc
18. Click Save
19. Default save location is: Docs and Settings\USERNAME\Start
Menu\Administrative Tools folder
Customizing the Microsoft Management Console 03-2007.doc
Page 9 of 43
Copyright © 2005 Curators of the University of Missouri
We have now created a simple custom console to manage the DNS servers within the
domain. There is so much more that we can do beyond this simple console. We can
customize the consoles appearance and add buttons to simplify tasks as well as limiting
what specific users can do within a console.
I would like to get fancier with this next customized console. Let’s create a console that
allows specific tasks such as Adding, Deleting and managing user accounts.
We will start by opening an empty MMC as we did above.
1. Start / Run
2. MMC
3. Click Ok
4. Click File
5. Add/Remove Snap-in…
Customizing the Microsoft Management Console 03-2007.doc
Page 10 of 43
Copyright © 2005 Curators of the University of Missouri
6. Click Add
7. Choose the snap-in that you need (Active Directory Users and Computers)
8. Click Ok (after adding the Snap-in)
9. Once the Snap-in is added it should look like this:
We have the Snap-in added let’s start customizing!
10. First lets expand the console so that we can access the user accounts
11. Click the + beside the domain
12. Click On Users container
Customizing the Microsoft Management Console 03-2007.doc
Page 11 of 43
Copyright © 2005 Curators of the University of Missouri
In order to customize our view we will need to modify the taskpad view.
13. Click Action
14. Click New Taskpad View…
15. Taskpad View Wizard opens
16. Click Next
17. New Taskpad View Wizard Display
Customizing the Microsoft Management Console 03-2007.doc
Page 12 of 43
Copyright © 2005 Curators of the University of Missouri
This screen allows us to select the look of our customized console. We can choose
Horizontal, Vertical or no list at all. We can also select if we want to hide the standard
Tab. Choose the style that you would like for the descriptions and the list size.
18. Click Horizontal
19. Click Next
20. Target Taskpad
Customizing the Microsoft Management Console 03-2007.doc
Page 13 of 43
Copyright © 2005 Curators of the University of Missouri
This view allows us to choose wether we see the entire TREE or just the item we had
selected before we started.
21. Click Selected tree item
22. Click Next
23. Name and Description
Customizing the Microsoft Management Console 03-2007.doc
Page 14 of 43
Copyright © 2005 Curators of the University of Missouri
24. Enter a Name and description for the taskpad
25. Click Next
26. Completing the Taskpad Wizard
27. Click Finish
Notice the checked box for the New Task Wizard. We created a view now we need to
create the specific tasks that we need to perform.
28. New Task Wizard opens
29. Click Next
Customizing the Microsoft Management Console 03-2007.doc
Page 15 of 43
Copyright © 2005 Curators of the University of Missouri
30. We can choose the command type that we want, for this example we will use
Menu Command
31. Click Next
Shortcut Menu: Choose the command that you wish to perform, you can also choose the
source for the commands that will be chosen on either the Details pane or the Tree pane.
We will be removing the Tree pane so we will choose the details pane.
Customizing the Microsoft Management Console 03-2007.doc
Page 16 of 43
Copyright © 2005 Curators of the University of Missouri
32. Choose Reset Password
33. Click next
34. Name and Descriptions
35. Default values are entered on this screen
Customizing the Microsoft Management Console 03-2007.doc
Page 17 of 43
Copyright © 2005 Curators of the University of Missouri
36. Click Next
37. Choose an Icon for the task, or add a custom Icon
38. Click Next
We have completed the New Task, we can now choose to create additional tasks by
checking the box, run this wizard again or we can click finish and close the Wizard. We
can always choose to run the wizard again later. I am going to create a few more tasks,
Add user to group and deleting a user. The steps are the same for each task, so I will
forgo the steps. Once done we will continue with customizing the way the console looks
and acts.
Our goal is to have this console available for staff to use, but we do not want them to be
able to modify any of the settings. We want the tasks that we have allowed to be the only
tasks that can be performed within this console.
NOTE: You will only see the tasks that are created when you select an item that
can have the specific task run.
Example: If you select a group you will not see the Change Password task
since you cannot change the password for a group!
Customizing the Microsoft Management Console 03-2007.doc
Page 18 of 43
Copyright © 2005 Curators of the University of Missouri
Let’s change the console and remove the tree view, menus and anything else that would
allow a user to modify the taskpad. Our Console should now look like this:
39. Click View
40. Click Customize…
41. Uncheck ALL items on this screen
Customizing the Microsoft Management Console 03-2007.doc
Page 19 of 43
Copyright © 2005 Curators of the University of Missouri
42. Click Ok
43. Click File
44. Click Options
45. Change to User Mode – limited access, single window
46. Check Do not save changes to this console
47. Uncheck Allow the user to customize views
48. Click Ok
49. Click File / Save as…
Customizing the Microsoft Management Console 03-2007.doc
Page 20 of 43
Copyright © 2005 Curators of the University of Missouri
50. Save the console User Console.msc
51. click Save
Customizing the Microsoft Management Console 03-2007.doc
Page 21 of 43
Copyright © 2005 Curators of the University of Missouri
We have completed creating this custom console, lets open it up and see exactly what it
will look like for users. You will notice that the menus are now unavailable and the only
tasks that can be performed are the ones that we have defined.
We have now created a custom console that we could use for specific people that are
required to make changes to user accounts without them having the ability to navigate
and change other items within Active Directory Users and Computers.
We can also go much more in-depth in the abilities and tasks that can be performed.
Taking time to look through the different options to see what is available can save much
time in the future when dealing with customized consoles.
We can use the MMC console to do much more than just manage user accounts. We can
create custom taskpad views and tasks for any Snap-in that is available. We can also use
the MMC as a program launcher.
Customizing the Microsoft Management Console 03-2007.doc
Page 22 of 43
Copyright © 2005 Curators of the University of Missouri
Customizing the MMC as a custom desktop / program launcher
Creating an MMC as a custom program launcher is very simple now that we know the
basics. Let’s go through this and create a launcher that will allow specific programs to be
deployed.
1. Open a new MMC
2. Click Actions
3. New Taskpad view…
4. Wizard Opens, Click Next
5. Choose No List
6. Choose Text for style of task descriptions
7. Click Next
8. Taskpad target: Click Next
9. Name and Description
a. Customized App launcher
b. Used as a custom launcher for specific applications
10. Click Next
11. Complete Taskpad View
12. Ensure Start New Task Wizard is checked
13. Click Finish
14. New Task Wizard: Click next
15. Choose Shell Command
Customizing the Microsoft Management Console 03-2007.doc
Page 23 of 43
Copyright © 2005 Curators of the University of Missouri
Shell commands allow us to launch applications or scripts that require a shell.
16. Click Next
17. Select the application to launch
Customizing the Microsoft Management Console 03-2007.doc
Page 24 of 43
Copyright © 2005 Curators of the University of Missouri
18. Click Next
19. Choose a Task name and description
20. Click Next
21. Choose an Icon (I chose the application Icon)
22. Click Next
23. Click Finish
Customizing the Microsoft Management Console 03-2007.doc
Page 25 of 43
Copyright © 2005 Curators of the University of Missouri
You can now add as many custom Applications or scripts that you want for your desktop.
I will go through and add a couple more applications prior to continuing the
customization.
I have setup some additional applications to our launcher, it now looks like this:
This is not yet acceptable as a desktop that will only allow these specific applications.
We still need to take away options so that users cannot make changes to the console.
1. Click View
2. Click Customize…
Customizing the Microsoft Management Console 03-2007.doc
Page 26 of 43
Copyright © 2005 Curators of the University of Missouri
3. Uncheck ALL items on this screen
4. Click Ok
5. Click File
6. Click Options
7. Change to User Mode – limited access, single window
8. Check Do not save changes to this console
9. Uncheck Allow the user to customize views
Customizing the Microsoft Management Console 03-2007.doc
Page 27 of 43
Copyright © 2005 Curators of the University of Missouri
10. Click Ok
11. Click File / Save as…
12. Save the console User Desktop.msc
You have now created a customized desktop. Using Group policy you can deploy this to
launch when a user logs into a system. In a previous session I created a Total User
lockdown policy that uses a customized desktop in order to prevent users from
performing tasks that are not allowed.
Customizing the Microsoft Management Console 03-2007.doc
Page 28 of 43
Copyright © 2005 Curators of the University of Missouri
Here is what our finalized MMC looks like:
Using a combination of custom MMCs and Group policy we can have the ability to lock
down a user’s ability to do anything on the system other than what we have allowed.
Customizing the Microsoft Management Console 03-2007.doc
Page 30 of 43
Copyright © 2005 Curators of the University of Missouri
Appendix A
The Policy below was created to give you an idea of the settings that you can use to
completely lockdown a user; preventing the user from accessing specific system utilities
or configurations.
Total User Lockdown
Data collected on: 3/16/2006
8:08:41 AM
hide all
General
hide
Detailshide
Domain
testDC.more.net
Owner
TESTDC\Domain Admins
Created
3/7/2006 8:25:32 AM
Modified
3/16/2006 8:07:58 AM
User Revisions
175 (AD), 175 (sysvol)
Computer Revisions
0 (AD), 0 (sysvol)
Unique ID
{1F9C4F89-AD0F-4016-8F82-F2749D4D5C0C}
GPO Status
Computer settings disabled
Linkshide
Location
Enforced
Link Status
Path
Test
No
Enabled
testDC.more.net/Test
This list only includes links in the domain of the GPO.
Security Filteringhide
The settings in this GPO can only apply to the following groups, users, and computers:
Name
NT AUTHORITY\Authenticated Users
WMI Filteringhide
WMI Filter Name
None
Description
Not applicable
Delegationhide
These groups and users have the specified permission for this GPO
Name
Allowed Permissions
Inherited
NT AUTHORITY\Authenticated Users
Read (from Security Filtering)
No
NT AUTHORITY\ENTERPRISE
DOMAIN CONTROLLERS
Read
No
NT AUTHORITY\SYSTEM
Edit settings, delete, modify security
No
TESTDC\Domain Admins
Edit settings, delete, modify security
No
TESTDC\Enterprise Admins
Edit settings, delete, modify security
No
Computer Configuration (Disabled)
hide
No settings defined.
User Configuration (Enabled)
hide
Customizing the Microsoft Management Console 03-2007.doc
Page 34 of 43
Copyright © 2005 Curators of the University of Missouri
Remove Set Program Access and Defaults from Start menu Enabled
Remove user name from Start Menu
Enabled
Remove user's folders from the Start Menu
Enabled
Turn off notification area cleanup
Enabled
Turn off personalized menus
Enabled
Systemhide
Policy
Setting
Don't display the Getting Started welcome screen at logon
Enabled
Don't run specified Windows applications
Enabled
List of disallowed applications
sol.exe
Policy
Setting
Prevent access to registry editing tools
Enabled
Disable regedit from running silently?
Yes
Policy
Setting
Prevent access to the command prompt
Enabled
Disable the command prompt script processing also?
Yes
Policy
Setting
Turn off Autoplay
Enabled
Turn off Autoplay on:
All drives
Policy
Setting
Turn off Windows Update device driver search prompt
Enabled
System/Ctrl+Alt+Del Optionshide
Policy
Setting
Remove Task Manager
Enabled
System/Group Policyhide
Policy
Setting
Group Policy refresh interval for users
Enabled
This setting allows you to customize how often Group Policy is applied
to users. The range is 0 to 64800 minutes (45 days).
Customizing the Microsoft Management Console 03-2007.doc
Page 35 of 43
Copyright © 2005 Curators of the University of Missouri
Minutes:
15
This is a random time added to the refresh interval to prevent
all clients from requesting Group Policy at the same time.
The range is 0 to 1440 minutes (24 hours)
Minutes:
30
Policy
Setting
Group Policy slow link detection
Enabled
Connection speed (Kbps):
50
Enter 0 to disable slow link detection.
System/Internet Communication Managementhide
Policy
Setting
Restrict Internet communication
Enabled
System/Internet Communication Management/Internet Communication settingshide
Policy
Setting
Turn off downloading of print drivers over HTTP
Enabled
Turn off Internet download for Web publishing and online
ordering wizards
Enabled
Turn off Internet File Association service
Enabled
Turn off printing over HTTP
Enabled
Turn off the "Order Prints" picture task
Enabled
Turn off the "Publish to Web" task for files and folders
Enabled
Turn off the Windows Messenger Customer Experience
Improvement Program
Enabled
Turn off Windows Movie Maker automatic codec downloads Enabled
Turn off Windows Movie Maker online Web links
Enabled
Turn off Windows Movie Maker saving to online video
hosting provider
Enabled
System/Logonhide
Policy
Setting
Customizing the Microsoft Management Console 03-2007.doc
Page 37 of 43
Copyright © 2005 Curators of the University of Missouri
FrontPage Server Extensions
Enabled
Internet Authentication Service (IAS)
Enabled
Windows Components/Microsoft Management Console/Restricted/Permitted snap-ins/Group Policyhide
Policy
Setting
Group Policy Management
Disabled
Group Policy Object Editor
Disabled
Group Policy tab for Active Directory Tools
Disabled
Windows Components/Task Schedulerhide
Policy
Setting
Hide Property Pages
Enabled
Windows Components/Terminal Services/Clienthide
Policy
Setting
Do not allow passwords to be saved
Enabled
Windows Components/Windows Explorerhide
Policy
Setting
Allow only per user or approved shell extensions
Enabled
Do not request alternate credentials
Enabled
Hide these specified drives in My Computer
Enabled
Pick one of the following combinations
Restrict A, B, C and D drives only
Policy
Setting
No "Computers Near Me" in My Network Places
Enabled
No "Entire Network" in My Network Places
Enabled
Prevent access to drives from My Computer
Enabled
Pick one of the following combinations
Restrict A, B, C and D drives only
Policy
Setting
Remove "Map Network Drive" and "Disconnect Network
Drive"
Enabled
Remove CD Burning features
Enabled
Remove Hardware tab
Enabled
Remove Search button from Windows Explorer
Enabled
Remove Security tab
Enabled
Remove Shared Documents from My Computer
Enabled
Remove Windows Explorer's default context menu
Enabled
Customizing the Microsoft Management Console 03-2007.doc
Page 38 of 43
Copyright © 2005 Curators of the University of Missouri
Removes the Folder Options menu item from the Tools
menu
Enabled
Request credentials for network installations
Enabled
Turn off caching of thumbnail pictures
Enabled
Turn off Windows+X hotkeys
Enabled
Windows Components/Windows Explorer/Common Open File Dialoghide
Policy
Setting
Hide the common dialog back button
Enabled
Hide the common dialog places bar
Enabled
Hide the dropdown list of recent files
Enabled
Windows Components/Windows Installerhide
Policy
Setting
Always install with elevated privileges
Disabled
Windows Components/Windows Media Playerhide
Policy
Setting
Prevent CD and DVD Media Information Retrieval
Enabled
Prevent Music File Media Information Retrieval
Enabled
Prevent Radio Station Preset Retrieval
Enabled
Windows Components/Windows Media Player/Networkinghide
Policy
Setting
Hide Network Tab
Enabled
Windows Components/Windows Media Player/Playbackhide
Policy
Setting
Prevent Codec Download
Enabled
Windows Components/Windows Media Player/User Interfacehide
Policy
Setting
Do Not Show Anchor
Enabled
Hide Privacy Tab
Enabled
Hide Security Tab
Enabled
Windows Components/Windows Messengerhide
Policy
Setting
Do not allow Windows Messenger to be run
Enabled
Do not automatically start Windows Messenger initially
Enabled
Windows Components/Windows Movie Makerhide
Policy
Setting
Do not allow Windows Movie Maker to run
Enabled
Windows Components/Windows Updatehide
Customizing the Microsoft Management Console 03-2007.doc
Page 40 of 43
Copyright © 2005 Curators of the University of Missouri
Total Computer Lockdown
Data collected on: 3/8/2006
1:57:32 PM
General
Details
Domain
testDC.more.net
Owner
TESTDC\Domain Admins
Created
3/8/2006 10:59:30 AM
Modified
3/8/2006 11:33:48 AM
User Revisions
0 (AD), 0 (sysvol)
Computer Revisions
27 (AD), 27 (sysvol)
Unique ID
{083CEB2E-38B8-4FFA-A313-B49926B49911}
GPO Status
User settings disabled
Links
Location
Enforced
Link Status
Path
Test CP
No
Enabled
testDC.more.net/Test
CP
This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
NT AUTHORITY\Authenticated Users
WMI Filtering
WMI Filter Name
None
Description
Not applicable
Delegation
These groups and users have the specified permission for this GPO
Name
Allowed Permissions
Inherited
NT AUTHORITY\Authenticated Users
Read (from Security Filtering)
No
NT AUTHORITY\ENTERPRISE
DOMAIN CONTROLLERS
Read
No
NT AUTHORITY\SYSTEM
Edit settings, delete, modify security
No
TESTDC\Domain Admins
Edit settings, delete, modify security
No
TESTDC\Enterprise Admins
Edit settings, delete, modify security
No
Computer Configuration (Enabled)
Windows Settings
Security Settings
Public Key Policies/Autoenrollment Settings
Policy
Setting
Customizing the Microsoft Management Console 03-2007.doc
Page 41 of 43
Copyright © 2005 Curators of the University of Missouri
Enroll certificates automatically
Enabled
Renew expired certificates, update pending certificates,
and remove revoked certificates
Disabled
Update certificates that use certificate templates
Disabled
Public Key Policies/Encrypting File System
Properties
Policy
Setting
Allow users to encrypt files using Encrypting File System
(EFS)
Enabled
Public Key Policies/Trusted Root Certification Authorities
Properties
Policy
Setting
Allow users to select new root certification authorities
(CAs) to trust
Enabled
Client computers can trust the following certificate stores
Third-Party Root Certification Authorities and Enterprise
Root Certification Authorities
To perform certificate-based authentication of users and
computers, CAs must meet the following criteria
Registered in Active Directory only
Administrative Templates
Network/Microsoft Peer-to-Peer Networking Services
Policy
Setting
Turn off Microsoft Peer-to-Peer Networking Services
Enabled
System/Group Policy
Policy
Setting
Group Policy refresh interval for computers
Enabled
This setting allows you to customize how often Group Policy is applied
to computers. The range is 0 to 64800 minutes (45 days).
Minutes:
15
This is a random time added to the refresh interval to prevent
all clients from requesting Group Policy at the same time.
The range is 0 to 1440 minutes (24 hours)
Customizing the Microsoft Management Console 03-2007.doc
Page 42 of 43
Copyright © 2005 Curators of the University of Missouri
Minutes:
30
Windows Components/Application Compatibility
Policy
Setting
Prevent access to 16-bit applications
Enabled
Windows Components/Internet Explorer
Policy
Setting
Disable Automatic Install of Internet Explorer components
Enabled
Disable Periodic Check for Internet Explorer software
updates
Enabled
Do not allow users to enable or disable add-ons
Enabled
Security Zones: Do not allow users to add/delete sites
Enabled
Security Zones: Do not allow users to change policies
Enabled
Turn off Crash Detection
Enabled
Windows Components/Internet Explorer/Internet Control Panel
Policy
Setting
Disable the Advanced page
Enabled
Disable the Connections page
Enabled
Disable the Content page
Enabled
Disable the Programs page
Enabled
Windows Components/Internet Information Services
Policy
Setting
Prevent IIS installation
Enabled
Windows Components/NetMeeting
Policy
Setting
Disable remote Desktop Sharing
Enabled
Windows Components/Security Center
Policy
Setting
Turn on Security Center (Domain PCs only)
Enabled
Windows Components/Windows Installer
Policy
Setting
Prohibit non-administrators from applying vendor signed
updates
Enabled
Prohibit removal of updates
Enabled
Prohibit User Installs
Enabled
User Install Behavior:
Hide User Installs
Windows Components/Windows Media Player
Customizing the Microsoft Management Console 03-2007.doc
Page 43 of 43
Copyright © 2005 Curators of the University of Missouri
Policy
Setting
Do Not Show First Use Dialog Boxes
Enabled
Prevent Automatic Updates
Enabled
Prevent Desktop Shortcut Creation
Enabled
Prevent Quick Launch Toolbar Shortcut Creation
Enabled
Windows Components/Windows Messenger
Policy
Setting
Do not allow Windows Messenger to be run
Enabled
Do not automatically start Windows Messenger initially
Enabled
User Configuration (Disabled)
No settings defined.
