????

Your IP : 216.73.216.136


Current Path : C:/Windows/PolicyDefinitions/en-US/
Upload File :
Current File : C:/Windows/PolicyDefinitions/en-US/WinLogon.adml

<?xml version="1.0" encoding="utf-8"?>
<!--  (c) 2006 Microsoft Corporation  -->
<policyDefinitionResources xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.0" schemaVersion="1.0" xmlns="http://schemas.microsoft.com/GroupPolicy/2006/07/PolicyDefinitions">
  <displayName>enter display name here</displayName>
  <description>enter description here</description>
  <resources>
    <stringTable>
      <string id="DisplayLastLogonInfoDescription">Display information about previous logons during user logon</string>
      <string id="DisplayLastLogonInfoDescription_Help">This policy setting controls whether or not the system displays information about previous logons and logon failures to the user.

For local user accounts and domain user accounts in domains of at least a Windows Server 2008 functional level, if you enable this setting, a message appears after the user logs on that displays the date and time of the last successful logon by that user, the date and time of the last unsuccessful logon attempted with that user name, and the number of unsuccessful logons since the last successful logon by that user. This message must be acknowledged by the user before the user is presented with the Microsoft Windows desktop.

For domain user accounts in Windows Server 2003, Windows 2000 native, or Windows 2000 mixed functional level domains, if you enable this setting, a warning message will appear that Windows could not retrieve the information and the user will not be able to log on. Therefore, you should not enable this policy setting if the domain is not at the Windows Server 2008 domain functional level.

If you disable or do not configure this setting, messages about the previous logon or logon failures are not displayed.</string>
      <string id="Logon">Windows Logon Options</string>
      <string id="LogonHoursAction_Disconnect">Disconnect</string>
      <string id="LogonHoursAction_Lock">Lock</string>
      <string id="LogonHoursAction_Logoff">Logoff</string>
      <string id="LogonHoursNotificationPolicyDescription">Remove logon hours expiration warnings</string>
      <string id="LogonHoursNotificationPolicyDescription_Help">This policy controls whether the logged on user should be notified when his logon hours are about to expire. By default, a user is notified before logon hours expire, if actions have been set to occur when the logon hours expire.

If you enable this setting, warnings are not displayed to the user before the logon hours expire.

If you disable or do not configure this setting, users receive warnings before the logon hours expire, if actions have been set to occur when the logon hours expire.

Note: If you configure this setting, you might want to examine and appropriately configure the “Set action to take when logon hours expire” setting. If “Set action to take when logon hours expire” is disabled or not configured, the “Remove logon hours expiration warnings” setting will have no effect, and users receive no warnings about logon hour expiration</string>
      <string id="LogonHoursPolicyDescription">Set action to take when logon hours expire</string>
      <string id="LogonHoursPolicyDescription_Help">This policy controls which action will be taken when the logon hours expire for the logged on user. The actions include lock the workstation, disconnect the user, or log the user off completely.

If you choose to lock or disconnect a session, the user cannot unlock the session or reconnect except during permitted logon hours.

If you choose to log off a user, the user cannot log on again except during permitted logon hours. If you choose to log off a user, the user might lose unsaved data.

If you enable this setting, the system will perform the action you specify when the user’s logon hours expire.

If you disable or do not configure this setting, the system takes no action when the user’s logon hours expire. The user can continue the existing session, but cannot log on to a new session.

Note: If you configure this setting, you might want to examine and appropriately configure the “Remove logon hours expiration warnings” setting</string>
      <string id="ReportCachedLogonPolicyDescription">Report when logon server was not available during user logon</string>
      <string id="ReportCachedLogonPolicyDescription_Help">This policy controls whether the logged on user should be notified if the logon server could not be contacted during logon and he has been logged on using previously stored account information.

If enabled, a notification popup will be displayed to the user when the user logs on with cached credentials.

If disabled or not configured, no popup will be displayed to the user.</string>

      <string id="SoftwareSASGenerationDescription">Disable or enable software Secure Attention Sequence</string>
      <string id="SoftwareSASGenerationDescription_Help">This policy setting controls whether or not software can simulate the Secure Attention Sequence (SAS).

If you enable this policy setting, you have one of four options:

If you set this policy setting to "None," user mode software cannot simulate the SAS.
If you set this policy setting to "Services," services can simulate the SAS.
If you set this policy setting to "Ease of Access applications," Ease of Access applications can simulate the SAS.
If you set this policy setting to "Services and Ease of Access applications," both services and Ease of Access applications can simulate the SAS.

If you disable or do not configure this setting, only Ease of Access applications running on the secure desktop can simulate the SAS.</string>

      <string id="SoftwareSASGeneration_None">None</string>
      <string id="SoftwareSASGeneration_SYSTEM">Services</string>
      <string id="SoftwareSASGeneration_UIAccess">Ease of Access applications</string>
      <string id="SoftwareSASGeneration_Both">Services and Ease of Access applications</string>

      <string id="CustomShellPolicyDescription">Custom User Interface</string>
      <string id="CustomShellPolicyDescription_Help">Specifies an alternate user interface.

The Explorer program (%windir%\explorer.exe) creates the familiar Windows interface, but you can use this setting to specify an alternate interface. If you enable this setting, the system starts the interface you specify instead of Explorer.exe.

To use this setting, copy your interface program to a network share or to your system drive. Then, enable this setting, and type the name of the interface program, including the file name extension, in the Shell name text box. If the interface program file is not located in a folder specified in the Path environment variable for your system, enter the fully qualified path to the file.

If you disable this setting or do not configure it, the setting is ignored and the system displays the Explorer interface.

Tip: To find the folders indicated by the Path environment variable, click System Properties in Control Panel, click the Advanced tab, click the Environment Variables button, and then, in the System variables box, click Path.</string>

      <string id="AutomaticRestartSignOnDescription">Sign-in and lock last interactive user automatically after a restart</string>
      <string id="AutomaticRestartSignOnDescription_Help">This policy setting controls whether a device will automatically sign in and lock the last interactive user after the system restarts or after a shutdown and cold boot.

This only occurs if the last interactive user didn’t sign out before the restart or shutdown.​

If the device is joined to Active Directory or Azure Active Directory, this policy only applies to Windows Update restarts. Otherwise, this will apply to both Windows Update restarts and user-initiated restarts and shutdowns.​

If you don’t configure this policy setting, it is enabled by default. When the policy is enabled, the user is automatically signed in and the session is automatically locked with all lock screen apps configured for that user after the device boots.​

After enabling this policy, you can configure its settings through the ConfigAutomaticRestartSignOn policy, which configures the mode of automatically signing in and locking the last interactive user after a restart or cold boot​.

If you disable this policy setting, the device does not configure automatic sign in. The user’s lock screen apps are not restarted after the system restarts.</string>

      <string id="ConfigAutomaticRestartSignOnDescription">Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot</string>
      <string id="ConfigAutomaticRestartSignOnDescription_Help">This policy setting controls the configuration under which an automatic restart and sign on and lock occurs after a restart or cold boot. If you chose “Disabled” in the “Sign-in and lock last interactive user automatically after a restart” policy, then automatic sign on will not occur and this policy does not need to be configured.

If you enable this policy setting, you can choose one of the following two options:

1. “Enabled if BitLocker is on and not suspended” specifies that automatic sign on and lock will only occur if BitLocker is active and not suspended during the reboot or shutdown. Personal data can be accessed on the device’s hard drive at this time if BitLocker is not on or suspended during an update. BitLocker suspension temporarily removes protection for system components and data but may be needed in certain circumstances to successfully update boot-critical components.
     BitLocker is suspended during updates if:
        - The device doesn’t have TPM 2.0 and PCR7, or
        - The device doesn’t use a TPM-only protector
2. “Always Enabled” specifies that automatic sign on will happen even if BitLocker is off or suspended during reboot or shutdown. When BitLocker is not enabled, personal data is accessible on the hard drive. Automatic restart and sign on should only be run under this condition if you are confident that the configured device is in a secure physical location.

If you disable or don’t configure this setting, automatic sign on will default to the “Enabled if BitLocker is on and not suspended” behavior.</string>

      <string id="ConfigAutomaticRestartSignOn_EnableIfSecure">Enabled if BitLocker is on and not suspended</string>
      <string id="ConfigAutomaticRestartSignOn_EnableAlways">Always Enabled</string>

    </stringTable>
    <presentationTable>
      <presentation id="LogonHoursPolicyDescription">
        <dropdownList refId="LogonHoursPolicyDescription" noSort="true">Set action to take when logon hours expire</dropdownList>
      </presentation>
      <presentation id="SoftwareSASGenerationDescription">
        <dropdownList refId="SoftwareSASGenerationDescription" noSort="true">Set which software is allowed to generate the Secure Attention Sequence</dropdownList>
      </presentation>
      <presentation id="ConfigAutomaticRestartSignOnDescription">
        <dropdownList refId="ConfigAutomaticRestartSignOnDescription" noSort="true">Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot</dropdownList>
      </presentation>
      <presentation id="CustomShell">
        <textBox refId="CustomShellInst">
          <label>Interface file name (for example, Explorer.exe)</label>
        </textBox>
      </presentation>
    </presentationTable>
  </resources>
</policyDefinitionResources>