|
Server : Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 System : Windows NT SERVER-PC 10.0 build 26200 (Windows 11) AMD64 User : ServerPC ( 0) PHP Version : 8.2.12 Disable Function : NONE Directory : C:/Windows/PolicyDefinitions/en-US/ |
Upload File : |
<?xml version="1.0" encoding="utf-8"?>
<!-- (c) 2006 Microsoft Corporation -->
<policyDefinitionResources xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.0" schemaVersion="1.0" xmlns="http://schemas.microsoft.com/GroupPolicy/2006/07/PolicyDefinitions">
<displayName>enter display name here</displayName>
<description>enter description here</description>
<resources>
<stringTable>
<string id="Filesystem">Filesystem</string>
<string id="NTFS">NTFS</string>
<string id="SymlinkEvalExplain">Symbolic links can introduce vulnerabilities in certain applications. To mitigate this issue, you can selectively enable or disable the evaluation of these types of symbolic links:
Local Link to a Local Target
Local Link to a Remote Target
Remote Link to Remote Target
Remote Link to Local Target
For further information please refer to the Windows Help section
NOTE: If this policy is Disabled or Not Configured, local administrators may select the types of symbolic links to be evaluated.</string>
<string id="SymlinkEvaluation">Selectively allow the evaluation of a symbolic link</string>
<string id="DisableCompression">Do not allow compression on all NTFS volumes</string>
<string id="DisableCompressionText">Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files.
A reboot is required for this setting to take effect</string>
<string id="DisableEncryption">Do not allow encryption on all NTFS volumes</string>
<string id="DisableEncryptionText">Encryption can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of encrypted files.
A reboot is required for this setting to take effect</string>
<string id="EnablePagefileEncryption">Enable NTFS pagefile encryption</string>
<string id="EnablePagefileEncryptionText">Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations. Enabling this setting will cause the page files to be encrypted.</string>
<string id="LongPathsEnabled">Enable Win32 long paths</string>
<string id="LongPathsEnabledText">Enabling Win32 long paths will allow manifested win32 applications and packaged Microsoft Store applications to access paths beyond the normal 260 character limit. Enabling this setting will cause the long paths to be accessible within the process.</string>
<string id="ShortNameCreationSettings">Short name creation options</string>
<string id="ShortNameCreationSettingsText">These settings provide control over whether or not short names are generated during file creation. Some applications require short names for compatibility, but short names have a negative performance impact on the system.
If you enable short names on all volumes then short names will always be generated. If you disable them on all volumes then they will never be generated. If you set short name creation to be configurable on a per volume basis then an on-disk flag will determine whether or not short names are created on a given volume. If you disable short name creation on all data volumes then short names will only be generated for files created on the system volume.</string>
<string id="ShortNameCreationSetting_0">Enable on all volumes</string>
<string id="ShortNameCreationSetting_1">Disable on all volumes</string>
<string id="ShortNameCreationSetting_2">Enable / disable on a per volume basis</string>
<string id="ShortNameCreationSetting_3">Disable on all data volumes</string>
<string id="DisableDeleteNotification">Disable delete notifications on all volumes</string>
<string id="DisableDeleteNotificationText">Delete notification is a feature that notifies the underlying storage device of clusters that are freed due to a file delete operation.
A value of 0, the default, will enable delete notifications for all volumes.
A value of 1 will disable delete notifications for all volumes.</string>
<string id="TxfDeprecatedFunctionality">Enable / disable TXF deprecated features</string>
<string id="TxfDeprecatedFunctionalityText">TXF deprecated features included savepoints, secondary RM, miniversion and roll forward. Please enable it if you want to use these APIs.</string>
<string id="NtfsForceNonPagedPoolAllocation">Enable NTFS non-paged pool usage</string>
<string id="NtfsForceNonPagedPoolAllocationExplain">By default NTFS allocates memory from both pageable and non-pageable memory as needed. Enabling this setting tells NTFS to use non-pageable memory for all allocations. NTFS also changes all of its code sections to be non-pageable.
The benefit of enabling this feature is a reduction in page-faults and stack usage at the cost of additional memory consumption.
A reboot is required for this setting to take effect</string>
<string id="NtfsParallelFlushThreshold">NTFS parallel flush threshold</string>
<string id="NtfsParallelFlushThresholdExplain">When flushing modified file data from memory, NTFS chooses to use one or more threads based on how many files are currently open. This setting gives control over the open file threshold used to trigger parallel flush.</string>
<string id="NtfsParallelFlushWorkers">NTFS parallel flush worker threads</string>
<string id="NtfsParallelFlushWorkersExplain">When flushing modified file data from memory, NTFS chooses to use one or more threads based on how many files are currently open. This setting gives control over how many threads will be used.
Making this value larger may decrease the time it takes to flush a volume but the flush may have a larger impact on other concurrent IO operations.
Values with special meaning:
0: Use the system calculated default
1: Disable parallel flush
The default value and limit for this setting varies based on the number of available processors on a given system:
- Default value calculation is: (([NumProcessors]/2) + 1)
- Default max value calculation is: ([NumProcessors]*2)</string>
<string id="NtfsDefaultTier">NTFS default tier</string>
<string id="NtfsDefaultTierExplain">For NTFS tiered volumes this controls the tier that new allocations go to by default.
Client systems default to the Performance tier.
Server systems default to the Capacity tier.</string>
<string id="DefaultTierSetting_1">Capacity tier</string>
<string id="DefaultTierSetting_2">Performance tier</string>
<string id="ClfsAuthenticationChecking">Enable / disable CLFS logfile authentication</string>
<string id="ClfsAuthenticationCheckingExplain">This policy setting configures CLFS logfile authentication, a security feature which aims to harden logfile parsing.
Logfile authentication provides the ability for the CLFS driver to detect malicious modications made to logfiles. If modifications are detected, CLFS will deem the logfile as unsafe for parsing and return an error to the caller. CLFS is able to detect modifications by writing authentication codes to logfiles, which combines file data with a system-unique cryptographic key.
A side effect of logfile authentication is that CLFS will fail to open logfiles that were created on other systems, as these logfiles contain authentication codes created using a system-unique cryptographic key. To open a logfile that was created on another system, an administrator must first use the "fsutil.exe clfs authenticate" command to correct the authentication codes.
If you enable or do not configure this setting, CLFS will refer to local registry settings on whether logfile authentication should be done or not. By default, CLFS will do logfile authentication. The local registry settings for this feature can be found at "HKLM:\SYSTEM\CurrentControlSet\Services\CLFS\Authentication".
If you disable his setting, CLFS will no longer perform logfile authentication. Logfiles will be able to be moved and opened across systems without Administrative action. However, CLFS will open and parse all logfiles, including maliciously crafted logfiles that may compromise the system.</string>
</stringTable>
<presentationTable>
<presentation id="SymlinkEvaluation">
<checkBox refId="SymLinkClassL2L">Local Link to Local Target</checkBox>
<checkBox refId="SymLinkClassL2R">Local Link to a Remote Target</checkBox>
<checkBox refId="SymLinkClassR2R">Remote Link to Remote Target</checkBox>
<checkBox refId="SymLinkClassR2L">Remote Link to Local Target</checkBox>
</presentation>
<presentation id="CompressionOptions"/>
<presentation id="EncryptionOptions"/>
<presentation id="LongPathsEnabledOptions"/>
<presentation id="PagefileEncryptionOptions"/>
<presentation id="ShortNameCreationSettings">
<dropdownList refId="ShortNameCreationSetting_Levels" noSort="true" defaultItem="2">Short name creation options</dropdownList>
</presentation>
<presentation id="DeleteNotificationOptions"/>
<presentation id="TxfDeprecatedFunctionalityOptions"/>
<presentation id="NtfsForceNonPagedPoolAllocationOptions"/>
<presentation id="NtfsParallelFlushThresholdOptions">
<decimalTextBox refId="NtfsParallelFlushThresholdID" defaultValue="1000">Open File Threshold:</decimalTextBox>
</presentation>
<presentation id="NtfsParallelFlushWorkersOptions">
<decimalTextBox refId="NtfsParallelFlushWorkersID" defaultValue="5">Open File Threshold:</decimalTextBox>
</presentation>
<presentation id="NtfsDefaultTierOptions">
<dropdownList refId="NtfsDefaultTier_Levels" noSort="true" defaultItem="1">NTFS default tier options</dropdownList>
</presentation>
<presentation id="ClfsAuthenticationCheckingOptions"/>
</presentationTable>
</resources>
</policyDefinitionResources>