COMPUTER Administrative Templates\System\Net Logon\DC Locator DNS Records
Priority Set in the DC Locator DNS SRV Records At least Microsoft Windows XP Professional or Windows Server 2003 family
Specifies the Priority field in the SRV resource records registered by domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used to locate the DC. The Priority field in the SRV record sets the preference for target hosts (specified in the SRV record's Target field). DNS clients that query for SRV resource records attempt to contact the first reachable host with the lowest priority number listed. To specify the Priority in the DC Locator DNS SRV resource records, click Enabled, and then enter a value. The range of values is 0 to 65535. If this setting is not configured, it is not applied to any DCs, and DCs use their local configuration.
COMPUTER Administrative Templates\System\Net Logon\DC Locator DNS Records
Weight Set in the DC Locator DNS SRV Records At least Microsoft Windows XP Professional or Windows Server 2003 family
Specifies the Weight field in the SRV resource records registered by the domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC. The Weight field in the SRV record can be used in addition to the Priority value to provide a load-balancing mechanism where multiple servers are specified in the SRV records Target field and are all set to the same priority. The probability with which the DNS client randomly selects the target host to be contacted is proportional to the Weight field value in the SRV record. To specify the Weight in the DC Locator DNS SRV records, click Enabled, and then enter a value. The range of values is 0 to 65535. If this setting is not configured, it is not applied to any DCs, and DCs use their local configuration.
COMPUTER Administrative Templates\System\Net
Logon\DC Locator DNS Records Sites Covered by the Application Directory Partition Locator DNS SRV Records At least Microsoft Windows XP Professional or Windows Server 2003 family
Specifies the sites for which the domain controllers (DC) housing application directory partition should register the site-specific, application directory partition-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it. The application directory partition locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they are used to locate the application directory partition-specific DC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. To specify the sites covered by the DC Locator application directory partition-specific DNS
Active Directory Training Seminar: Group Policy Administrator Reference
Node
Policy Path
Full Policy Name
Supported on
Help/Explain Text
SRV records, click Enabled, and then enter the site names in a space- delimited format. If this setting is not configured, it is not applied to any DCs, and DCs use their local configuration.
COMPUTER Administrative Templates\System\Net Logon\DC Locator DNS Records
Sites Covered by the DC Locator DNS SRV Records At least Microsoft Windows XP Professional or Windows Server 2003 family
Specifies the sites for which the domain controllers (DC) register the site- specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it. The DC Locator DNS records are dynamically
registered by the Net Logon service, and they are used to locate the DC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. To specify the sites covered by the DC Locator DNS SRV records, click Enabled, and then enter the sites names in a space- delimited format. If this setting is not configured, it is not applied to any DCs, and DCs use their local configuration.
COMPUTER Administrative Templates\System\Net Logon\DC Locator DNS Records
Dynamic Registration of the DC Locator DNS Records At least Microsoft Windows XP Professional or Windows Server 2003 family
Determines if Dynamic Registration of the domain controller (DC) locator DNS resource records is enabled. These DNS records are dynamically registered by the Net Logon service and are used by the Locator algorithm to locate the DC. If you enable this setting, DCs to which this setting is applied dynamically register DC Locator DNS resource records through dynamic DNS update-enabled network connections. If you disable this setting, DCs will not register DC Locator DNS resource records. If this setting is not configured, it is not applied to any DCs, and DCs use their local configuration.
COMPUTER Administrative
Templates\System\Remote Assistance
Solicited Remote
Assistance At least Microsoft Windows XP Professional or Windows Server 2003 family
Specifies whether users can solicit another user's assistance via Remote Assistance. If the status is set to Enabled, a user can create a Remote Assistance invitation that a person ("expert") can use at another computer to connect to the user's computer. If given permission, the expert can view the user's screen, mouse, and keyboard activity in real time. The Permit remote control of this computer setting specifies whether a user on a different computer can control this computer. If a user invites an expert to connect to the computer, and gives permission, the expert can take control of this computer. The expert can only make requests to take control during a Remote Assistance session. The user can stop remote control at any time. The Maximum ticket time setting sets a limit on the amount of time that a Remote Assistance invitation can remain open. The Select the method for sending e-mail invitations
Active Directory Training Seminar: Group Policy Administrator Reference
Node
Policy Path
Full Policy Name
Supported on
Help/Explain Text
setting specifies which e-mail standard to use to send Remote
Assistance invitations. Depending on your e-mail program, you can use either the Mailto (the invitation recipient connects through an Internet link) or SMAPI (Simple MAPI) standard (the invitation is attached to your e-mail message). Note: The e-mail program must support the selected e-mail standard. If the status is set to Disabled, users cannot request Remote Assistance and this computer cannot be controlled from another computer. Note: An expert can connect to this computer only with the explicit permission of the user. If Remote Assistance is disabled in this setting or set to "Not Configured" and disabled in Control Panel, the "Offer Remote Assistance" setting will also be disabled. If the status is set to Not Configured, users can enable or disable and configure Remote Assistance themselves in System properties in Control Panel. If the status is set to Not Configured, the default maximum time a Remote Assistance invitation can stay open is determined by the Control Panel setting. COMPUTER Administrative Templates\System\Remote Assistance Offer Remote Assistance At least Microsoft Windows XP Professional or Windows Server 2003 family
Use this setting to determine whether or not a support person or IT admin (who is termed the expert) can offer remote assistance to this computer without a user explicitly requesting it first via a channel, e-mail, or instant messenger. Using this setting, an expert can offer remote assistance to this computer. Note: The expert cannot connect to the computer unannounced or control it without permission from the user. When the expert tries to connect, the user is still given a chance to accept or deny the connection (giving the expert view-only privileges to the user's desktop), and thereafter the user has to explicitly click a button to give the expert the ability to remotely control the desktop, if remote control is enabled. If you enable this setting, you can offer remote assistance. When you configure this setting, you can make two choices: you can select either Allow helpers to only view the computer or Allow helpers to remotely control the computer. In addition to making this selection, when you configure this setting you also specify the list of users or user groups that will be allowed to offer remote assistance. These are known as helpers. To configure the list of helpers, click Show. This opens a new window where you can enter the names of the helpers. Add each user or group one by one. When you enter the name of the helper user or user groups, use the following format: <Domain Name>\<User Name> or <Domain Name>\<Group Name> If you disable or do not configure this policy setting, users or groups cannot offer unsolicited remote assistance to this computer.
Active Directory Training Seminar: Group Policy Administrator Reference
Node
Policy Path
Full Policy Name
Supported on
Help/Explain Text
COMPUTER Administrative Templates\System\Remote Procedure Call RPC Endpoint Mapper Client Authentication At least Microsoft Windows XP Professional with SP2Enabling this setting directs RPC Clients that need to communicate with the Endpoint Mapper Service to authenticate as long as the RPC call for which the endpoint needs to be resolved has authentication information. Disabling this setting will cause RPC Clients that need to communicate with the Endpoint Mapper Service to not authenticate. The Endpoint Mapper Service on machines running Windows NT4 (all service packs) cannot process authentication information supplied in this manner. This means that enabling this setting on a client machine will prevent that client from communicating with a Windows NT4 server using RPC if endpoint resolution is needed. By default, RPC Clients will not use authentication to communicate with the RPC Server Endpoint Mapper Service when asking for the endpoint of a server.
COMPUTER Administrative Templates\System\Remote Procedure Call Propagation of extended error information At least Microsoft Windows XP Professional or Windows Server 2003 family
Directs the RPC Runtime to generate extended error information when an error occurs. Extended error information includes the local time that the error occurred, the RPC version, and the name of the computer on which the error occurred or was propagated. Programs can retrieve the extended error information by using standard Windows application programming interfaces (APIs). If you disable this setting or do not configure it, the RPC Runtime only generates a status code to indicate an error condition. To use this setting, enable the setting, and then select an error response type in the drop-down box. -- Off disables all extended error information for all processes. RPC only generates an error code. -- On with Exceptions enables extended error information but lets you disable it for selected processes. To disable extended error information for a process while this setting is in effect, the command that starts the process must begin with one of the strings in the Extended Error Information Exception field. -- Off with Exceptions disables extended error information but lets you enable it for selected processes. To enable extended error information for a process while this setting is in effect, the command that starts the process must begin with one of the strings in the Extended Error Information Exception field. -- On enables extended error information for all processes. Note: For information about the Extended Error Information Exception field, see the Windows 2000 Platform Software Development Kit (SDK). Note: Extended error information is formatted to be compatible with other operating systems and older Microsoft operating systems, but only newer Microsoft operating systems can read and respond to the information. Note: The default setting, Off, is designed for systems where extended error information is considered to be sensitive, and it should not be made
Active Directory Training Seminar: Group Policy Administrator Reference