| Access Credential Manager as a trusted caller | ACCESS CONTROL |
| Access data sources across domains - Internet Zone | SYSTEM AND COMMUNICATIONS PROTECTION |
| Access data sources across domains - Restricted Sites Zone | SYSTEM AND COMMUNICATIONS PROTECTION |
| Access this computer from the network | ACCESS CONTROL |
| Account lockout duration | ACCESS CONTROL |
| Accounts: Limit local account use of blank passwords to console logon only | IDENTIFICATION AND AUTHENTICATION |
| Act as part of the operating system | ACCESS CONTROL |
| Allow active scripting | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow Basic authentication - Client - AllowBasic | ACCESS CONTROL |
| Allow Basic authentication - Service - AllowBasic | ACCESS CONTROL |
| Allow binary and script behaviors | CONFIGURATION MANAGEMENT |
| Allow Custom SSPs and APs to be loaded into LSASS | IDENTIFICATION AND AUTHENTICATION |
| Allow cut copy or paste operations from the clipboard via script - Internet Zone | CONFIGURATION MANAGEMENT |
| Allow cut copy or paste operations from the clipboard via script - Restricted Sites Zone | CONFIGURATION MANAGEMENT |
| Allow drag and drop or copy and paste files - Internet Zone | CONFIGURATION MANAGEMENT |
| Allow drag and drop or copy and paste files - Restricted Sites Zone | CONFIGURATION MANAGEMENT |
| Allow enhanced PINs for startup | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow fallback to SSL 3.0 (Internet Explorer) | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow file downloads | CONFIGURATION MANAGEMENT |
| Allow indexing of encrypted files | CONFIGURATION MANAGEMENT |
| Allow loading of XAML files - Internet Zone | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow loading of XAML files - Restricted Sites Zone | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow log on locally | ACCESS CONTROL |
| Allow META REFRESH | CONFIGURATION MANAGEMENT |
| Allow Microsoft accounts to be optional | IDENTIFICATION AND AUTHENTICATION |
| Allow only approved domains to use ActiveX controls without prompt - Internet Zone | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow only approved domains to use ActiveX controls without prompt - Restricted Sites Zone | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Restricted Sites Zone | CONFIGURATION MANAGEMENT |
| Allow script-initiated windows without size or position constraints - Internet Zone | CONFIGURATION MANAGEMENT |
| Allow script-initiated windows without size or position constraints - Restricted Sites Zone | CONFIGURATION MANAGEMENT |
| Allow scripting of Internet Explorer WebBrowser controls - Internet Zone | CONFIGURATION MANAGEMENT |
| Allow scripting of Internet Explorer WebBrowser controls - Restricted Sites Zone | CONFIGURATION MANAGEMENT |
| Allow scriptlets - Internet Zone | CONFIGURATION MANAGEMENT |
| Allow scriptlets - Restricted Sites Zone | CONFIGURATION MANAGEMENT |
| Allow software to run or install even if the signature is invalid | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow standby states (S1-S3) when sleeping (on battery) | CONFIGURATION MANAGEMENT |
| Allow standby states (S1-S3) when sleeping (plugged in) | CONFIGURATION MANAGEMENT |
| Allow unencrypted traffic - Client - AllowUnencryptedTraffic | ACCESS CONTROL |
| Allow unencrypted traffic - Service - AllowUnencryptedTraffic | ACCESS CONTROL |
| Allow updates to status bar via script - Internet Zone | CONFIGURATION MANAGEMENT |
| Allow updates to status bar via script - Restricted Sites Zone | CONFIGURATION MANAGEMENT |
| Allow user control over installs | ACCESS CONTROL |
| Allow VBScript to run in Internet Explorer - Internet Zone | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow VBScript to run in Internet Explorer - Restricted Sites Zone | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow Windows Ink Workspace | CONFIGURATION MANAGEMENT |
| Allow Windows to automatically connect to suggested open hotspots to networks shared by contacts and to hotspots offering paid services | ACCESS CONTROL |
| Always install with elevated privileges | ACCESS CONTROL |
| Always prompt for password upon connection | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Apply local connection security rules | SYSTEM AND COMMUNICATIONS PROTECTION |
