Information
This policy setting allows you to prevent Windows from retrieving device metadata from the Internet.
The recommended state for this setting is: Enabled
Note: This will not prevent the installation of basic hardware drivers, but does prevent associated third-party utility software from automatically being installed under the context of the SYSTEM account.
Installation of software should be conducted by an authorized system administrator and not a standard user. Allowing automatic third-party software installations under the context of the SYSTEM account has potential for allowing unauthorized access via backdoors or installation software bugs.
Solution
To establish the recommended configuration via configuration profiles, set the following Settings Catalog path to Enabled
Administrative Templates\System\Device Installation\Prevent device metadata retrieval from the Internet
Impact:
Standard users without administrator privileges will not be able to install associated third-party utility software for peripheral devices. This may limit the use of advanced features of those devices unless/until an administrator installs the associated utility software for the device.