Information
This policy setting allows you to prevent Windows from retrieving device metadata from the Internet.
The recommended state for this setting is: Enabled.
Note: This will not prevent the installation of basic hardware drivers, but does prevent associated third-party utility software from automatically being installed under the context of the SYSTEM account.
Rationale:
Installation of software should be conducted by an authorized system administrator and not a standard user. Allowing automatic third-party software installations under the context of the SYSTEM account has potential for allowing unauthorized access via backdoors or installation software bugs.
Impact:
Standard users without administrator privileges will not be able to install associated third-party utility software for peripheral devices. This may limit the use of advanced features of those devices unless/until an administrator installs the associated utility software for the device.
Solution
To establish the recommended configuration via GP, set the following UI path to Enabled:
Computer Configuration\Policies\Administrative Templates\System\Device Installation\Prevent device metadata retrieval from the Internet
Note: This Group Policy path is provided by the Group Policy template DeviceInstallation.admx/adml that is included with the Microsoft Windows 7 & Server 2008 R2 Administrative Templates, or with the Group Policy template DeviceSetup.admx/adml that is included with the Microsoft Windows 8.0 & Server 2012 (non-R2) Administrative Templates (or newer).
Default Value:
Disabled. (The setting in the Device Installation Settings dialog box controls whether Windows retrieves device metadata from the Internet.)