MicrosoftMikeGl1963 - then I think we're all agreeing, except that it seems as though you're trying to make it seem like a disagreement. And I'm not sure why. You seem to agree that all of the explicitly recommended baseline settings make sense and that you should apply them in your organization. None of the baselines recommend that everything else must be left at "Not Configured." Rick (and I) agree that if your organization has good reasons not to want a user's settings to be migrated to other machines the user logs on to with the same credentials, then you should also configure the setting to disallow that as well. Just make sure that you fully understand what any additional settings do. The baseline documentation does not list all the potential side effects of all the settings that it makes no recommendations about. (Hence Rick's reference to the "Sticking with Well-Known and Proven Solutions" piece.)
