deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 05:47:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into Lovina-Saldanha-4528258

Browse Source
This commit is contained in:
Daniel Simpson 2020-10-26 16:29:33 -07:00 committed by GitHub
commit 003e775017
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
580 changed files with 27738 additions and 7960 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
.openpublishing.redirection.json
View File

@ -79,6 +79,11 @@
"source_path": "windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/ios-privacy",
"redirect_document_id": true
},
{
"source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md",
@ -14565,41 +14570,86 @@
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-surface-hub",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policy-csps-supported-by-surface-hub.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policies-supported-by-iot-enterprise.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-iot-enterprise",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policy-csps-supported-by-iot-enterprise.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policies-supported-by-iot-core.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-iot-core",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policy-csps-supported-by-iot-core.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policies-supported-by-hololens2.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-hololens2",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policy-csps-supported-by-hololens2.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policies-supported-by-hololens-1st-gen-development-edition.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policies-supported-by-hololens-1st-gen-commercial-suite.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policies-admx-backed.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-admx-backed",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policy-csps-admx-backed.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-admx-backed",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policies-supported-by-group-policy.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-group-policy",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policy-csps-supported-by-group-policy.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/policy-csps-that-can-be-set-using-eas.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas",
"redirect_document_id": false
},
{
"source_path": "windows/keep-secure/collect-wip-audit-event-logs.md",
"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-information-protection/collect-wip-audit-event-logs",

8
education/developers.yml
View File

@ -18,16 +18,16 @@ additionalContent:
# Card
- title: UWP apps for education
summary: Learn how to write universal apps for education.
url: https://docs.microsoft.com/en-us/windows/uwp/apps-for-education/
url: https://docs.microsoft.com/windows/uwp/apps-for-education/
# Card
- title: Take a test API
summary: Learn how web applications can use the API to provide a locked down experience for taking tests.
url: https://docs.microsoft.com/en-us/windows/uwp/apps-for-education/take-a-test-api
url: https://docs.microsoft.com/windows/uwp/apps-for-education/take-a-test-api
# Card
- title: Office Education Dev center
summary: Integrate with Office 365 across devices and services to extend Microsoft enterprise-scale compliance and security to students, teachers, and staff in your education app
url: https://dev.office.com/industry-verticals/edu
url: https://developer.microsoft.com/office/edu
# Card
- title: Data Streamer
summary: Bring new STEM experiences into the classroom with real-time data in Excel using Data Streamer. Data Streamer can send data to Excel from a sensor or application.
url: https://docs.microsoft.com/en-us/microsoft-365/education/data-streamer
url: https://docs.microsoft.com/microsoft-365/education/data-streamer

11
education/includes/education-content-updates.md Normal file
View File

@ -0,0 +1,11 @@
<!-- This file is generated automatically each week. Changes made to this file will be overwritten.-->
## Week of October 19, 2020
| Published On |Topic title | Change |
|------|------------|--------|
| 10/22/2020 | [Microsoft 365 Education Documentation for developers](/education/developers) | modified |
| 10/22/2020 | [Windows 10 editions for education customers](/education/windows/windows-editions-for-education-customers) | modified |

12
education/windows/windows-editions-for-education-customers.md
View File

@ -30,10 +30,10 @@ Windows 10, version 1607 introduces two editions designed for the unique needs o
Windows 10 Pro Education builds on the commercial version of Windows 10 Pro and provides important management controls needed in schools. Windows 10 Pro Education is effectively a variant of Windows 10 Pro that provides education-specific default settings. These default settings disable tips, tricks and suggestions & Microsoft Store suggestions. More detailed information on these default settings is available in [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](https://go.microsoft.com/fwlink/?LinkId=822627).
For Cortana<sup>[1](#footnote1)</sup>,
For Cortana<sup>[1](#footnote1)</sup>:
- If you're using version 1607, Cortana is removed.
- If you're using new devices with version 1703, Cortana is turned on by default.
- If you're upgrading from version 1607 to version 1703, Cortana will be enabled.
- If you're using new devices with version 1703 or later, Cortana is turned on by default.
- If you're upgrading from version 1607 to version 1703 or later, Cortana will be enabled.
You can use the **AllowCortana** policy to turn Cortana off. For more information, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md).
@ -49,10 +49,10 @@ Customers who deploy Windows 10 Pro are able to configure the product to have si
Windows 10 Education builds on Windows 10 Enterprise and provides the enterprise-grade manageability and security desired by many schools. Windows 10 Education is effectively a variant of Windows 10 Enterprise that provides education-specific default settings. These default settings disable tips, tricks and suggestions & Microsoft Store suggestions. More detailed information on these default settings is available in [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](https://go.microsoft.com/fwlink/?LinkId=822627).
For Cortana<sup>1</sup>,
For Cortana<sup>1</sup>:
- If you're using version 1607, Cortana<sup>1</sup> is removed.
- If you're using new devices with version 1703, Cortana is turned on by default.
- If you're upgrading from version 1607 to version 1703, Cortana will be enabled.
- If you're using new devices with version 1703 or later, Cortana is turned on by default.
- If you're upgrading from version 1607 to version 1703 or later, Cortana will be enabled.
You can use the **AllowCortana** policy to turn Cortana off. For more information, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md).

92
windows/application-management/apps-in-windows-10.md
View File

@ -39,53 +39,53 @@ You can list all provisioned Windows apps with this PowerShell command:
Get-AppxProvisionedPackage -Online | Format-Table DisplayName, PackageName
```
Here are the provisioned Windows apps in Windows 10 versions 1803, 1809, 1903, and 1909.
Here are the provisioned Windows apps in Windows 10 versions 1803, 1809, 1903, 1909, and 2004.
| Package name | App name | 1803 | 1809 | 1903 | 1909 | Uninstall through UI? |
|----------------------------------------------|--------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:---------------------:|
| Microsoft.3DBuilder | [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe) | | | | | Yes |
| Microsoft.BingWeather | [MSN Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe) | x | x | x | x | Yes |
| Microsoft.DesktopAppInstaller | [App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe) | x | x | x | x | Via Settings App |
| Microsoft.GetHelp | [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.Getstarted | [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.HEIFImageExtension | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe) | | x | x | x | No |
| Microsoft.Messaging | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.Microsoft3DViewer | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.MicrosoftOfficeHub | [Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe) | x | x | x | x | Yes |
| Microsoft.MicrosoftSolitaireCollection | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) | x | x | x | x | Yes |
| Microsoft.MicrosoftStickyNotes | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.MixedReality.Portal | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe) | | x | x | x | No |
| Microsoft.MSPaint | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.Office.OneNote | [OneNote for Windows 10](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe) | x | x | x | x | Yes |
| Microsoft.OneConnect | [Mobile Plans](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.Outlook.DesktopIntegrationServices | | | | | x | |
| Microsoft.People | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.Print3D | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.ScreenSketch | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe) | | x | x | x | No |
| Microsoft.SkypeApp | [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c) | x | x | x | x | No |
| Microsoft.StorePurchaseApp | [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.VP9VideoExtensions | | | x | x | x | No |
| Microsoft.Wallet | [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.WebMediaExtensions | [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.WebpImageExtension | [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe) | | x | x | x | No |
| Microsoft.Windows.Photos | [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.WindowsAlarms | [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.WindowsCalculator | [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.WindowsCamera | [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe) | x | x | x | x | No |
| microsoft.windowscommunicationsapps | [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.WindowsFeedbackHub | [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.WindowsMaps | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.WindowsSoundRecorder | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.WindowsStore | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.Xbox.TCUI | [Xbox Live in-game experience](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.XboxApp | [Xbox Console Companion](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.XboxGameOverlay | [Xbox Game Bar Plugin](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.XboxGamingOverlay | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.XboxIdentityProvider | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.XboxSpeechToTextOverlay | | x | x | x | x | No |
| Microsoft.YourPhone | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe) | | x | x | x | No |
| Microsoft.ZuneMusic | [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.ZuneVideo | [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe) | x | x | x | x | No |
| Package name | App name | 1803 | 1809 | 1903 | 1909 | 2004 | Uninstall through UI? |
|----------------------------------------------|--------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:----:|:---------------------:|
| Microsoft.3DBuilder | [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe) | | | | | | Yes |
| Microsoft.BingWeather | [MSN Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe) | x | x | x | x | x | Yes |
| Microsoft.DesktopAppInstaller | [App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe) | x | x | x | x | x | Via Settings App |
| Microsoft.GetHelp | [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.Getstarted | [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.HEIFImageExtension | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe) | | x | x | x | x | No |
| Microsoft.Messaging | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.Microsoft3DViewer | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.MicrosoftOfficeHub | [Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe) | x | x | x | x | x | Yes |
| Microsoft.MicrosoftSolitaireCollection | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) | x | x | x | x | x | Yes |
| Microsoft.MicrosoftStickyNotes | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.MixedReality.Portal | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe) | | x | x | x | x | No |
| Microsoft.MSPaint | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.Office.OneNote | [OneNote for Windows 10](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe) | x | x | x | x | x | Yes |
| Microsoft.OneConnect | [Mobile Plans](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.Outlook.DesktopIntegrationServices | | | | | x | x | |
| Microsoft.People | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.Print3D | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.ScreenSketch | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe) | | x | x | x | x | No |
| Microsoft.SkypeApp | [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c) | x | x | x | x | x | No |
| Microsoft.StorePurchaseApp | [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.VP9VideoExtensions | | | x | x | x | x | No |
| Microsoft.Wallet | [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.WebMediaExtensions | [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.WebpImageExtension | [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe) | | x | x | x | x | No |
| Microsoft.Windows.Photos | [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.WindowsAlarms | [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.WindowsCalculator | [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.WindowsCamera | [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe) | x | x | x | x | x | No |
| microsoft.windowscommunicationsapps | [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.WindowsFeedbackHub | [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.WindowsMaps | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.WindowsSoundRecorder | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.WindowsStore | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.Xbox.TCUI | [Xbox Live in-game experience](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.XboxApp | [Xbox Console Companion](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.XboxGameOverlay | [Xbox Game Bar Plugin](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.XboxGamingOverlay | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.XboxIdentityProvider | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.XboxSpeechToTextOverlay | | x | x | x | x | x | No |
| Microsoft.YourPhone | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe) | | x | x | x | x | No |
| Microsoft.ZuneMusic | [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe) | x | x | x | x | x | No |
| Microsoft.ZuneVideo | [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe) | x | x | x | x | x | No |
>[!NOTE]
>The Store app can't be removed. If you want to remove and reinstall the Store app, you can only bring Store back by either restoring your system from a backup or resetting your system. Instead of removing the Store app, you should use group policies to hide or disable it.

16
windows/client-management/connect-to-remote-aadj-pc.md
View File

@ -22,13 +22,10 @@ ms.topic: article
- Windows 10
From its release, Windows 10 has supported remote connections to PCs joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/user-help/device-management-azuread-joined-devices-setup).
From its release, Windows 10 has supported remote connections to PCs joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/user-help/device-management-azuread-joined-devices-setup). Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics).
![Remote Desktop Connection client](images/rdp.png)
> [!TIP]
> Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session.](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics)
## Set up
- Both PCs (local and remote) must be running Windows 10, version 1607 or later. Remote connections to an Azure AD-joined PC running earlier versions of Windows 10 are not supported.
@ -37,16 +34,18 @@ From its release, Windows 10 has supported remote connections to PCs joined to A
Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-guard), a new feature in Windows 10, version 1607, is turned off on the client PC you are using to connect to the remote PC.
- On the PC you want to connect to:
1. Open system properties for the remote PC.
2. Enable **Allow remote connections to this computer** and select **Allow connections only from computers running Remote Desktop with Network Level Authentication**.
![Allow remote connections to this computer](images/allow-rdp.png)
3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. To allow additional users to connect to the PC, you must allow remote connections for the local **Authenticated Users** group. Click **Select Users**.
3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. To allow additional users or groups to connect to the PC, you must allow remote connections for the specified users or groups. Click **Select Users -> Add** and enter the name of the user or group.
> [!NOTE]
> You can specify individual Azure AD accounts for remote connections by having the user sign in to the remote device at least once, and then running the following PowerShell cmdlet:
> ```PowerShell
> ```powershell
> net localgroup "Remote Desktop Users" /add "AzureAD\the-UPN-attribute-of-your-user"
> ```
> where *the-UPN-attribute-of-your-user* is the name of the user profile in C:\Users\, which is created based on the DisplayName attribute in Azure AD.
@ -55,12 +54,13 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
> Otherwise this command throws the below error. For example:
> - for cloud only user: "There is no such global user or group : *name*"
> - for synced user: "There is no such global user or group : *name*" </br>
>
> [!NOTE]
> In Windows 10, version 1709, the user does not have to sign in to the remote device first.
>
> In Windows 10, version 1709, you can add other Azure AD users to the **Administrators** group on a device in **Settings** and restrict remote credentials to **Administrators**. If there is a problem connecting remotely, make sure that both devices are joined to Azure AD and that TPM is functioning properly on both devices.
4. Enter **Authenticated Users**, then click **Check Names**. If the **Name Not Found** window opens, click **Locations** and select this PC.
4. Click **Check Names**. If the **Name Not Found** window opens, click **Locations** and select this PC.
> [!TIP]
> When you connect to the remote PC, enter your account name in this format: `AzureAD UPN`. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant.

6
windows/client-management/manage-windows-10-in-your-organization-modern-management.md
View File

@ -53,7 +53,7 @@ As indicated in the diagram, Microsoft continues to provide support for deep man
With Windows 10, you can continue to use traditional OS deployment, but you can also “manage out of the box.” To transform new devices into fully-configured, fully-managed devices, you can:
- Avoid reimaging by using dynamic provisioning, enabled by a cloud-based device management services such as [Microsoft Autopilot](https://docs.microsoft.com/windows/deployment/windows-10-auto-pilot) or [Microsoft Intune](https://docs.microsoft.com/intune/understand-explore/introduction-to-microsoft-intune).
- Avoid reimaging by using dynamic provisioning, enabled by a cloud-based device management services such as [Microsoft Autopilot](https://docs.microsoft.com/windows/deployment/windows-10-auto-pilot) or [Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/).
- Create self-contained provisioning packages built with the [Windows Configuration Designer](https://technet.microsoft.com/itpro/windows/deploy/provisioning-packages).
@ -69,7 +69,7 @@ You can envision user and device management as falling into these two categories
- **Corporate (CYOD) or personal (BYOD) devices used by mobile users for SaaS apps such as Office 365.** With Windows 10, your employees can self-provision their devices:
- For corporate devices, they can set up corporate access with [Azure AD Join](https://azure.microsoft.com/documentation/articles/active-directory-azureadjoin-overview/). When you offer them Azure AD Join with automatic Intune MDM enrollment, they can bring devices into a corporate-managed state in [*one step*](https://blogs.technet.microsoft.com/ad/2015/08/14/windows-10-azure-ad-and-microsoft-intune-automatic-mdm-enrollment-powered-by-the-cloud/), all from the cloud.<br>Azure AD Join is also a great solution for temporary staff, partners, or other part-time employees. These accounts can be kept separate from the on-premises AD domain but still access needed corporate resources.
- For corporate devices, they can set up corporate access with [Azure AD Join](https://azure.microsoft.com/documentation/articles/active-directory-azureadjoin-overview/). When you offer them Azure AD Join with automatic Intune MDM enrollment, they can bring devices into a corporate-managed state in [*one step*](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/windows-10-azure-ad-and-microsoft-intune-automatic-mdm/ba-p/244067), all from the cloud.<br>Azure AD Join is also a great solution for temporary staff, partners, or other part-time employees. These accounts can be kept separate from the on-premises AD domain but still access needed corporate resources.
- Likewise, for personal devices, employees can use a new, simplified [BYOD experience](https://azure.microsoft.com/documentation/articles/active-directory-azureadjoin-windows10-devices/) to add their work account to Windows, then access work resources on the device.
@ -135,6 +135,6 @@ There are a variety of steps you can take to begin the process of modernizing de
## Related topics
- [What is Intune?](https://docs.microsoft.com/intune/introduction-intune)
- [What is Intune?](https://docs.microsoft.com//mem/intune/fundamentals/what-is-intune)
- [Windows 10 Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider)
- [Windows 10 Configuration service Providers](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference)

33
windows/client-management/mdm/TOC.md
View File

@ -1,5 +1,6 @@
# [Mobile device management](index.md)
## [What's new in MDM enrollment and management](new-in-windows-mdm-enrollment-management.md)
### [Change history for MDM documentation](change-history-for-mdm-documentation.md)
## [Mobile device enrollment](mobile-device-enrollment.md)
### [MDM enrollment of Windows devices](mdm-enrollment-of-windows-devices.md)
#### [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md)
@ -159,14 +160,14 @@
#### [Personalization DDF file](personalization-ddf.md)
### [Policy CSP](policy-configuration-service-provider.md)
#### [Policy DDF file](policy-ddf-file.md)
#### [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md)
#### [ADMX-backed policy CSPs](policy-csps-admx-backed.md)
#### [Policy CSPs supported by HoloLens 2](policy-csps-supported-by-hololens2.md)
#### [Policy CSPs supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md)
#### [Policy CSPs supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md)
#### [Policy CSPs supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
#### [Policy CSPs supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md)
#### [Policy CSPs supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md)
#### [Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md)
#### [ADMX-backed policies in Policy CSP](policy-csps-admx-backed.md)
#### [Policies in Policy CSP supported by HoloLens 2](policy-csps-supported-by-hololens2.md)
#### [Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md)
#### [Policies in Policy CSP supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md)
#### [Policies in Policy CSP supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
#### [Policies in Policy CSP supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md)
#### [Policies in Policy CSP supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md)
#### [Policy CSPs that can be set using Exchange Active Sync (EAS)](policy-csps-that-can-be-set-using-eas.md)
#### [AboveLock](policy-csp-abovelock.md)
#### [Accounts](policy-csp-accounts.md)
@ -208,6 +209,19 @@
#### [ADMX_SharedFolders](policy-csp-admx-sharedfolders.md)
#### [ADMX_Sharing](policy-csp-admx-sharing.md)
#### [ADMX_ShellCommandPromptRegEditTools](policy-csp-admx-shellcommandpromptregedittools.md)
#### [ADMX_Smartcard](policy-csp-admx-smartcard.md)
#### [ADMX_Snmp](policy-csp-admx-snmp.md)
#### [ADMX_tcpip](policy-csp-admx-tcpip.md)
#### [ADMX_Thumbnails](policy-csp-admx-thumbnails.md)
#### [ADMX_TPM](policy-csp-admx-tpm.md)
#### [ADMX_UserExperienceVirtualization](policy-csp-admx-userexperiencevirtualization.md)
#### [ADMX_W32Time](policy-csp-admx-w32time.md)
#### [ADMX_WinCal](policy-csp-admx-wincal.md)
#### [ADMX_WindowsAnytimeUpgrade](policy-csp-admx-windowsanytimeupgrade.md)
#### [ADMX_WindowsConnectNow](policy-csp-admx-windowsconnectnow.md)
#### [ADMX_WindowsMediaDRM](policy-csp-admx-windowsmediadrm.md)
#### [ADMX_WindowsMediaPlayer](policy-csp-admx-windowsmediaplayer.md)
#### [ADMX_WinInit](policy-csp-admx-wininit.md)
#### [ApplicationDefaults](policy-csp-applicationdefaults.md)
#### [ApplicationManagement](policy-csp-applicationmanagement.md)
#### [AppRuntime](policy-csp-appruntime.md)
@ -254,9 +268,11 @@
#### [LanmanWorkstation](policy-csp-lanmanworkstation.md)
#### [Licensing](policy-csp-licensing.md)
#### [LocalPoliciesSecurityOptions](policy-csp-localpoliciessecurityoptions.md)
#### [LocalUsersAndGroups](policy-csp-localusersandgroups.md)
#### [LockDown](policy-csp-lockdown.md)
#### [Maps](policy-csp-maps.md)
#### [Messaging](policy-csp-messaging.md)
#### [MixedReality](policy-csp-mixedreality.md)
#### [MSSecurityGuide](policy-csp-mssecurityguide.md)
#### [MSSLegacy](policy-csp-msslegacy.md)
#### [NetworkIsolation](policy-csp-networkisolation.md)
@ -293,6 +309,7 @@
#### [WindowsInkWorkspace](policy-csp-windowsinkworkspace.md)
#### [WindowsLogon](policy-csp-windowslogon.md)
#### [WindowsPowerShell](policy-csp-windowspowershell.md)
#### [WindowsSandbox](policy-csp-windowssandbox.md)
#### [WirelessDisplay](policy-csp-wirelessdisplay.md)
### [PolicyManager CSP](policymanager-csp.md)
### [Provisioning CSP](provisioning-csp.md)

1
windows/client-management/mdm/accounts-csp.md
View File

@ -52,6 +52,7 @@ This node specifies the username for a new local user account. This setting can
This node specifies the password for a new local user account. This setting can be managed remotely.
Supported operation is Add.
GET operation is not supported. This setting will report as failed when deployed from the Endpoint Manager.
<a href="" id="users-username-localusergroup"></a>**Users/_UserName_/LocalUserGroup**
This optional node specifies the local user group that a local user account should be joined to. If the node is not set, the new local user account is joined just to the Standard Users group. Set the value to 2 for Administrators group. This setting can be managed remotely.

5
windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
View File

@ -165,7 +165,10 @@ The following image illustrates how MDM applications will show up in the Azure a
### Add cloud-based MDM to the app gallery
You should work with the Azure AD engineering team if your MDM application is cloud-based. The following table shows the required information to create an entry in the Azure AD app gallery.
> [!NOTE]
> You should work with the Azure AD engineering team if your MDM application is cloud-based and needs to be enabled as a multi-tenant MDM application
The following table shows the required information to create an entry in the Azure AD app gallery.
<table>
<colgroup>

1078
windows/client-management/mdm/change-history-for-mdm-documentation.md Normal file
View File

File diff suppressed because it is too large Load Diff

7
windows/client-management/mdm/devicestatus-csp.md
View File

@ -36,9 +36,8 @@ Supported operation is Get.
<a href="" id="devicestatus-cellularidentities"></a>**DeviceStatus/CellularIdentities**
Required. Node for queries on the SIM cards.
> **Note**  Multiple SIMs are supported.
>[!NOTE]
>Multiple SIMs are supported.
<a href="" id="devicestatus-cellularidentities-imei"></a>**DeviceStatus/CellularIdentities/**<strong>*IMEI*</strong>
The unique International Mobile Station Equipment Identity (IMEI) number of the mobile device. An IMEI is present for each SIM card on the device.
@ -107,7 +106,7 @@ Supported operation is Get.
Node for the compliance query.
<a href="" id="devicestatus-compliance-encryptioncompliance"></a>**DeviceStatus/Compliance/EncryptionCompliance**
Boolean value that indicates compliance with the enterprise encryption policy. The value is one of the following:
Boolean value that indicates compliance with the enterprise encryption policy for OS (system) drives. The value is one of the following:
- 0 - not encrypted
- 1 - encrypted

2
windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
View File

@ -33,7 +33,7 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
## Enable a policy
> [!NOTE]
> See [Understanding ADMX-backed policy CSPs](https://docs.microsoft.com/windows/client-management/mdm/understanding-admx-backed-policies).
> See [Understanding ADMX-backed policies in Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/understanding-admx-backed-policies).
1. Find the policy from the list [ADMX-backed policies](policy-csps-admx-backed.md). You need the following information listed in the policy description.
- GP English name

10
windows/client-management/mdm/firewall-csp.md
View File

@ -248,10 +248,10 @@ Sample syncxml to provision the firewall settings to evaluate
<p style="margin-left: 20px">Value type is string. Supported operations are Add, Get, Replace, and Delete.</p>
<a href="" id="localaddressranges"></a>**FirewallRules/*FirewallRuleName*/LocalAddressRanges**
<p style="margin-left: 20px">Comma separated list of local addresses covered by the rule. The default value is &quot;<em>&quot;. Valid tokens include:</p>
<p style="margin-left: 20px">Comma separated list of local addresses covered by the rule. The default value is "*". Valid tokens include:</p>
<ul>
<li>&quot;</em>&quot; indicates any local address. If present, this must be the only token included.</li>
<li>A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255.</li>
<li>"*" indicates any local address. If present, this must be the only token included.</li>
<li>A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask nor a network prefix is specified, the subnet mask defaults to 255.255.255.255.</li>
<li>A valid IPv6 address.</li>
<li>An IPv4 address range in the format of &quot;start address - end address&quot; with no spaces included.</li>
<li>An IPv6 address range in the format of &quot;start address - end address&quot; with no spaces included.</li>
@ -260,9 +260,9 @@ Sample syncxml to provision the firewall settings to evaluate
<p style="margin-left: 20px">Value type is string. Supported operations are Add, Get, Replace, and Delete.</p>
<a href="" id="remoteaddressranges"></a>**FirewallRules/*FirewallRuleName*/RemoteAddressRanges**
<p style="margin-left: 20px">List of comma separated tokens specifying the remote addresses covered by the rule. The default value is &quot;<em>&quot;. Valid tokens include:</p>
<p style="margin-left: 20px">List of comma separated tokens specifying the remote addresses covered by the rule. The default value is "*". Valid tokens include:</p>
<ul>
<li>&quot;</em>&quot; indicates any remote address. If present, this must be the only token included.</li>
<li>"*" indicates any remote address. If present, this must be the only token included.</li>
<li>&quot;Defaultgateway&quot;</li>
<li>&quot;DHCP&quot;</li>
<li>&quot;DNS&quot;</li>

2889
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

File diff suppressed because one or more lines are too long

218
windows/client-management/mdm/policy-csps-admx-backed.md → windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
View File

@ -1,6 +1,6 @@
---
title: ADMX-backed policy CSPs
description: ADMX-backed policy CSPs
title: ADMX-backed policies in Policy CSP
description: ADMX-backed policies in Policy CSP
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -9,15 +9,15 @@ ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
ms.date: 08/18/2020
ms.date: 10/08/2020
---
# ADMX-backed policy CSPs
# ADMX-backed policies in Policy CSP
> [!div class="op_single_selector"]
>
> - [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md)
> - [ADMX-backed policy-CSPs](policy-csps-admx-backed.md)
> - [Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md)
> - [ADMX-backed policies in Policy CSP](policy-csps-admx-backed.md)
>
- [ActiveXControls/ApprovedInstallationSites](./policy-csp-activexcontrols.md#activexcontrols-approvedinstallationsites)
@ -259,6 +259,212 @@ ms.date: 08/18/2020
- [ADMX_ShellCommandPromptRegEditTools/DisableRegedit](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disableregedit)
- [ADMX_ShellCommandPromptRegEditTools/DisallowApps](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disallowapps)
- [ADMX_ShellCommandPromptRegEditTools/RestrictApps](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disablecmd)
- [ADMX_Smartcard/AllowCertificatesWithNoEKU](./policy-csp-admx-smartcard.md#admx-smartcard-allowcertificateswithnoeku)
- [ADMX_Smartcard/AllowIntegratedUnblock](./policy-csp-admx-smartcard.md#admx-smartcard-allowintegratedunblock)
- [ADMX_Smartcard/AllowSignatureOnlyKeys](./policy-csp-admx-smartcard.md#admx-smartcard-allowsignatureonlykeys)
- [ADMX_Smartcard/AllowTimeInvalidCertificates](./policy-csp-admx-smartcard.md#admx-smartcard-allowtimeinvalidcertificates)
- [ADMX_Smartcard/CertPropEnabledString](./policy-csp-admx-smartcard.md#admx-smartcard-certpropenabledstring)
- [ADMX_Smartcard/CertPropRootCleanupString](./policy-csp-admx-smartcard.md#admx-smartcard-certproprootcleanupstring)
- [ADMX_Smartcard/CertPropRootEnabledString](./policy-csp-admx-smartcard.md#admx-smartcard-certproprootenabledstring)
- [ADMX_Smartcard/DisallowPlaintextPin](./policy-csp-admx-smartcard.md#admx-smartcard-disallowplaintextpin)
- [ADMX_Smartcard/EnumerateECCCerts](./policy-csp-admx-smartcard.md#admx-smartcard-enumerateecccerts)
- [ADMX_Smartcard/FilterDuplicateCerts](./policy-csp-admx-smartcard.md#admx-smartcard-filterduplicatecerts)
- [ADMX_Smartcard/ForceReadingAllCertificates](./policy-csp-admx-smartcard.md#admx-smartcard-forcereadingallcertificates)
- [ADMX_Smartcard/IntegratedUnblockPromptString](./policy-csp-admx-smartcard.md#admx-smartcard-integratedunblockpromptstring)
- [ADMX_Smartcard/ReverseSubject](./policy-csp-admx-smartcard.md#admx-smartcard-reversesubject)
- [ADMX_Smartcard/SCPnPEnabled](./policy-csp-admx-smartcard.md#admx-smartcard-scpnpenabled)
- [ADMX_Smartcard/SCPnPNotification](./policy-csp-admx-smartcard.md#admx-smartcard-scpnpnotification)
- [ADMX_Smartcard/X509HintsNeeded](./policy-csp-admx-smartcard.md#admx-smartcard-x509hintsneeded)
- [ADMX_Snmp/SNMP_Communities](./policy-csp-admx-snmp.md#admx-snmp-snmp-communities)
- [ADMX_Snmp/SNMP_PermittedManagers](./policy-csp-admx-snmp.md#admx-snmp-snmp-permittedmanagers)
- [ADMX_Snmp/SNMP_Traps_Public](./policy-csp-admx-snmp.md#admx-snmp-snmp-traps-public)
- [ADMX_tcpip/6to4_Router_Name](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-router-name)
- [ADMX_tcpip/6to4_Router_Name_Resolution_Interval](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-router-name-resolution-interval)
- [ADMX_tcpip/6to4_State](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-state)
- [ADMX_tcpip/IPHTTPS_ClientState](./policy-csp-admx-tcpip.md#admx-tcpip-iphttps-clientstate)
- [ADMX_tcpip/IP_Stateless_Autoconfiguration_Limits_State](./policy-csp-admx-tcpip.md#admx-tcpip-ip-stateless-autoconfiguration-limits-state)
- [ADMX_tcpip/ISATAP_Router_Name](./policy-csp-admx-tcpip.md#admx-tcpip-isatap-router-name)
- [ADMX_tcpip/ISATAP_State](./policy-csp-admx-tcpip.md#admx-tcpip-isatap-state)
- [ADMX_tcpip/Teredo_Client_Port](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-client-port)
- [ADMX_tcpip/Teredo_Default_Qualified](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-default-qualified)
- [ADMX_tcpip/Teredo_Refresh_Rate](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-refresh-rate)
- [ADMX_tcpip/Teredo_Server_Name](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-server-name)
- [ADMX_tcpip/Teredo_State](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-state)
- [ADMX_tcpip/Windows_Scaling_Heuristics_State](./policy-csp-admx-tcpip.md#admx-tcpip-windows-scaling-heuristics-state)
- [ADMX_Thumbnails/DisableThumbnails](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnails)
- [ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnailsonnetworkfolders)
- [ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbsdbonnetworkfolders)
- [ADMX_TPM/BlockedCommandsList_Name](./policy-csp-admx-tpm.md#admx-tpm-blockedcommandslist-name)
- [ADMX_TPM/ClearTPMIfNotReady_Name](./policy-csp-admx-tpm.md#admx-tpm-cleartpmifnotready-name)
- [ADMX_TPM/IgnoreDefaultList_Name](./policy-csp-admx-tpm.md#admx-tpm-ignoredefaultlist-name)
- [ADMX_TPM/IgnoreLocalList_Name](./policy-csp-admx-tpm.md#admx-tpm-ignorelocallist-name)
- [ADMX_TPM/OSManagedAuth_Name](./policy-csp-admx-tpm.md#admx-tpm-osmanagedauth-name)
- [ADMX_TPM/OptIntoDSHA_Name](./policy-csp-admx-tpm.md#admx-tpm-optintodsha-name)
- [ADMX_TPM/StandardUserAuthorizationFailureDuration_Name](./policy-csp-admx-tpm.md#admx-tpm-standarduserauthorizationfailureduration-name)
- [ADMX_TPM/StandardUserAuthorizationFailureIndividualThreshold_Name](./policy-csp-admx-tpm.md#admx-tpm-standarduserauthorizationfailureindividualthreshold-name)
- [ADMX_TPM/StandardUserAuthorizationFailureTotalThreshold_Name](./policy-csp-admx-tpm.md#admx-tpm-standarduserauthorizationfailuretotalthreshold-name)
- [ADMX_TPM/UseLegacyDAP_Name](./policy-csp-admx-tpm.md#admx-tpm-uselegacydap-name)
- [ADMX_UserExperienceVirtualization/Calculator](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-calculator)
- [ADMX_UserExperienceVirtualization/ConfigureSyncMethod](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-configuresyncmethod)
- [ADMX_UserExperienceVirtualization/ConfigureVdi](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-configurevdi)
- [ADMX_UserExperienceVirtualization/ContactITDescription](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-contactitdescription)
- [ADMX_UserExperienceVirtualization/ContactITUrl](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-contactiturl)
- [ADMX_UserExperienceVirtualization/DisableWin8Sync](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-disablewin8sync)
- [ADMX_UserExperienceVirtualization/DisableWindowsOSSettings](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-disablewindowsossettings)
- [ADMX_UserExperienceVirtualization/EnableUEV](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-enableuev)
- [ADMX_UserExperienceVirtualization/Finance](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-finance)
- [ADMX_UserExperienceVirtualization/FirstUseNotificationEnabled](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-firstusenotificationenabled)
- [ADMX_UserExperienceVirtualization/Games](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-games)
- [ADMX_UserExperienceVirtualization/InternetExplorer8](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorer8)
- [ADMX_UserExperienceVirtualization/InternetExplorer9](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorer9)
- [ADMX_UserExperienceVirtualization/InternetExplorer10](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorer10)
- [ADMX_UserExperienceVirtualization/InternetExplorer11](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorer11)
- [ADMX_UserExperienceVirtualization/InternetExplorerCommon](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorercommon)
- [ADMX_UserExperienceVirtualization/Maps](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-maps)
- [ADMX_UserExperienceVirtualization/MaxPackageSizeInBytes](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-maxpackagesizeinbytes)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Access](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010access)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Common](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010common)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Excel](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010excel)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010InfoPath](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010infopath)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Lync](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010lync)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010OneNote](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010onenote)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Outlook](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010outlook)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010PowerPoint](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010powerpoint)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Project](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010project)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Publisher](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010publisher)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointDesigner](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010sharepointdesigner)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointWorkspace](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010sharepointworkspace)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Visio](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010visio)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Word](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010word)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Access](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013access)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013AccessBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013accessbackup)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Common](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013common)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013CommonBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013commonbackup)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Excel](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013excel)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013ExcelBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013excelbackup)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPath](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013infopath)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPathBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013infopathbackup)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Lync](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013lync)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013LyncBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013lyncbackup)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneDriveForBusiness](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013onedriveforbusiness)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNote](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013onenote)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNoteBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013onenotebackup)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Outlook](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013outlook)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013OutlookBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013outlookbackup)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPoint](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013powerpoint)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPointBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013powerpointbackup)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Project](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013project)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013ProjectBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013projectbackup)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Publisher](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013publisher)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013PublisherBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013publisherbackup)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013SharePointDesigner](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013sharepointdesigner)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013SharePointDesignerBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013sharepointdesignerbackup)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013UploadCenter](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013uploadcenter)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Visio](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013visio)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013VisioBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013visiobackup)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Word](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013word)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013WordBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013wordbackup)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Access](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016access)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016AccessBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016accessbackup)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Common](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016common)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016CommonBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016commonbackup)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Excel](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016excel)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016ExcelBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016excelbackup)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Lync](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016lync)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016LyncBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016lyncbackup)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneDriveForBusiness](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016onedriveforbusiness)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNote](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016onenote)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNoteBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016onenotebackup)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Outlook](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016outlook)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016OutlookBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016outlookbackup)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPoint](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016powerpoint)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPointBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016powerpointbackup)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Project](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016project)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016ProjectBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016projectbackup)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Publisher](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016publisher)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016PublisherBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016publisherbackup)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016UploadCenter](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016uploadcenter)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Visio](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016visio)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016VisioBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016visiobackup)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Word](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016word)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016WordBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016wordbackup)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365access2013)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365access2016)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Common2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365common2013)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Common2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365common2016)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365excel2013)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365excel2016)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice365InfoPath2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365infopath2013)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365lync2013)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365lync2016)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365onenote2013)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365onenote2016)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365outlook2013)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365outlook2016)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365powerpoint2013)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365powerpoint2016)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Project2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365project2013)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Project2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365project2016)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365publisher2013)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365publisher2016)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice365SharePointDesigner2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365sharepointdesigner2013)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365visio2013)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365visio2016)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365word2013)
- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365word2016)
- [ADMX_UserExperienceVirtualization/Music](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-music)
- [ADMX_UserExperienceVirtualization/News](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-news)
- [ADMX_UserExperienceVirtualization/Notepad](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-notepad)
- [ADMX_UserExperienceVirtualization/Reader](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-reader)
- [ADMX_UserExperienceVirtualization/RepositoryTimeout](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-repositorytimeout)
- [ADMX_UserExperienceVirtualization/SettingsStoragePath](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-settingsstoragepath)
- [ADMX_UserExperienceVirtualization/SettingsTemplateCatalogPath](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-settingstemplatecatalogpath)
- [ADMX_UserExperienceVirtualization/Sports](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-sports)
- [ADMX_UserExperienceVirtualization/SyncEnabled](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncenabled)
- [ADMX_UserExperienceVirtualization/SyncOverMeteredNetwork](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncovermeterednetwork)
- [ADMX_UserExperienceVirtualization/SyncOverMeteredNetworkWhenRoaming](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncovermeterednetworkwhenroaming)
- [ADMX_UserExperienceVirtualization/SyncProviderPingEnabled](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncproviderpingenabled)
- [ADMX_UserExperienceVirtualization/SyncUnlistedWindows8Apps](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncunlistedwindows8apps)
- [ADMX_UserExperienceVirtualization/Travel](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-travel)
- [ADMX_UserExperienceVirtualization/TrayIconEnabled](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-trayiconenabled)
- [ADMX_UserExperienceVirtualization/Video](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-video)
- [ADMX_UserExperienceVirtualization/Weather](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-weather)
- [ADMX_UserExperienceVirtualization/Wordpad](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-wordpad)
- [ADMX_W32Time/W32TIME_POLICY_CONFIG](./policy-csp-admx-w32time.md#admx-w32time-policy-config)
- [ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT](./policy-csp-admx-w32time.md#admx-w32time-policy-configure-ntpclient)
- [ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT](./policy-csp-admx-w32time.md#admx-w32time-policy-enable-ntpclient)
- [ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPSERVER](./policy-csp-admx-w32time.md#admx-w32time-policy-enable-ntpserver)
- [ADMX_WinCal/TurnOffWinCal_1](./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-1)
- [ADMX_WinCal/TurnOffWinCal_2](./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-2)
- [ADMX_WindowsAnytimeUpgrade/Disabled](./policy-csp-admx-windowsanytimeupgrade.md#admx-windowsanytimeupgrade-disabled)
- [ADMX_WindowsConnectNow/WCN_DisableWcnUi_1](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-1)
- [ADMX_WindowsConnectNow/WCN_DisableWcnUi_2](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-2)
- [ADMX_WindowsConnectNow/WCN_EnableRegistrar](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-enableregistrar)
- [ADMX_WindowsMediaDRM/DisableOnline](./policy-csp-admx-windowsmediadrm.md#admx-windowsmediadrm-disableonline)
- [ADMX_WindowsMediaPlayer/ConfigureHTTPProxySettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configurehttpproxysettings)
- [ADMX_WindowsMediaPlayer/ConfigureMMSProxySettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configuremmsproxysettings)
- [ADMX_WindowsMediaPlayer/ConfigureRTSPProxySettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configurertspproxysettings)
- [ADMX_WindowsMediaPlayer/DisableAutoUpdate](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-disableautoupdate)
- [ADMX_WindowsMediaPlayer/DisableNetworkSettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-disablenetworksettings)
- [ADMX_WindowsMediaPlayer/DisableSetupFirstUseConfiguration](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-disablesetupfirstuseconfiguration)
- [ADMX_WindowsMediaPlayer/DoNotShowAnchor](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-donotshowanchor)
- [ADMX_WindowsMediaPlayer/DontUseFrameInterpolation](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-dontuseframeinterpolation)
- [ADMX_WindowsMediaPlayer/EnableScreenSaver](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-enablescreensaver)
- [ADMX_WindowsMediaPlayer/HidePrivacyTab](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-hideprivacytab)
- [ADMX_WindowsMediaPlayer/HideSecurityTab](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-hidesecuritytab)
- [ADMX_WindowsMediaPlayer/NetworkBuffering](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-networkbuffering)
- [ADMX_WindowsMediaPlayer/PolicyCodecUpdate](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-policycodecupdate)
- [ADMX_WindowsMediaPlayer/PreventCDDVDMetadataRetrieval](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventcddvdmetadataretrieval)
- [ADMX_WindowsMediaPlayer/PreventLibrarySharing](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventlibrarysharing)
- [ADMX_WindowsMediaPlayer/PreventMusicFileMetadataRetrieval](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventmusicfilemetadataretrieval)
- [ADMX_WindowsMediaPlayer/PreventQuickLaunchShortcut](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventquicklaunchshortcut)
- [ADMX_WindowsMediaPlayer/PreventRadioPresetsRetrieval](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventradiopresetsretrieval)
- [ADMX_WindowsMediaPlayer/PreventWMPDeskTopShortcut](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventwmpdesktopshortcut)
- [ADMX_WindowsMediaPlayer/SkinLockDown](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-skinlockdown)
- [ADMX_WindowsMediaPlayer/WindowsStreamingMediaProtocols](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-windowsstreamingmediaprotocols)
- [ADMX_WinInit/DisableNamedPipeShutdownPolicyDescription](./policy-csp-admx-wininit.md#admx-wininit-disablenamedpipeshutdownpolicydescription)
- [ADMX_WinInit/Hiberboot](./policy-csp-admx-wininit.md#admx-wininit-hiberboot)
- [ADMX_WinInit/ShutdownTimeoutHungSessionsDescription](./policy-csp-admx-wininit.md#admx-wininit-shutdowntimeouthungsessionsdescription)
- [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional)
- [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient)
- [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization)

10
windows/client-management/mdm/policy-csps-supported-by-group-policy.md → windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSPs supported by Group Policy
description: Policy CSPs supported by Group Policy
title: Policies in Policy CSP supported by Group Policy
description: Policies in Policy CSP supported by Group Policy
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -12,12 +12,12 @@ ms.localizationpriority: medium
ms.date: 07/18/2019
---
# Policy CSPs supported by Group Policy
# Policies in Policy CSP supported by Group Policy
> [!div class="op_single_selector"]
>
> - [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md)
> - [ADMX-backed policy CSPs](policy-csps-admx-backed.md)
> - [Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md)
> - [ADMX-backed policies in Policy CSP](policy-csps-admx-backed.md)
>
- [AboveLock/AllowCortanaAboveLock](./policy-csp-abovelock.md#abovelock-allowcortanaabovelock)

6
windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite.md → windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSPs supported by HoloLens (1st gen) Commercial Suite
description: Policy CSPs supported by HoloLens (1st gen) Commercial Suite
title: Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite
description: Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -12,7 +12,7 @@ ms.localizationpriority: medium
ms.date: 09/17/2019
---
# Policy CSPs supported by HoloLens (1st gen) Commercial Suite
# Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite
> [!div class="op_single_selector"]
>

6
windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition.md → windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSPs supported by HoloLens (1st gen) Development Edition
description: Policy CSPs supported by HoloLens (1st gen) Development Edition
title: Policies in Policy CSP supported by HoloLens (1st gen) Development Edition
description: Policies in Policy CSP supported by HoloLens (1st gen) Development Edition
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -12,7 +12,7 @@ ms.localizationpriority: medium
ms.date: 07/18/2019
---
# Policy CSPs supported by HoloLens (1st gen) Development Edition
# Policies in Policy CSP supported by HoloLens (1st gen) Development Edition
> [!div class="op_single_selector"]
>

26
windows/client-management/mdm/policy-csps-supported-by-hololens2.md → windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSPs supported by HoloLens 2
description: Policy CSPs supported by HoloLens 2
title: Policies in Policy CSP supported by HoloLens 2
description: Policies in Policy CSP supported by HoloLens 2
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -9,10 +9,10 @@ ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
ms.date: 05/11/2020
ms.date: 10/08/2020
---
# Policy CSPs supported by HoloLens 2
# Policies in Policy CSP supported by HoloLens 2
> [!div class="op_single_selector"]
>
@ -50,6 +50,17 @@ ms.date: 05/11/2020
- [DeviceLock/MinDevicePasswordLength](policy-csp-devicelock.md#devicelock-mindevicepasswordlength)
- [Experience/AllowCortana](policy-csp-experience.md#experience-allowcortana)
- [Experience/AllowManualMDMUnenrollment](policy-csp-experience.md#experience-allowmanualmdmunenrollment)
- [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
- [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled)
- [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics)
- [MixedReality/MicrophoneDisabled](./policy-csp-mixedreality.md#mixedreality-microphonedisabled)
- [MixedReality/VolumeButtonDisabled](./policy-csp-mixedreality.md#mixedreality-volumebuttondisabled)
- [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery)
- [Power/DisplayOffTimeoutPluggedIn](./policy-csp-power.md#power-displayofftimeoutpluggedin)
- [Power/EnergySaverBatteryThresholdOnBattery](./policy-csp-power.md#power-energysaverbatterythresholdonbattery)
- [Power/EnergySaverBatteryThresholdPluggedIn](./policy-csp-power.md#power-energysaverbatterythresholdpluggedin)
- [Power/StandbyTimeoutOnBattery](./policy-csp-power.md#power-standbytimeoutonbattery)
- [Power/StandbyTimeoutPluggedIn](./policy-csp-power.md#power-standbytimeoutpluggedin)
- [Privacy/AllowInputPersonalization](policy-csp-privacy.md#privacy-allowinputpersonalization)
- [Privacy/LetAppsAccessAccountInfo](policy-csp-privacy.md#privacy-letappsaccessaccountinfo)
- [Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps](policy-csp-privacy.md#privacy-letappsaccessaccountinfo-forceallowtheseapps)
@ -73,6 +84,8 @@ ms.date: 05/11/2020
- [Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps](policy-csp-privacy.md#privacy-letappsaccessmicrophone-forcedenytheseapps) <sup>8</sup>
- [Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps](policy-csp-privacy.md#privacy-letappsaccessmicrophone-userincontroloftheseapps) <sup>8</sup>
- [Search/AllowSearchToUseLocation](policy-csp-search.md#search-allowsearchtouselocation)
- [Security/AllowAddProvisioningPackage](policy-csp-security.md#security-allowaddprovisioningpackage)
- [Security/AllowRemoveProvisioningPackage](policy-csp-security.md#security-allowremoveprovisioningpackage)
- [Security/RequireDeviceEncryption](policy-csp-security.md#security-requiredeviceencryption)
- [Settings/AllowDateTime](policy-csp-settings.md#settings-allowdatetime)
- [Settings/AllowVPN](policy-csp-settings.md#settings-allowvpn)
@ -81,6 +94,10 @@ ms.date: 05/11/2020
- [System/AllowLocation](policy-csp-system.md#system-allowlocation)
- [System/AllowStorageCard](policy-csp-system.md#system-allowstoragecard)
- [System/AllowTelemetry](policy-csp-system.md#system-allowtelemetry)
- [TimeLanguageSettings/ConfigureTimeZone](./policy-csp-timelanguagesettings.md#timelanguagesettings-configuretimezone)
- [Update/ActiveHoursEnd](./policy-csp-update.md#update-activehoursend)
- [Update/ActiveHoursMaxRange](./policy-csp-update.md#update-activehoursmaxrange)
- [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart)
- [Update/AllowAutoUpdate](policy-csp-update.md#update-allowautoupdate)
- [Update/AllowUpdateService](policy-csp-update.md#update-allowupdateservice)
- [Update/BranchReadinessLevel](policy-csp-update.md#update-branchreadinesslevel)
@ -91,6 +108,7 @@ ms.date: 05/11/2020
- [Update/PauseQualityUpdates](policy-csp-update.md#update-pausequalityupdates)
- [Update/ScheduledInstallDay](policy-csp-update.md#update-scheduledinstallday)
- [Update/ScheduledInstallTime](policy-csp-update.md#update-scheduledinstalltime)
- [Update/SetDisablePauseUXAccess](policy-csp-update.md#update-setdisablepauseuxaccess)
- [Update/UpdateServiceUrl](policy-csp-update.md#update-updateserviceurl)
- [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration)
- [Wifi/AllowWiFi](policy-csp-wifi.md#wifi-allowwifi) <sup>8</sup>

6
windows/client-management/mdm/policy-csps-supported-by-iot-core.md → windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSPs supported by Windows 10 IoT Core
description: Policy CSPs supported by Windows 10 IoT Core
title: Policies in Policy CSP supported by Windows 10 IoT Core
description: Policies in Policy CSP supported by Windows 10 IoT Core
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -12,7 +12,7 @@ ms.localizationpriority: medium
ms.date: 09/16/2019
---
# Policy CSPs supported by Windows 10 IoT Core
# Policies in Policy CSP supported by Windows 10 IoT Core
> [!div class="op_single_selector"]
>

6
windows/client-management/mdm/policy-csps-supported-by-iot-enterprise.md → windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSPs supported by Windows 10 IoT Enterprise
description: Policy CSPs supported by Windows 10 IoT Enterprise
title: Policies in Policy CSP supported by Windows 10 IoT Enterprise
description: Policies in Policy CSP supported by Windows 10 IoT Enterprise
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -12,7 +12,7 @@ ms.localizationpriority: medium
ms.date: 07/18/2019
---
# Policy CSPs supported by Windows 10 IoT Enterprise
# Policies in Policy CSP supported by Windows 10 IoT Enterprise
> [!div class="op_single_selector"]
>

6
windows/client-management/mdm/policy-csps-supported-by-surface-hub.md → windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSPs supported by Microsoft Surface Hub
description: Policy CSPs supported by Microsoft Surface Hub
title: Policies in Policy CSP supported by Microsoft Surface Hub
description: Policies in Policy CSP supported by Microsoft Surface Hub
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -12,7 +12,7 @@ ms.localizationpriority: medium
ms.date: 07/22/2020
---
# Policy CSPs supported by Microsoft Surface Hub
# Policies in Policy CSP supported by Microsoft Surface Hub
- [ApplicationManagement/AllowAppStoreAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowappstoreautoupdate)

6
windows/client-management/mdm/policy-csps-that-can-be-set-using-eas.md → windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md
View File

@ -1,6 +1,6 @@
---
title: Policy CSPs that can be set using Exchange Active Sync (EAS)
description: Policy CSPs that can be set using Exchange Active Sync (EAS)
title: Policies in Policy CSP that can be set using Exchange Active Sync (EAS)
description: Policies in Policy CSP that can be set using Exchange Active Sync (EAS)
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -12,7 +12,7 @@ ms.localizationpriority: medium
ms.date: 07/18/2019
---
# Policy CSPs that can be set using Exchange Active Sync (EAS)
# Policies in Policy CSP that can be set using Exchange Active Sync (EAS)
- [Camera/AllowCamera](policy-csp-camera.md#camera-allowcamera)
- [Cellular/ShowAppCellularAccessUI](policy-csp-cellular.md#cellular-showappcellularaccessui)

767
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -933,7 +933,7 @@ The following diagram shows the Policy configuration service provider in tree fo
<dl>
<dd>
<a href="./policy-csp-admx-scripts.md#admx-scripts-allow-logon-script-netbiosdisabled" id"admx-scripts-allow-logon-script-netbiosdisabled">ADMX_Scripts/Allow_Logon_Script_NetbiosDisabled</a>
<a href="./policy-csp-admx-scripts.md#admx-scripts-allow-logon-script-netbiosdisabled" id="admx-scripts-allow-logon-script-netbiosdisabled">ADMX_Scripts/Allow_Logon_Script_NetbiosDisabled</a>
</dd>
<dd>
<a href="./policy-csp-admx-scripts.md#admx-scripts-maxgposcriptwaitpolicy" id="admx-scripts-maxgposcriptwaitpolicy">ADMX_Scripts/MaxGPOScriptWaitPolicy</a>
@ -1036,6 +1036,689 @@ The following diagram shows the Policy configuration service provider in tree fo
</dd>
</dl>
### ADMX_Smartcard policies
<dl>
<dd>
<a href="./policy-csp-admx-smartcard.md#admx-smartcard-allowcertificateswithnoeku" id="admx-smartcard-allowcertificateswithnoeku">ADMX_Smartcard/AllowCertificatesWithNoEKU</a>
</dd>
<dd>
<a href="./policy-csp-admx-smartcard.md#admx-smartcard-allowintegratedunblock" id="admx-smartcard-allowintegratedunblock">ADMX_Smartcard/AllowIntegratedUnblock</a>
</dd>
<dd>
<a href="./policy-csp-admx-smartcard.md#admx-smartcard-allowsignatureonlykeys" id="admx-smartcard-allowsignatureonlykeys">ADMX_Smartcard/AllowSignatureOnlyKeys</a>
</dd>
<dd>
<a href="./policy-csp-admx-smartcard.md#admx-smartcard-allowtimeinvalidcertificates" id="admx-smartcard-allowtimeinvalidcertificates">ADMX_Smartcard/AllowTimeInvalidCertificates</a>
</dd>
<dd>
<a href="./policy-csp-admx-smartcard.md#admx-smartcard-certpropenabledstring" id="admx-smartcard-certpropenabledstring">ADMX_Smartcard/CertPropEnabledString</a>
</dd>
<dd>
<a href="./policy-csp-admx-smartcard.md#admx-smartcard-certproprootcleanupstring" id="admx-smartcard-certproprootcleanupstring">ADMX_Smartcard/CertPropRootCleanupString</a>
</dd>
<dd>
<a href="./policy-csp-admx-smartcard.md#admx-smartcard-certproprootenabledstring" id="admx-smartcard-certproprootenabledstring">ADMX_Smartcard/CertPropRootEnabledString</a>
</dd>
<dd>
<a href="./policy-csp-admx-smartcard.md#admx-smartcard-disallowplaintextpin" id="admx-smartcard-disallowplaintextpin">ADMX_Smartcard/DisallowPlaintextPin</a>
</dd>
<dd>
<a href="./policy-csp-admx-smartcard.md#admx-smartcard-enumerateecccerts" id="admx-smartcard-enumerateecccerts">ADMX_Smartcard/EnumerateECCCerts</a>
</dd>
<dd>
<a href="./policy-csp-admx-smartcard.md#admx-smartcard-filterduplicatecerts" id="admx-smartcard-filterduplicatecerts">ADMX_Smartcard/FilterDuplicateCerts</a>
</dd>
<dd>
<a href="./policy-csp-admx-smartcard.md#admx-smartcard-forcereadingallcertificates" id="admx-smartcard-forcereadingallcertificates">ADMX_Smartcard/ForceReadingAllCertificates</a>
</dd>
<dd>
<a href="./policy-csp-admx-smartcard.md#admx-smartcard-integratedunblockpromptstring" id="admx-smartcard-integratedunblockpromptstring">ADMX_Smartcard/IntegratedUnblockPromptString</a>
</dd>
<dd>
<a href="./policy-csp-admx-smartcard.md#admx-smartcard-reversesubject" id="admx-smartcard-reversesubject">ADMX_Smartcard/ReverseSubject</a>
</dd>
<dd>
<a href="./policy-csp-admx-smartcard.md#admx-smartcard-scpnpenabled" id="admx-smartcard-scpnpenabled">ADMX_Smartcard/SCPnPEnabled</a>
</dd>
<dd>
<a href="./policy-csp-admx-smartcard.md#admx-smartcard-scpnpnotification" id="admx-smartcard-scpnpnotification">ADMX_Smartcard/SCPnPNotification</a>
</dd>
<dd>
<a href="./policy-csp-admx-smartcard.md#admx-smartcard-x509hintsneeded" id="admx-smartcard-x509hintsneeded">ADMX_Smartcard/X509HintsNeeded</a>
</dd>
</dl>
## ADMX_Snmp policies
<dl>
<dd>
<a href="./policy-csp-admx-snmp.md#admx-snmp-snmp-communities" id="admx-snmp-snmp-communities">ADMX_Snmp/SNMP_Communities</a>
</dd>
<dd>
<a href="./policy-csp-admx-snmp.md#admx-snmp-snmp-permittedmanagers" id="admx-snmp-snmp-permittedmanagers">ADMX_Snmp/SNMP_PermittedManagers</a>
</dd>
<dd>
<a href="./policy-csp-admx-snmp.md#admx-snmp-snmp-traps-public" id="admx-snmp-snmp-traps-public">ADMX_Snmp/SNMP_Traps_Public</a>
</dd>
</dl>
## ADMX_tcpip policies
<dl>
<dd>
<a href="./policy-csp-admx-tcpip.md#admx-tcpip-6to4-router-name" id="admx-tcpip-6to4-router-name">ADMX_tcpip/6to4_Router_Name</a>
</dd>
<dd>
<a href="./policy-csp-admx-tcpip.md#admx-tcpip-6to4-router-name-resolution-interval" id="admx-tcpip-6to4-router-name-resolution-interval">ADMX_tcpip/6to4_Router_Name_Resolution_Interval</a>
</dd>
<dd>
<a href="./policy-csp-admx-tcpip.md#admx-tcpip-6to4-state" id="admx-tcpip-6to4-state">ADMX_tcpip/6to4_State</a>
</dd>
<dd>
<a href="./policy-csp-admx-tcpip.md#admx-tcpip-iphttps-clientstate" id="admx-tcpip-iphttps-clientstate">ADMX_tcpip/IPHTTPS_ClientState</a>
</dd>
<dd>
<a href="./policy-csp-admx-tcpip.md#admx-tcpip-ip-stateless-autoconfiguration-limits-state" id="admx-tcpip-ip-stateless-autoconfiguration-limits-state">ADMX_tcpip/IP_Stateless_Autoconfiguration_Limits_State</a>
</dd>
<dd>
<a href="./policy-csp-admx-tcpip.md#admx-tcpip-isatap-router-name" id="admx-tcpip-isatap-router-name">ADMX_tcpip/ISATAP_Router_Name</a>
</dd>
<dd>
<a href="./policy-csp-admx-tcpip.md#admx-tcpip-isatap-state" id="admx-tcpip-isatap-state">ADMX_tcpip/ISATAP_State</a>
</dd>
<dd>
<a href="./policy-csp-admx-tcpip.md#admx-tcpip-teredo-client-port" id="admx-tcpip-teredo-client-port">ADMX_tcpip/Teredo_Client_Port</a>
</dd>
<dd>
<a href="./policy-csp-admx-tcpip.md#admx-tcpip-teredo-default-qualified" id="admx-tcpip-teredo-default-qualified">ADMX_tcpip/Teredo_Default_Qualified</a>
</dd>
<dd>
<a href="./policy-csp-admx-tcpip.md#admx-tcpip-teredo-refresh-rate" id="admx-tcpip-teredo-refresh-rate">ADMX_tcpip/Teredo_Refresh_Rate</a>
</dd>
<dd>
<a href="./policy-csp-admx-tcpip.md#admx-tcpip-teredo-server-name" id="admx-tcpip-teredo-server-name">ADMX_tcpip/Teredo_Server_Name</a>
</dd>
<dd>
<a href="./policy-csp-admx-tcpip.md#admx-tcpip-teredo-state" id="admx-tcpip-teredo-state">ADMX_tcpip/Teredo_State</a>
</dd>
<dd>
<a href="./policy-csp-admx-tcpip.md#admx-tcpip-windows-scaling-heuristics-state" id="admx-tcpip-windows-scaling-heuristics-state">ADMX_tcpip/Windows_Scaling_Heuristics_State</a>
</dd>
</dl>
## ADMX_Thumbnails policies
<dl>
<dd>
<a href="./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnails" id="admx-thumbnails-disablethumbnails">ADMX_Thumbnails/DisableThumbnails</a>
</dd>
<dd>
<a href="./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnailsonnetworkfolders" id="admx-thumbnails-disablethumbnailsonnetworkfolders">ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders</a>
</dd>
<dd>
<a href="./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbsdbonnetworkfolders" id="admx-thumbnails-disablethumbsdbonnetworkfolders">ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders</a>
</dd>
</dl>
### ADMX_TPM policies
<dl>
<dd>
<a href="./policy-csp-admx-tpm.md#admx-tpm-blockedcommandslist-name" id="admx-tpm-blockedcommandslist-name">ADMX_TPM/BlockedCommandsList_Name</a>
</dd>
<dd>
<a href="./policy-csp-admx-tpm.md#admx-tpm-cleartpmifnotready-name" id="admx-tpm-cleartpmifnotready-name">ADMX_TPM/ClearTPMIfNotReady_Name</a>
</dd>
<dd>
<a href="./policy-csp-admx-tpm.md#admx-tpm-ignoredefaultlist-name" id="admx-tpm-ignoredefaultlist-name">ADMX_TPM/IgnoreDefaultList_Name</a>
</dd>
<dd>
<a href="./policy-csp-admx-tpm.md#admx-tpm-ignorelocallist-name" id="admx-tpm-ignorelocallist-name">ADMX_TPM/IgnoreLocalList_Name</a>
</dd>
<dd>
<a href="./policy-csp-admx-tpm.md#admx-tpm-osmanagedauth-name" id="admx-tpm-osmanagedauth-name">ADMX_TPM/OSManagedAuth_Name</a>
</dd>
<dd>
<a href="./policy-csp-admx-tpm.md#admx-tpm-optintodsha-name" id="admx-tpm-optintodsha-name">ADMX_TPM/OptIntoDSHA_Name</a>
</dd>
<dd>
<a href="./policy-csp-admx-tpm.md#admx-tpm-standarduserauthorizationfailureduration-name" id="admx-tpm-standarduserauthorizationfailureduration-name">ADMX_TPM/StandardUserAuthorizationFailureDuration_Name</a>
</dd>
<dd>
<a href="./policy-csp-admx-tpm.md#admx-tpm-standarduserauthorizationfailureindividualthreshold-name" id="admx-tpm-standarduserauthorizationfailureindividualthreshold-name">ADMX_TPM/StandardUserAuthorizationFailureIndividualThreshold_Name</a>
</dd>
<dd>
<a href="./policy-csp-admx-tpm.md#admx-tpm-standarduserauthorizationfailuretotalthreshold-name" id="admx-tpm-standarduserauthorizationfailuretotalthreshold-name">ADMX_TPM/StandardUserAuthorizationFailureTotalThreshold_Name</a>
</dd>
<dd>
<a href="./policy-csp-admx-tpm.md#admx-tpm-uselegacydap-name" id="admx-tpm-uselegacydap-name">ADMX_TPM/UseLegacyDAP_Name</a>
</dd>
</dl>
### ADMX_UserExperienceVirtualization policies
<dl>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-calculator" id="admx-userexperiencevirtualization-calculator">ADMX_UserExperienceVirtualization/Calculator</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-configuresyncmethod" id="admx-userexperiencevirtualization-configuresyncmethod">ADMX_UserExperienceVirtualization/ConfigureSyncMethod</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-configurevdi" id="admx-userexperiencevirtualization-configurevdi">ADMX_UserExperienceVirtualization/ConfigureVdi</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-contactitdescription" id="admx-userexperiencevirtualization-contactitdescription">ADMX_UserExperienceVirtualization/ContactITDescription</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-contactiturl" id="admx-userexperiencevirtualization-contactiturl">ADMX_UserExperienceVirtualization/ContactITUrl</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-disablewin8sync" id="admx-userexperiencevirtualization-disablewin8sync">ADMX_UserExperienceVirtualization/DisableWin8Sync</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-disablewindowsossettings" id="admx-userexperiencevirtualization-disablewindowsossettings">ADMX_UserExperienceVirtualization/DisableWindowsOSSettings</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-enableuev" id="admx-userexperiencevirtualization-enableuev">ADMX_UserExperienceVirtualization/EnableUEV</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-finance" id="admx-userexperiencevirtualization-finance">ADMX_UserExperienceVirtualization/Finance</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-firstusenotificationenabled" id="admx-userexperiencevirtualization-firstusenotificationenabled">ADMX_UserExperienceVirtualization/FirstUseNotificationEnabled</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-games" id="admx-userexperiencevirtualization-games">ADMX_UserExperienceVirtualization/Games</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorer8" id="admx-userexperiencevirtualization-internetexplorer8">ADMX_UserExperienceVirtualization/InternetExplorer8</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorer9" id="admx-userexperiencevirtualization-internetexplorer9">ADMX_UserExperienceVirtualization/InternetExplorer9</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorer10" id="admx-userexperiencevirtualization-internetexplorer10">ADMX_UserExperienceVirtualization/InternetExplorer10</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorer11" id="admx-userexperiencevirtualization-internetexplorer11">ADMX_UserExperienceVirtualization/InternetExplorer11</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorercommon" id="admx-userexperiencevirtualization-internetexplorercommon">ADMX_UserExperienceVirtualization/InternetExplorerCommon</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-maps" id="admx-userexperiencevirtualization-maps">ADMX_UserExperienceVirtualization/Maps</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-maxpackagesizeinbytes" id="admx-userexperiencevirtualization-maxpackagesizeinbytes">ADMX_UserExperienceVirtualization/MaxPackageSizeInBytes</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010access" id="admx-userexperiencevirtualization-microsoftoffice2010access">ADMX_UserExperienceVirtualization/MicrosoftOffice2010Access</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010common" id="admx-userexperiencevirtualization-microsoftoffice2010common">ADMX_UserExperienceVirtualization/MicrosoftOffice2010Common</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010excel" id="admx-userexperiencevirtualization-microsoftoffice2010excel">ADMX_UserExperienceVirtualization/MicrosoftOffice2010Excel</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010infopath" id="admx-userexperiencevirtualization-microsoftoffice2010infopath">ADMX_UserExperienceVirtualization/MicrosoftOffice2010InfoPath</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010lync" id="admx-userexperiencevirtualization-microsoftoffice2010lync">ADMX_UserExperienceVirtualization/MicrosoftOffice2010Lync</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010onenote" id="admx-userexperiencevirtualization-microsoftoffice2010onenote">ADMX_UserExperienceVirtualization/MicrosoftOffice2010OneNote</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010outlook" id="admx-userexperiencevirtualization-microsoftoffice2010outlook">ADMX_UserExperienceVirtualization/MicrosoftOffice2010Outlook</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010powerpoint" id="admx-userexperiencevirtualization-microsoftoffice2010powerpoint">ADMX_UserExperienceVirtualization/MicrosoftOffice2010PowerPoint</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010project" id="admx-userexperiencevirtualization-microsoftoffice2010project">ADMX_UserExperienceVirtualization/MicrosoftOffice2010Project</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010publisher" id="admx-userexperiencevirtualization-microsoftoffice2010publisher">ADMX_UserExperienceVirtualization/MicrosoftOffice2010Publisher</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010sharepointdesigner" id="admx-userexperiencevirtualization-microsoftoffice2010sharepointdesigner">ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointDesigner</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010sharepointworkspace" id="admx-userexperiencevirtualization-microsoftoffice2010sharepointworkspace">ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointWorkspace</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010visio" id="admx-userexperiencevirtualization-microsoftoffice2010visio">ADMX_UserExperienceVirtualization/MicrosoftOffice2010Visio</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010word" id="admx-userexperiencevirtualization-microsoftoffice2010word">ADMX_UserExperienceVirtualization/MicrosoftOffice2010Word</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013access" id="admx-userexperiencevirtualization-microsoftoffice2013access">ADMX_UserExperienceVirtualization/MicrosoftOffice2013Access</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013accessbackup" id="admx-userexperiencevirtualization-microsoftoffice2013accessbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2013AccessBackup</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013common" id="admx-userexperiencevirtualization-microsoftoffice2013common">ADMX_UserExperienceVirtualization/MicrosoftOffice2013Common</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013commonbackup" id="admx-userexperiencevirtualization-microsoftoffice2013commonbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2013CommonBackup</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013excel" id="admx-userexperiencevirtualization-microsoftoffice2013excel">ADMX_UserExperienceVirtualization/MicrosoftOffice2013Excel</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013excelbackup" id="admx-userexperiencevirtualization-microsoftoffice2013excelbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2013ExcelBackup</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013infopath" id="admx-userexperiencevirtualization-microsoftoffice2013infopath">ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPath</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013infopathbackup" id="admx-userexperiencevirtualization-microsoftoffice2013infopathbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPathBackup</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013lync" id="admx-userexperiencevirtualization-microsoftoffice2013lync">ADMX_UserExperienceVirtualization/MicrosoftOffice2013Lync</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013lyncbackup" id="admx-userexperiencevirtualization-microsoftoffice2013lyncbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2013LyncBackup</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013onedriveforbusiness" id="admx-userexperiencevirtualization-microsoftoffice2013onedriveforbusiness">ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneDriveForBusiness</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013onenote" id="admx-userexperiencevirtualization-microsoftoffice2013onenote">ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNote</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013onenotebackup" id="admx-userexperiencevirtualization-microsoftoffice2013onenotebackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNoteBackup</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013outlook" id="admx-userexperiencevirtualization-microsoftoffice2013outlook">ADMX_UserExperienceVirtualization/MicrosoftOffice2013Outlook</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013outlookbackup" id="admx-userexperiencevirtualization-microsoftoffice2013outlookbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2013OutlookBackup</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013powerpoint" id="admx-userexperiencevirtualization-microsoftoffice2013powerpoint">ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPoint</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013powerpointbackup" id="admx-userexperiencevirtualization-microsoftoffice2013powerpointbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPointBackup</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013project" id="admx-userexperiencevirtualization-microsoftoffice2013project">ADMX_UserExperienceVirtualization/MicrosoftOffice2013Project</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013projectbackup" id="admx-userexperiencevirtualization-microsoftoffice2013projectbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2013ProjectBackup</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013publisher" id="admx-userexperiencevirtualization-microsoftoffice2013publisher">ADMX_UserExperienceVirtualization/MicrosoftOffice2013Publisher</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013publisherbackup" id="admx-userexperiencevirtualization-microsoftoffice2013publisherbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2013PublisherBackup</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013sharepointdesigner" id="admx-userexperiencevirtualization-microsoftoffice2013sharepointdesigner">ADMX_UserExperienceVirtualization/MicrosoftOffice2013SharePointDesigner</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013sharepointdesignerbackup" id="admx-userexperiencevirtualization-microsoftoffice2013sharepointdesignerbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2013SharePointDesignerBackup</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013uploadcenter" id="admx-userexperiencevirtualization-microsoftoffice2013uploadcenter">ADMX_UserExperienceVirtualization/MicrosoftOffice2013UploadCenter</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013visio" id="admx-userexperiencevirtualization-microsoftoffice2013visio">ADMX_UserExperienceVirtualization/MicrosoftOffice2013Visio</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013visiobackup" id="admx-userexperiencevirtualization-microsoftoffice2013visiobackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2013VisioBackup</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013word" id="admx-userexperiencevirtualization-microsoftoffice2013word">ADMX_UserExperienceVirtualization/MicrosoftOffice2013Word</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013wordbackup" id="admx-userexperiencevirtualization-microsoftoffice2013wordbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2013WordBackup</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016access" id="admx-userexperiencevirtualization-microsoftoffice2016access">ADMX_UserExperienceVirtualization/MicrosoftOffice2016Access</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016accessbackup" id="admx-userexperiencevirtualization-microsoftoffice2016accessbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2016AccessBackup</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016common" id="admx-userexperiencevirtualization-microsoftoffice2016common">ADMX_UserExperienceVirtualization/MicrosoftOffice2016Common</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016commonbackup" id="admx-userexperiencevirtualization-microsoftoffice2016commonbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2016CommonBackup</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016excel" id="admx-userexperiencevirtualization-microsoftoffice2016excel">ADMX_UserExperienceVirtualization/MicrosoftOffice2016Excel</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016excelbackup" id="admx-userexperiencevirtualization-microsoftoffice2016excelbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2016ExcelBackup</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016lync" id="admx-userexperiencevirtualization-microsoftoffice2016lync">ADMX_UserExperienceVirtualization/MicrosoftOffice2016Lync</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016lyncbackup" id="admx-userexperiencevirtualization-microsoftoffice2016lyncbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2016LyncBackup</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016onedriveforbusiness" id="admx-userexperiencevirtualization-microsoftoffice2016onedriveforbusiness">ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneDriveForBusiness</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016onenote" id="admx-userexperiencevirtualization-microsoftoffice2016onenote">ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNote</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016onenotebackup" id="admx-userexperiencevirtualization-microsoftoffice2016onenotebackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNoteBackup</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016outlook" id="admx-userexperiencevirtualization-microsoftoffice2016outlook">ADMX_UserExperienceVirtualization/MicrosoftOffice2016Outlook</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016outlookbackup" id="admx-userexperiencevirtualization-microsoftoffice2016outlookbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2016OutlookBackup</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016powerpoint" id="admx-userexperiencevirtualization-microsoftoffice2016powerpoint">ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPoint</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016powerpointbackup" id="admx-userexperiencevirtualization-microsoftoffice2016powerpointbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPointBackup</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016project" id="admx-userexperiencevirtualization-microsoftoffice2016project">ADMX_UserExperienceVirtualization/MicrosoftOffice2016Project</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016projectbackup" id="admx-userexperiencevirtualization-microsoftoffice2016projectbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2016ProjectBackup</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016publisher" id="admx-userexperiencevirtualization-microsoftoffice2016publisher">ADMX_UserExperienceVirtualization/MicrosoftOffice2016Publisher</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016publisherbackup" id="admx-userexperiencevirtualization-microsoftoffice2016publisherbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2016PublisherBackup</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016uploadcenter" id="admx-userexperiencevirtualization-microsoftoffice2016uploadcenter">ADMX_UserExperienceVirtualization/MicrosoftOffice2016UploadCenter</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016visio" id="admx-userexperiencevirtualization-microsoftoffice2016visio">ADMX_UserExperienceVirtualization/MicrosoftOffice2016Visio</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016visiobackup" id="admx-userexperiencevirtualization-microsoftoffice2016visiobackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2016VisioBackup</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016word" id="admx-userexperiencevirtualization-microsoftoffice2016word">ADMX_UserExperienceVirtualization/MicrosoftOffice2016Word</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016wordbackup" id="admx-userexperiencevirtualization-microsoftoffice2016wordbackup">ADMX_UserExperienceVirtualization/MicrosoftOffice2016WordBackup</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365access2013" id="admx-userexperiencevirtualization-microsoftoffice365access2013">ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2013</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365access2016" id="admx-userexperiencevirtualization-microsoftoffice365access2016">ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2016</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365common2013" id="admx-userexperiencevirtualization-microsoftoffice365common2013">ADMX_UserExperienceVirtualization/MicrosoftOffice365Common2013</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365common2016" id="admx-userexperiencevirtualization-microsoftoffice365common2016">ADMX_UserExperienceVirtualization/MicrosoftOffice365Common2016</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365excel2013" id="admx-userexperiencevirtualization-microsoftoffice365excel2013">ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2013</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365excel2016" id="admx-userexperiencevirtualization-microsoftoffice365excel2016">ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2016</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365infopath2013" id="admx-userexperiencevirtualization-microsoftoffice365infopath2013">ADMX_UserExperienceVirtualization/MicrosoftOffice365InfoPath2013</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365lync2013" id="admx-userexperiencevirtualization-microsoftoffice365lync2013">ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2013</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365lync2016" id="admx-userexperiencevirtualization-microsoftoffice365lync2016">ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2016</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365onenote2013" id="admx-userexperiencevirtualization-microsoftoffice365onenote2013">ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2013</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365onenote2016" id="admx-userexperiencevirtualization-microsoftoffice365onenote2016">ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2016</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365outlook2013" id="admx-userexperiencevirtualization-microsoftoffice365outlook2013">ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2013</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365outlook2016" id="admx-userexperiencevirtualization-microsoftoffice365outlook2016">ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2016</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365powerpoint2013" id="admx-userexperiencevirtualization-microsoftoffice365powerpoint2013">ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2013</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365powerpoint2016" id="admx-userexperiencevirtualization-microsoftoffice365powerpoint2016">ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2016</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365project2013" id="admx-userexperiencevirtualization-microsoftoffice365project2013">ADMX_UserExperienceVirtualization/MicrosoftOffice365Project2013</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365project2016" id="admx-userexperiencevirtualization-microsoftoffice365project2016">ADMX_UserExperienceVirtualization/MicrosoftOffice365Project2016</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365publisher2013" id="admx-userexperiencevirtualization-microsoftoffice365publisher2013">ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2013</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365publisher2016" id="admx-userexperiencevirtualization-microsoftoffice365publisher2016">ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2016</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365sharepointdesigner2013" id="admx-userexperiencevirtualization-microsoftoffice365sharepointdesigner2013">ADMX_UserExperienceVirtualization/MicrosoftOffice365SharePointDesigner2013</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365visio2013" id="admx-userexperiencevirtualization-microsoftoffice365visio2013">ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2013</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365visio2016" id="admx-userexperiencevirtualization-microsoftoffice365visio2016">ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2016</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365word2013" id="admx-userexperiencevirtualization-microsoftoffice365word2013">ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2013</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365word2016" id="admx-userexperiencevirtualization-microsoftoffice365word2016">ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2016</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-music" id="admx-userexperiencevirtualization-music">ADMX_UserExperienceVirtualization/Music</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-news" id="admx-userexperiencevirtualization-news">ADMX_UserExperienceVirtualization/News</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-notepad" id="admx-userexperiencevirtualization-notepad">ADMX_UserExperienceVirtualization/Notepad</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-reader" id="admx-userexperiencevirtualization-reader">ADMX_UserExperienceVirtualization/Reader</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-repositorytimeout" id="admx-userexperiencevirtualization-repositorytimeout">ADMX_UserExperienceVirtualization/RepositoryTimeout</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-settingsstoragepath" id="admx-userexperiencevirtualization-settingsstoragepath">ADMX_UserExperienceVirtualization/SettingsStoragePath</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-settingstemplatecatalogpath" id="admx-userexperiencevirtualization-settingstemplatecatalogpath">ADMX_UserExperienceVirtualization/SettingsTemplateCatalogPath</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-sports" id="admx-userexperiencevirtualization-sports">ADMX_UserExperienceVirtualization/Sports</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncenabled" id="admx-userexperiencevirtualization-syncenabled">ADMX_UserExperienceVirtualization/SyncEnabled</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncovermeterednetwork" id="admx-userexperiencevirtualization-syncovermeterednetwork">ADMX_UserExperienceVirtualization/SyncOverMeteredNetwork</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncovermeterednetworkwhenroaming" id="admx-userexperiencevirtualization-syncovermeterednetworkwhenroaming">ADMX_UserExperienceVirtualization/SyncOverMeteredNetworkWhenRoaming</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncproviderpingenabled" id="admx-userexperiencevirtualization-syncproviderpingenabled">ADMX_UserExperienceVirtualization/SyncProviderPingEnabled</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncunlistedwindows8apps" id="admx-userexperiencevirtualization-syncunlistedwindows8apps">ADMX_UserExperienceVirtualization/SyncUnlistedWindows8Apps</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-travel" id="admx-userexperiencevirtualization-travel">ADMX_UserExperienceVirtualization/Travel</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-trayiconenabled" id="admx-userexperiencevirtualization-trayiconenabled">ADMX_UserExperienceVirtualization/TrayIconEnabled</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-video" id="admx-userexperiencevirtualization-video">ADMX_UserExperienceVirtualization/Video</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-weather" id="admx-userexperiencevirtualization-weather">ADMX_UserExperienceVirtualization/Weather</a>
</dd>
<dd>
<a href="./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-wordpad" id="admx-userexperiencevirtualization-wordpad">ADMX_UserExperienceVirtualization/Wordpad</a>
</dd>
</dl>
### ADMX_W32Time policies
<dl>
<dd>
<a href="./policy-csp-admx-w32time.md#admx-w32time-policy-config" id="admx-w32time-policy-config">ADMX_W32Time/W32TIME_POLICY_CONFIG</a>
</dd>
<dd>
<a href="./policy-csp-admx-w32time.md#admx-w32time-policy-configure-ntpclient" id="admx-w32time-policy-configure-ntpclient">ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT</a>
</dd>
<dd>
<a href="./policy-csp-admx-w32time.md#admx-w32time-policy-enable-ntpclient" id="admx-w32time-policy-enable-ntpclient">ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT</a>
</dd>
<dd>
<a href="./policy-csp-admx-w32time.md#admx-w32time-policy-enable-ntpserver" id="admx-w32time-policy-enable-ntpserver">ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPSERVER</a>
</dd>
</dl>
### ADMX_WinCal policies
<dl>
<dd>
<a href="./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-1" id="admx-wincal-turnoffwincal-1">ADMX_WinCal/TurnOffWinCal_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-2" id="admx-wincal-turnoffwincal-2">ADMX_WinCal/TurnOffWinCal_2</a>
</dd>
</dl>
### ADMX_WindowsAnytimeUpgrade policies
<dl>
<dd>
<a href="./policy-csp-admx-windowsanytimeupgrade.md#admx-windowsanytimeupgrade-disabled" id="admx-windowsanytimeupgrade-disabled">ADMX_WindowsAnytimeUpgrade/Disabled</a>
</dd>
</dl>
## ADMX_WindowsConnectNow policies
<dl>
<dd>
<a href="./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-1" id="admx-windowsconnectnow-wcn-disablewcnui-1">ADMX_WindowsConnectNow/WCN_DisableWcnUi_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-2" id="admx-windowsconnectnow-wcn-disablewcnui-2">ADMX_WindowsConnectNow/WCN_DisableWcnUi_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-enableregistrar" id="admx-windowsconnectnow-wcn-enableregistrar">ADMX_WindowsConnectNow/WCN_EnableRegistrar</a>
</dd>
</dl>
### ADMX_WindowsMediaDRM policies
<dl>
<dd>
<a href="./policy-csp-admx-windowsmediadrm.md#admx-windowsmediadrm-disableonline" id="admx-windowsmediadrm-disableonline">ADMX_WindowsMediaDRM/DisableOnline</a>
</dd>
</dl>
### ADMX_WindowsMediaPlayer policies
<dl>
<dd>
<a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configurehttpproxysettings" id="admx-windowsmediaplayer-configurehttpproxysettings">ADMX_WindowsMediaPlayer/ConfigureHTTPProxySettings</a>
</dd>
<dd>
<a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configuremmsproxysettings" id="admx-windowsmediaplayer-configuremmsproxysettings">ADMX_WindowsMediaPlayer/ConfigureMMSProxySettings</a>
</dd>
<dd>
<a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configurertspproxysettings" id="admx-windowsmediaplayer-configurertspproxysettings">ADMX_WindowsMediaPlayer/ConfigureRTSPProxySettings</a>
</dd>
<dd>
<a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-disableautoupdate" id="admx-windowsmediaplayer-disableautoupdate">ADMX_WindowsMediaPlayer/DisableAutoUpdate</a>
</dd>
<dd>
<a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-disablenetworksettings" id="admx-windowsmediaplayer-disablenetworksettings">ADMX_WindowsMediaPlayer/DisableNetworkSettings</a>
</dd>
<dd>
<a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-disablesetupfirstuseconfiguration" id="admx-windowsmediaplayer-disablesetupfirstuseconfiguration">ADMX_WindowsMediaPlayer/DisableSetupFirstUseConfiguration</a>
</dd>
<dd>
<a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-donotshowanchor" id="admx-windowsmediaplayer-donotshowanchor">ADMX_WindowsMediaPlayer/DoNotShowAnchor</a>
</dd>
<dd>
<a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-dontuseframeinterpolation" id="admx-windowsmediaplayer-dontuseframeinterpolation">ADMX_WindowsMediaPlayer/DontUseFrameInterpolation</a>
</dd>
<dd>
<a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-enablescreensaver" id="admx-windowsmediaplayer-enablescreensaver">ADMX_WindowsMediaPlayer/EnableScreenSaver</a>
</dd>
<dd>
<a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-hideprivacytab" id="admx-windowsmediaplayer-hideprivacytab">ADMX_WindowsMediaPlayer/HidePrivacyTab</a>
</dd>
<dd>
<a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-hidesecuritytab" id="admx-windowsmediaplayer-hidesecuritytab">ADMX_WindowsMediaPlayer/HideSecurityTab</a>
</dd>
<dd>
<a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-networkbuffering" id="admx-windowsmediaplayer-networkbuffering">ADMX_WindowsMediaPlayer/NetworkBuffering</a>
</dd>
<dd>
<a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-policycodecupdate" id="admx-windowsmediaplayer-policycodecupdate">ADMX_WindowsMediaPlayer/PolicyCodecUpdate</a>
</dd>
<dd>
<a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventcddvdmetadataretrieval" id="admx-windowsmediaplayer-preventcddvdmetadataretrieval">ADMX_WindowsMediaPlayer/PreventCDDVDMetadataRetrieval</a>
</dd>
<dd>
<a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventlibrarysharing" id="admx-windowsmediaplayer-preventlibrarysharing">ADMX_WindowsMediaPlayer/PreventLibrarySharing</a>
</dd>
<dd>
<a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventmusicfilemetadataretrieval" id="admx-windowsmediaplayer-preventmusicfilemetadataretrieval">ADMX_WindowsMediaPlayer/PreventMusicFileMetadataRetrieval</a>
</dd>
<dd>
<a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventquicklaunchshortcut" id="admx-windowsmediaplayer-preventquicklaunchshortcut">ADMX_WindowsMediaPlayer/PreventQuickLaunchShortcut</a>
</dd>
<dd>
<a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventradiopresetsretrieval" id="admx-windowsmediaplayer-preventradiopresetsretrieval">ADMX_WindowsMediaPlayer/PreventRadioPresetsRetrieval</a>
</dd>
<dd>
<a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventwmpdesktopshortcut" id="admx-windowsmediaplayer-preventwmpdesktopshortcut">ADMX_WindowsMediaPlayer/PreventWMPDeskTopShortcut</a>
</dd>
<dd>
<a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-skinlockdown" id="admx-windowsmediaplayer-skinlockdown">ADMX_WindowsMediaPlayer/SkinLockDown</a>
</dd>
<dd>
<a href="./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-windowsstreamingmediaprotocols" id="admx-windowsmediaplayer-windowsstreamingmediaprotocols">ADMX_WindowsMediaPlayer/WindowsStreamingMediaProtocols</a>
</dd>
</dl>
### ADMX_WinInit policies
<dl>
<dd>
<a href="./policy-csp-admx-wininit.md#admx-wininit-disablenamedpipeshutdownpolicydescription" id="admx-wininit-disablenamedpipeshutdownpolicydescription">ADMX_WinInit/DisableNamedPipeShutdownPolicyDescription</a>
</dd>
<dd>
<a href="./policy-csp-admx-wininit.md#admx-wininit-hiberboot" id="admx-wininit-hiberboot">ADMX_WinInit/Hiberboot</a>
</dd>
<dd>
<a href="./policy-csp-admx-wininit.md#admx-wininit-shutdowntimeouthungsessionsdescription" id="admx-wininit-shutdowntimeouthungsessionsdescription">ADMX_WinInit/ShutdownTimeoutHungSessionsDescription</a>
</dd>
</dl>
### ApplicationDefaults policies
<dl>
@ -3323,7 +4006,13 @@ The following diagram shows the Policy configuration service provider in tree fo
</dd>
</dl>
### LocalUsersAndGroups policies
<dl>
<dd>
<a href="./policy-csp-localusersandgroups.md#localusersandgroups-configure" id="localusersandgroups-configure">LocalUsersAndGroups/Configure</a>
</dd>
</dl>
### LockDown policies
@ -3352,6 +4041,26 @@ The following diagram shows the Policy configuration service provider in tree fo
</dd>
</dl>
### MixedReality policies
<dl>
<dd>
<a href="./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays" id="mixedreality-aadgroupmembershipcachevalidityindays">MixedReality/AADGroupMembershipCacheValidityInDays</a>
</dd>
<dd>
<a href="./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled" id="mixedreality-brightnessbuttondisabled">MixedReality/BrightnessButtonDisabled</a>
</dd>
<dd>
<a href="./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics" id="mixedreality-fallbackdiagnostics">MixedReality/FallbackDiagnostics</a>
</dd>
<dd>
<a href="./policy-csp-mixedreality.md#mixedreality-microphonedisabled" id="mixedreality-microphonedisabled">MixedReality/MicrophoneDisabled</a>
</dd>
<dd>
<a href="./policy-csp-mixedreality.md#mixedreality-volumebuttondisabled" id="mixedreality-volumebuttondisabled">MixedReality/VolumeButtonDisabled</a>
</dd>
</dl>
### MSSecurityGuide policies
<dl>
@ -4516,6 +5225,9 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-update.md#update-disabledualscan" id="update-disabledualscan">Update/DisableDualScan</a>
</dd>
<dd>
<a href="./policy-csp-update.md#update-disablewufbsafeguards" id="update-disablewufbsafeguards">Update/DisableWUfBSafeguards</a>
</dd>
<dd>
<a href="./policy-csp-update.md#update-engagedrestartdeadline" id="update-engagedrestartdeadline">Update/EngagedRestartDeadline</a>
</dd>
@ -4872,6 +5584,29 @@ The following diagram shows the Policy configuration service provider in tree fo
</dd>
</dl>
### WindowsSandbox policies
<dl>
<dd>
<a href="./policy-csp-windowssandbox.md#windowssandbox-allowaudioinput" id="windowssandbox-allowaudioinput">WindowsSandbox/AllowAudioInput</a>
</dd>
<dd>
<a href="./policy-csp-windowssandbox.md#windowssandbox-allowclipboardredirection" id="windowssandbox-allowclipboardredirection">WindowsSandbox/AllowClipboardRedirection</a>
</dd>
<dd>
<a href="./policy-csp-windowssandbox.md#windowssandbox-allownetworking" id="windowssandbox-allownetworking">WindowsSandbox/AllowNetworking</a>
</dd>
<dd>
<a href="./policy-csp-windowssandbox.md#windowssandbox-allowprinterredirection" id="windowssandbox-allowprinterredirection">WindowsSandbox/AllowPrinterRedirection</a>
</dd>
<dd>
<a href="./policy-csp-windowssandbox.md#windowssandbox-allowvgpu" id="windowssandbox-allowvgpu">WindowsSandbox/AllowVGPU</a>
</dd>
<dd>
<a href="./policy-csp-windowssandbox.md#windowssandbox-allowvideoinput" id="windowssandbox-allowvideoinput">WindowsSandbox/AllowVideoInput</a>
</dd>
</dl>
### WirelessDisplay policies
<dl>
@ -4901,27 +5636,27 @@ The following diagram shows the Policy configuration service provider in tree fo
</dd>
</dl>
## Policy CSPs supported by Group Policy and ADMX-backed policy CSPs
- [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md)
- [ADMX-backed policy CSPs](policy-csps-admx-backed.md)
## Policies in Policy CSP supported by Group Policy and ADMX-backed policies in Policy CSP
- [Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md)
- [ADMX-backed policies in Policy CSP](policy-csps-admx-backed.md)
> [!NOTE]
> Not all Policy CSPs supported by Group Policy are ADMX-backed. For more details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
> Not all Policies in Policy CSP supported by Group Policy are ADMX-backed. For more details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
## Policy CSPs supported by HoloLens devices
- [Policy CSPs supported by HoloLens 2](policy-csps-supported-by-hololens2.md)
- [Policy CSPs supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md)
- [Policy CSPs supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md)
## Policies in Policy CSP supported by HoloLens devices
- [Policies in Policy CSP supported by HoloLens 2](policy-csps-supported-by-hololens2.md)
- [Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md)
- [Policies in Policy CSP supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md)
## Policy CSPs supported by Windows 10 IoT
- [Policy CSPs supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
- [Policy CSPs supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md)
## Policies in Policy CSP supported by Windows 10 IoT
- [Policies in Policy CSP supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
- [Policies in Policy CSP supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md)
## Policy CSPs supported by Microsoft Surface Hub
- [Policy CSPs supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md)
## Policies in Policy CSP supported by Microsoft Surface Hub
- [Policies in Policy CSP supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md)
## Policy CSPs that can be set using Exchange ActiveSync (EAS)
- [Policy CSPs that can be set using Exchange ActiveSync (EAS)](policy-csps-that-can-be-set-using-eas.md)
## Policies in Policy CSP that can be set using Exchange ActiveSync (EAS)
- [Policies in Policy CSP that can be set using Exchange ActiveSync (EAS)](policy-csps-that-can-be-set-using-eas.md)
## Related topics

4
windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
View File

@ -97,7 +97,7 @@ For information about supported cipher suites, see [Cipher Suites in TLS/SSL (Sc
<!--ADMXBacked-->
ADMX Info:
- GP English name: *SSL Cipher Suite Order*
- GP name: *Functions*
- GP name: *SSLCipherSuiteOrder*
- GP path: *Network/SSL Configuration Settings*
- GP ADMX file name: *CipherSuiteOrder.admx*
@ -180,7 +180,7 @@ CertUtil.exe -DisplayEccCurve
<!--ADMXBacked-->
ADMX Info:
- GP English name: *ECC Curve Order*
- GP name: *EccCurves*
- GP name: *SSLCurveOrder*
- GP path: *Network/SSL Configuration Settings*
- GP ADMX file name: *CipherSuiteOrder.admx*

4
windows/client-management/mdm/policy-csp-admx-com.md
View File

@ -99,7 +99,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Download missing COM components*
- GP name: *COMClassStore*
- GP name: *AppMgmt_COM_SearchForCLSID_1*
- GP path: *System*
- GP ADMX file name: *COM.admx*
@ -174,7 +174,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Download missing COM components*
- GP name: *COMClassStore*
- GP name: *AppMgmt_COM_SearchForCLSID_2*
- GP path: *System*
- GP ADMX file name: *COM.admx*

4
windows/client-management/mdm/policy-csp-admx-digitallocker.md
View File

@ -96,7 +96,7 @@ If you disable or do not configure this setting, Digital Locker can be run.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Do not allow Digital Locker to run*
- GP name: *DoNotRunDigitalLocker*
- GP name: *Digitalx_DiableApplication_TitleText_1*
- GP path: *Windows Components/Digital Locker*
- GP ADMX file name: *DigitalLocker.admx*
@ -167,7 +167,7 @@ If you disable or do not configure this setting, Digital Locker can be run.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Do not allow Digital Locker to run*
- GP name: *DoNotRunDigitalLocker*
- GP name: *Digitalx_DiableApplication_TitleText_2*
- GP path: *Windows Components/Digital Locker*
- GP ADMX file name: *DigitalLocker.admx*

12
windows/client-management/mdm/policy-csp-admx-dwm.md
View File

@ -109,7 +109,7 @@ If you disable or do not configure this policy setting, the default internal col
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify a default color*
- GP name: *DefaultColorizationColorState*
- GP name: *DwmDefaultColorizationColor_1*
- GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring*
- GP ADMX file name: *DWM.admx*
@ -182,7 +182,7 @@ If you disable or do not configure this policy setting, the default internal col
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify a default color*
- GP name: *DefaultColorizationColorState*
- GP name: *DwmDefaultColorizationColor_2*
- GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring*
- GP ADMX file name: *DWM.admx*
@ -253,7 +253,7 @@ Changing this policy setting requires a logoff for it to be applied.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Do not allow window animations*
- GP name: *DisallowAnimations*
- GP name: *DwmDisallowAnimations_1*
- GP path: *Windows Components/Desktop Window Manager*
- GP ADMX file name: *DWM.admx*
@ -324,7 +324,7 @@ Changing this policy setting requires a logoff for it to be applied.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Do not allow window animations*
- GP name: *DisallowAnimations*
- GP name: *DwmDisallowAnimations_2*
- GP path: *Windows Components/Desktop Window Manager*
- GP ADMX file name: *DWM.admx*
@ -396,7 +396,7 @@ If you disable or do not configure this policy setting, you allow users to chang
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Do not allow color changes*
- GP name: *DisallowColorizationColorChanges*
- GP name: *DwmDisallowColorizationColorChanges_1*
- GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring*
- GP ADMX file name: *DWM.admx*
@ -468,7 +468,7 @@ If you disable or do not configure this policy setting, you allow users to chang
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Do not allow color changes*
- GP name: *DisallowColorizationColorChanges*
- GP name: *DwmDisallowColorizationColorChanges_2*
- GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring*
- GP ADMX file name: *DWM.admx*

2
windows/client-management/mdm/policy-csp-admx-eventforwarding.md
View File

@ -97,7 +97,7 @@ This setting applies across all subscriptions for the forwarder (source computer
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Configure forwarder resource usage*
- GP name: *MaxForwardingRate*
- GP name: *ForwarderResourceUsage*
- GP path: *Windows Components/Event Forwarding*
- GP ADMX file name: *EventForwarding.admx*

2
windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
View File

@ -94,7 +94,7 @@ By default, the RPC protocol message between File Server VSS provider and File S
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers.*
- GP name: *EncryptProtocol*
- GP name: *Pol_EncryptProtocol*
- GP path: *System/File Share Shadow Copy Provider*
- GP ADMX file name: *FileServerVSSProvider.admx*

12
windows/client-management/mdm/policy-csp-admx-filesys.md
View File

@ -106,7 +106,7 @@ Available in Windows 10 Insider Preview Build 20185. Compression can add to the
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Do not allow compression on all NTFS volumes*
- GP name: *NtfsDisableCompression*
- GP name: *DisableCompression*
- GP path: *System/Filesystem/NTFS*
- GP ADMX file name: *FileSys.admx*
@ -237,7 +237,7 @@ Available in Windows 10 Insider Preview Build 20185. Encryption can add to the p
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Do not allow encryption on all NTFS volumes*
- GP name: *NtfsDisableEncryption*
- GP name: *DisableEncryption*
- GP path: *System/Filesystem/NTFS*
- GP ADMX file name: *FileSys.admx*
@ -300,7 +300,7 @@ Available in Windows 10 Insider Preview Build 20185. Encrypting the page file pr
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Enable NTFS pagefile encryption*
- GP name: *NtfsEncryptPagingFile*
- GP name: *EnablePagefileEncryption*
- GP path: *System/Filesystem/NTFS*
- GP ADMX file name: *FileSys.admx*
@ -428,7 +428,7 @@ If you enable short names on all volumes then short names will always be generat
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Short name creation options*
- GP name: *NtfsDisable8dot3NameCreation*
- GP name: *ShortNameCreationSettings*
- GP path: *System/Filesystem/NTFS*
- GP ADMX file name: *FileSys.admx*
@ -502,7 +502,7 @@ For more information, refer to the Windows Help section.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Selectively allow the evaluation of a symbolic link*
- GP name: *SymlinkLocalToLocalEvaluation*
- GP name: *SymlinkEvaluation*
- GP path: *System/Filesystem*
- GP ADMX file name: *FileSys.admx*
@ -565,7 +565,7 @@ Available in Windows 10 Insider Preview Build 20185. TXF deprecated features inc
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Enable / disable TXF deprecated features*
- GP name: *NtfsEnableTxfDeprecatedFunctionality*
- GP name: *TxfDeprecatedFunctionality*
- GP path: *System/Filesystem/NTFS*
- GP ADMX file name: *FileSys.admx*

8
windows/client-management/mdm/policy-csp-admx-folderredirection.md
View File

@ -329,7 +329,7 @@ If you disable or not configure this policy setting, Windows Vista, Windows 7, W
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Use localized subfolder names when redirecting Start Menu and My Documents*
- GP name: *LocalizeXPRelativePaths*
- GP name: *LocalizeXPRelativePaths_1*
- GP path: *System/Folder Redirection*
- GP ADMX file name: *FolderRedirection.admx*
@ -401,7 +401,7 @@ If you disable or not configure this policy setting, Windows Vista, Windows 7, W
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Use localized subfolder names when redirecting Start Menu and My Documents*
- GP name: *LocalizeXPRelativePaths*
- GP name: *LocalizeXPRelativePaths_2*
- GP path: *System/Folder Redirection*
- GP ADMX file name: *FolderRedirection.admx*
@ -474,7 +474,7 @@ If you disable or do not configure this policy setting and the user has redirect
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Redirect folders on primary computers only*
- GP name: *PrimaryComputerEnabledFR*
- GP name: *PrimaryComputer_FR_1*
- GP path: *System/Folder Redirection*
- GP ADMX file name: *FolderRedirection.admx*
@ -547,7 +547,7 @@ If you disable or do not configure this policy setting and the user has redirect
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Redirect folders on primary computers only*
- GP name: *PrimaryComputerEnabledFR*
- GP name: *PrimaryComputer_FR_2*
- GP path: *System/Folder Redirection*
- GP ADMX file name: *FolderRedirection.admx*

6
windows/client-management/mdm/policy-csp-admx-help.md
View File

@ -185,7 +185,7 @@ For additional options, see the "Restrict these programs from being launched fro
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Restrict potentially unsafe HTML Help functions to specified folders*
- GP name: *HelpQualifiedRootDir*
- GP name: *HelpQualifiedRootDir_Comp*
- GP path: *System*
- GP ADMX file name: *Help.admx*
@ -259,7 +259,7 @@ If you disable or do not configure this policy setting, users can run all applic
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Restrict these programs from being launched from Help*
- GP name: *DisableInHelp*
- GP name: *RestrictRunFromHelp*
- GP path: *System*
- GP ADMX file name: *Help.admx*
@ -332,7 +332,7 @@ If you disable or do not configure this policy setting, users can run all applic
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Restrict these programs from being launched from Help*
- GP name: *DisableInHelp*
- GP name: *RestrictRunFromHelp_Comp*
- GP path: *System*
- GP ADMX file name: *Help.admx*

8
windows/client-management/mdm/policy-csp-admx-helpandsupport.md
View File

@ -100,7 +100,7 @@ If you disable or do not configure this policy setting, the default behavior app
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn off Active Help*
- GP name: *NoActiveHelp*
- GP name: *ActiveHelp*
- GP path: *Windows Components/Online Assistance*
- GP ADMX file name: *HelpAndSupport.admx*
@ -171,7 +171,7 @@ Users can use the control to provide feedback on the quality and usefulness of t
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn off Help Ratings*
- GP name: *NoExplicitFeedback*
- GP name: *HPExplicitFeedback*
- GP path: *System/Internet Communication Management/Internet Communication settings*
- GP ADMX file name: *HelpAndSupport.admx*
@ -239,7 +239,7 @@ If you disable or do not configure this policy setting, users can turn on the He
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn off Help Experience Improvement Program*
- GP name: *NoImplicitFeedback*
- GP name: *HPImplicitFeedback*
- GP path: *System/Internet Communication Management/Internet Communication settings*
- GP ADMX file name: *HelpAndSupport.admx*
@ -308,7 +308,7 @@ If you disable or do not configure this policy setting, users can access online
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn off Windows Online*
- GP name: *NoOnlineAssist*
- GP name: *HPOnlineAssistance*
- GP path: *System/Internet Communication Management/Internet Communication settings*
- GP ADMX file name: *HelpAndSupport.admx*

8
windows/client-management/mdm/policy-csp-admx-kdc.md
View File

@ -133,7 +133,7 @@ Impact on domain controller performance when this policy setting is enabled:
<!--ADMXBacked-->
ADMX Info:
- GP English name: *KDC support for claims, compound authentication and Kerberos armoring*
- GP name: *EnableCbacAndArmor*
- GP name: *CbacAndArmor*
- GP path: *System/KDC*
- GP ADMX file name: *kdc.admx*
@ -204,7 +204,7 @@ To ensure consistent behavior, this policy setting must be supported and set ide
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Use forest search order*
- GP name: *UseForestSearch*
- GP name: *ForestSearch*
- GP path: *System/KDC*
- GP ADMX file name: *kdc.admx*
@ -420,7 +420,7 @@ If you disable or do not configure this policy setting, the threshold value defa
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Warning for large Kerberos tickets*
- GP name: *EnableTicketSizeThreshold*
- GP name: *TicketSizeThreshold*
- GP path: *System/KDC*
- GP ADMX file name: *kdc.admx*
@ -494,7 +494,7 @@ If you disable or do not configure this policy setting, the domain controller do
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Provide information about previous logons to client computers*
- GP name: *EmitLILI*
- GP name: *emitlili*
- GP path: *System/KDC*
- GP ADMX file name: *kdc.admx*

8
windows/client-management/mdm/policy-csp-admx-lanmanserver.md
View File

@ -116,7 +116,7 @@ Arrange the desired cipher suites in the edit box, one cipher suite per line, in
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Cipher suite order*
- GP name: *CipherSuiteOrder*
- GP name: *Pol_CipherSuiteOrder*
- GP path: *Network/Lanman Server*
- GP ADMX file name: *LanmanServer.admx*
@ -199,7 +199,7 @@ In circumstances where this policy setting is enabled, you can also select the f
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Hash Publication for BranchCache*
- GP name: *HashPublicationForPeerCaching*
- GP name: *Pol_HashPublication*
- GP path: *Network/Lanman Server*
- GP ADMX file name: *LanmanServer.admx*
@ -286,7 +286,7 @@ Hash version supported:
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Hash Version support for BranchCache*
- GP name: *HashSupportVersion*
- GP name: *Pol_HashSupportVersion*
- GP path: *Network/Lanman Server*
- GP ADMX file name: *LanmanServer.admx*
@ -358,7 +358,7 @@ If you disable or do not configure this policy setting, the SMB server will sele
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Honor cipher suite order*
- GP name: *HonorCipherSuiteOrder*
- GP name: *Pol_HonorCipherSuiteOrder*
- GP path: *Network/Lanman Server*
- GP ADMX file name: *LanmanServer.admx*

4
windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
View File

@ -96,7 +96,7 @@ If you disable or do not configure this policy setting, the default behavior of
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn on Mapper I/O (LLTDIO) driver*
- GP name: *EnableLLTDIO*
- GP name: *LLTD_EnableLLTDIO*
- GP path: *Network/Link-Layer Topology Discovery*
- GP ADMX file name: *LinkLayerTopologyDiscovery.admx*
@ -167,7 +167,7 @@ If you disable or do not configure this policy setting, the default behavior for
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn on Responder (RSPNDR) driver*
- GP name: *EnableRspndr*
- GP name: *LLTD_EnableRspndr*
- GP path: *Network/Link-Layer Topology Discovery*
- GP ADMX file name: *LinkLayerTopologyDiscovery.admx*

10
windows/client-management/mdm/policy-csp-admx-mmc.md
View File

@ -113,7 +113,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *ActiveX Control*
- GP name: *Restrict_Run*
- GP name: *MMC_ActiveXControl*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMC.admx*
@ -192,7 +192,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Extended View (Web View)*
- GP name: *Restrict_Run*
- GP name: *MMC_ExtendView*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMC.admx*
@ -271,7 +271,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Link to Web Address*
- GP name: *Restrict_Run*
- GP name: *MMC_LinkToWeb*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMC.admx*
@ -344,7 +344,7 @@ If you disable this setting or do not configure it, users can enter author mode
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Restrict the user from entering author mode*
- GP name: *RestrictAuthorMode*
- GP name: *MMC_Restrict_Author*
- GP path: *Windows Components\Microsoft Management Console*
- GP ADMX file name: *MMC.admx*
@ -422,7 +422,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Restrict users to the explicitly permitted list of snap-ins*
- GP name: *RestrictToPermittedSnapins*
- GP name: *MMC_Restrict_To_Permitted_Snapins*
- GP path: *Windows Components\Microsoft Management Console*
- GP ADMX file name: *MMC.admx*

210
windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
View File

@ -408,7 +408,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Administrative Templates (Computers)*
- GP name: *Restrict_Run*
- GP name: *MMC_ADMComputers_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -485,7 +485,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Administrative Templates (Computers)*
- GP name: *Restrict_Run*
- GP name: *MMC_ADMComputers_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -563,7 +563,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Administrative Templates (Users)*
- GP name: *Restrict_Run*
- GP name: *MMC_ADMUsers_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -641,7 +641,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Administrative Templates (Users)*
- GP name: *Restrict_Run*
- GP name: *MMC_ADMUsers_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -719,7 +719,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *ADSI Edit*
- GP name: *Restrict_Run*
- GP name: *MMC_ADSI*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -797,7 +797,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Active Directory Domains and Trusts*
- GP name: *Restrict_Run*
- GP name: *MMC_ActiveDirDomTrusts*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -875,7 +875,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Active Directory Sites and Services*
- GP name: *Restrict_Run*
- GP name: *MMC_ActiveDirSitesServices*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -953,7 +953,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Active Directory Users and Computers*
- GP name: *Restrict_Run*
- GP name: *MMC_ActiveDirUsersComp*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -1031,7 +1031,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *AppleTalk Routing*
- GP name: *Restrict_Run*
- GP name: *MMC_AppleTalkRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -1109,7 +1109,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Authorization Manager*
- GP name: *Restrict_Run*
- GP name: *MMC_AuthMan*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -1187,7 +1187,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Certification Authority*
- GP name: *Restrict_Run*
- GP name: *MMC_CertAuth*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -1264,7 +1264,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Certification Authority Policy Settings*
- GP name: *Restrict_Run*
- GP name: *MMC_CertAuthPolSet*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -1341,7 +1341,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Certificates*
- GP name: *Restrict_Run*
- GP name: *MMC_Certs*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -1418,7 +1418,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Certificate Templates*
- GP name: *Restrict_Run*
- GP name: *MMC_CertsTemplate*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -1495,7 +1495,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Component Services*
- GP name: *Restrict_Run*
- GP name: *MMC_ComponentServices*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -1572,7 +1572,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Computer Management*
- GP name: *Restrict_Run*
- GP name: *MMC_ComputerManagement*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -1649,7 +1649,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Connection Sharing (NAT)*
- GP name: *Restrict_Run*
- GP name: *MMC_ConnectionSharingNAT*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -1726,7 +1726,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *DCOM Configuration Extension*
- GP name: *Restrict_Run*
- GP name: *MMC_DCOMCFG*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -1803,7 +1803,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Distributed File System*
- GP name: *Restrict_Run*
- GP name: *MMC_DFS*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -1880,7 +1880,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *DHCP Relay Management*
- GP name: *Restrict_Run*
- GP name: *MMC_DHCPRelayMgmt*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -1957,7 +1957,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Device Manager*
- GP name: *Restrict_Run*
- GP name: *MMC_DeviceManager_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -2034,7 +2034,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Device Manager*
- GP name: *Restrict_Run*
- GP name: *MMC_DeviceManager_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -2111,7 +2111,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Disk Defragmenter*
- GP name: *Restrict_Run*
- GP name: *MMC_DiskDefrag*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -2188,7 +2188,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Disk Management*
- GP name: *Restrict_Run*
- GP name: *MMC_DiskMgmt*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -2265,7 +2265,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Enterprise PKI*
- GP name: *Restrict_Run*
- GP name: *MMC_EnterprisePKI*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -2342,7 +2342,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Event Viewer*
- GP name: *Restrict_Run*
- GP name: *MMC_EventViewer_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -2419,7 +2419,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Event Viewer (Windows Vista)*
- GP name: *Restrict_Run*
- GP name: *MMC_EventViewer_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -2496,7 +2496,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Event Viewer*
- GP name: *Restrict_Run*
- GP name: *MMC_EventViewer_3*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -2573,7 +2573,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Event Viewer (Windows Vista)*
- GP name: *Restrict_Run*
- GP name: *MMC_EventViewer_4*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -2651,7 +2651,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Event Viewer (Windows Vista)*
- GP name: *Restrict_Run*
- GP name: *MMC_EventViewer_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -2728,7 +2728,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *FAX Service*
- GP name: *Restrict_Run*
- GP name: *MMC_FAXService*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -2805,7 +2805,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Failover Clusters Manager*
- GP name: *Restrict_Run*
- GP name: *MMC_FailoverClusters*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -2882,7 +2882,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Folder Redirection*
- GP name: *Restrict_Run*
- GP name: *MMC_FolderRedirection_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -2959,7 +2959,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Folder Redirection*
- GP name: *Restrict_Run*
- GP name: *MMC_FolderRedirection_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -3036,7 +3036,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *FrontPage Server Extensions*
- GP name: *Restrict_Run*
- GP name: *MMC_FrontPageExt*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -3113,7 +3113,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Group Policy Management*
- GP name: *Restrict_Run*
- GP name: *MMC_GroupPolicyManagementSnapIn*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy*
- GP ADMX file name: *MMCSnapins.admx*
@ -3190,7 +3190,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Group Policy Object Editor*
- GP name: *Restrict_Run*
- GP name: *MMC_GroupPolicySnapIn*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy*
- GP ADMX file name: *MMCSnapins.admx*
@ -3269,7 +3269,7 @@ When the Group Policy tab is inaccessible, it does not appear in the site, domai
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Group Policy tab for Active Directory Tools*
- GP name: *Restrict_Run*
- GP name: *MMC_GroupPolicyTab*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy*
- GP ADMX file name: *MMCSnapins.admx*
@ -3346,7 +3346,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Health Registration Authority (HRA)*
- GP name: *Restrict_Run*
- GP name: *MMC_HRA*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -3423,7 +3423,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Internet Authentication Service (IAS)*
- GP name: *Restrict_Run*
- GP name: *MMC_IAS*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -3500,7 +3500,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *IAS Logging*
- GP name: *Restrict_Run*
- GP name: *MMC_IASLogging*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -3577,7 +3577,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Internet Explorer Maintenance*
- GP name: *Restrict_Run*
- GP name: *MMC_IEMaintenance_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -3654,7 +3654,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Internet Explorer Maintenance*
- GP name: *Restrict_Run*
- GP name: *MMC_IEMaintenance_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -3731,7 +3731,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *IGMP Routing*
- GP name: *Restrict_Run*
- GP name: *MMC_IGMPRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -3808,7 +3808,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Internet Information Services*
- GP name: *Restrict_Run*
- GP name: *MMC_IIS*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -3885,7 +3885,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *IP Routing*
- GP name: *Restrict_Run*
- GP name: *MMC_IPRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -3962,7 +3962,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *IP Security Policy Management*
- GP name: *Restrict_Run*
- GP name: *MMC_IPSecManage_GP*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -4039,7 +4039,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *IPX RIP Routing*
- GP name: *Restrict_Run*
- GP name: *MMC_IPXRIPRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -4116,7 +4116,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *IPX Routing*
- GP name: *Restrict_Run*
- GP name: *MMC_IPXRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -4193,7 +4193,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *IPX SAP Routing*
- GP name: *Restrict_Run*
- GP name: *MMC_IPXSAPRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -4270,7 +4270,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Indexing Service*
- GP name: *Restrict_Run*
- GP name: *MMC_IndexingService*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -4347,7 +4347,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *IP Security Policy Management*
- GP name: *Restrict_Run*
- GP name: *MMC_IpSecManage*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -4424,7 +4424,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *IP Security Monitor*
- GP name: *Restrict_Run*
- GP name: *MMC_IpSecMonitor*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -4501,7 +4501,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Local Users and Groups*
- GP name: *Restrict_Run*
- GP name: *MMC_LocalUsersGroups*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -4578,7 +4578,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Logical and Mapped Drives*
- GP name: *Restrict_Run*
- GP name: *MMC_LogicalMappedDrives*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -4655,7 +4655,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Network Policy Server (NPS)*
- GP name: *Restrict_Run*
- GP name: *MMC_NPSUI*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -4732,7 +4732,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *NAP Client Configuration*
- GP name: *Restrict_Run*
- GP name: *MMC_NapSnap*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -4809,7 +4809,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *NAP Client Configuration*
- GP name: *Restrict_Run*
- GP name: *MMC_NapSnap_GP*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -4886,7 +4886,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *.Net Framework Configuration*
- GP name: *Restrict_Run*
- GP name: *MMC_Net_Framework*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -4963,7 +4963,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Online Responder*
- GP name: *Restrict_Run*
- GP name: *MMC_OCSP*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -5040,7 +5040,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *OSPF Routing*
- GP name: *Restrict_Run*
- GP name: *MMC_OSPFRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -5117,7 +5117,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Performance Logs and Alerts*
- GP name: *Restrict_Run*
- GP name: *MMC_PerfLogsAlerts*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -5194,7 +5194,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Public Key Policies*
- GP name: *Restrict_Run*
- GP name: *MMC_PublicKey*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -5271,7 +5271,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *QoS Admission Control*
- GP name: *Restrict_Run*
- GP name: *MMC_QoSAdmission*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -5348,7 +5348,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *RAS Dialin - User Node*
- GP name: *Restrict_Run*
- GP name: *MMC_RAS_DialinUser*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -5425,7 +5425,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *RIP Routing*
- GP name: *Restrict_Run*
- GP name: *MMC_RIPRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -5502,7 +5502,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Remote Installation Services*
- GP name: *Restrict_Run*
- GP name: *MMC_RIS*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -5579,7 +5579,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Routing and Remote Access*
- GP name: *Restrict_Run*
- GP name: *MMC_RRA*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -5656,7 +5656,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Removable Storage Management*
- GP name: *Restrict_Run*
- GP name: *MMC_RSM*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -5733,7 +5733,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Removable Storage*
- GP name: *Restrict_Run*
- GP name: *MMC_RemStore*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -5810,7 +5810,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Remote Access*
- GP name: *Restrict_Run*
- GP name: *MMC_RemoteAccess*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -5887,7 +5887,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Remote Desktops*
- GP name: *Restrict_Run*
- GP name: *MMC_RemoteDesktop*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -5964,7 +5964,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Resultant Set of Policy snap-in*
- GP name: *Restrict_Run*
- GP name: *MMC_ResultantSetOfPolicySnapIn*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy*
- GP ADMX file name: *MMCSnapins.admx*
@ -6041,7 +6041,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Routing*
- GP name: *Restrict_Run*
- GP name: *MMC_Routing*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -6118,7 +6118,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Security Configuration and Analysis*
- GP name: *Restrict_Run*
- GP name: *MMC_SCA*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -6195,7 +6195,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *SMTP Protocol*
- GP name: *Restrict_Run*
- GP name: *MMC_SMTPProtocol*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -6272,7 +6272,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *SNMP*
- GP name: *Restrict_Run*
- GP name: *MMC_SNMP*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -6349,7 +6349,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Scripts (Startup/Shutdown)*
- GP name: *Restrict_Run*
- GP name: *MMC_ScriptsMachine_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -6426,7 +6426,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Scripts (Startup/Shutdown)*
- GP name: *Restrict_Run*
- GP name: *MMC_ScriptsMachine_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -6503,7 +6503,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Scripts (Logon/Logoff)*
- GP name: *Restrict_Run*
- GP name: *MMC_ScriptsUser_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -6580,7 +6580,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Scripts (Logon/Logoff)*
- GP name: *Restrict_Run*
- GP name: *MMC_ScriptsUser_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -6657,7 +6657,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Security Settings*
- GP name: *Restrict_Run*
- GP name: *MMC_SecuritySettings_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -6734,7 +6734,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Security Settings*
- GP name: *Restrict_Run*
- GP name: *MMC_SecuritySettings_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -6811,7 +6811,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Security Templates*
- GP name: *Restrict_Run*
- GP name: *MMC_SecurityTemplates*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -6888,7 +6888,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Send Console Message*
- GP name: *Restrict_Run*
- GP name: *MMC_SendConsoleMessage*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -6965,7 +6965,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Server Manager*
- GP name: *Restrict_Run*
- GP name: *MMC_ServerManager*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -7042,7 +7042,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Service Dependencies*
- GP name: *Restrict_Run*
- GP name: *MMC_ServiceDependencies*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -7119,7 +7119,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Services*
- GP name: *Restrict_Run*
- GP name: *MMC_Services*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -7196,7 +7196,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Shared Folders*
- GP name: *Restrict_Run*
- GP name: *MMC_SharedFolders*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -7273,7 +7273,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Shared Folders Ext*
- GP name: *Restrict_Run*
- GP name: *MMC_SharedFolders_Ext*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -7350,7 +7350,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Software Installation (Computers)*
- GP name: *Restrict_Run*
- GP name: *MMC_SoftwareInstalationComputers_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -7427,7 +7427,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Software Installation (Computers)*
- GP name: *Restrict_Run*
- GP name: *MMC_SoftwareInstalationComputers_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -7504,7 +7504,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Software Installation (Users)*
- GP name: *Restrict_Run*
- GP name: *MMC_SoftwareInstallationUsers_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -7581,7 +7581,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Software Installation (Users)*
- GP name: *Restrict_Run*
- GP name: *MMC_SoftwareInstallationUsers_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -7658,7 +7658,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *System Information*
- GP name: *Restrict_Run*
- GP name: *MMC_SysInfo*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -7735,7 +7735,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *System Properties*
- GP name: *Restrict_Run*
- GP name: *MMC_SysProp*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -7812,7 +7812,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *TPM Management*
- GP name: *Restrict_Run*
- GP name: *MMC_TPMManagement*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -7889,7 +7889,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Telephony*
- GP name: *Restrict_Run*
- GP name: *MMC_Telephony*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -7966,7 +7966,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Remote Desktop Services Configuration*
- GP name: *Restrict_Run*
- GP name: *MMC_TerminalServices*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -8043,7 +8043,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *WMI Control*
- GP name: *Restrict_Run*
- GP name: *MMC_WMI*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -8120,7 +8120,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Windows Firewall with Advanced Security*
- GP name: *Restrict_Run*
- GP name: *MMC_WindowsFirewall*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -8197,7 +8197,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Windows Firewall with Advanced Security*
- GP name: *Restrict_Run*
- GP name: *MMC_WindowsFirewall_GP*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -8274,7 +8274,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Wired Network (IEEE 802.3) Policies*
- GP name: *Restrict_Run*
- GP name: *MMC_WiredNetworkPolicy*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -8351,7 +8351,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Wireless Monitor*
- GP name: *Restrict_Run*
- GP name: *MMC_WirelessMon*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -8428,7 +8428,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Wireless Network (IEEE 802.11) Policies*
- GP name: *Restrict_Run*
- GP name: *MMC_WirelessNetworkPolicy*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*

2
windows/client-management/mdm/policy-csp-admx-msapolicy.md
View File

@ -93,7 +93,7 @@ By default, this setting is Disabled. This setting does not affect whether users
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Block all consumer Microsoft account user authentication*
- GP name: *DisableUserAuth*
- GP name: *MicrosoftAccount_DisableUserAuth*
- GP path: *Windows Components\Microsoft account*
- GP ADMX file name: *MSAPolicy.admx*

8
windows/client-management/mdm/policy-csp-admx-nca.md
View File

@ -122,7 +122,7 @@ You must configure this setting to have complete NCA functionality.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Corporate Resources*
- GP name: *Probe*
- GP name: *CorporateResources*
- GP path: *Network\DirectAccess Client Experience Settings*
- GP ADMX file name: *nca.admx*
@ -187,7 +187,7 @@ Available in Windows 10 Insider Preview Build 20185. This policy setting specifi
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Custom Commands*
- GP name: *CustomCommand*
- GP name: *CustomCommands*
- GP path: *Network\DirectAccess Client Experience Settings*
- GP ADMX file name: *nca.admx*
@ -258,7 +258,7 @@ You must configure this setting to have complete NCA functionality.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *IPsec Tunnel Endpoints*
- GP name: *DTE*
- GP name: *DTEs*
- GP path: *Network\DirectAccess Client Experience Settings*
- GP ADMX file name: *nca.admx*
@ -401,7 +401,7 @@ If this setting is not configured, users do not have Connect or Disconnect optio
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Prefer Local Names Allowed*
- GP name: *NamePreferenceAllowed*
- GP name: *LocalNamesOn*
- GP path: *Network\DirectAccess Client Experience Settings*
- GP ADMX file name: *nca.admx*

14
windows/client-management/mdm/policy-csp-admx-ncsi.md
View File

@ -105,7 +105,7 @@ Available in Windows 10 Insider Preview Build 20185. This policy setting enable
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify corporate DNS probe host address*
- GP name: *DnsProbeContent*
- GP name: *NCSI_CorpDnsProbeContent*
- GP path: *Network\Network Connectivity Status Indicator*
- GP ADMX file name: *NCSI.admx*
@ -170,7 +170,7 @@ Available in Windows 10 Insider Preview Build 20185. This policy setting enables
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify corporate DNS probe host name*
- GP name: *DnsProbeHost*
- GP name: *NCSI_CorpDnsProbeHost*
- GP path: *Network\Network Connectivity Status Indicator*
- GP ADMX file name: *NCSI.admx*
@ -235,7 +235,7 @@ Available in Windows 10 Insider Preview Build 20185. This policy setting enables
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify corporate site prefix list*
- GP name: *SitePrefixes*
- GP name: *NCSI_CorpSitePrefixes*
- GP path: *Network\Network Connectivity Status Indicator*
- GP ADMX file name: *NCSI.admx*
@ -300,7 +300,7 @@ Available in Windows 10 Insider Preview Build 20185. This policy setting enables
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify corporate Website probe URL*
- GP name: *WebProbeUrl*
- GP name: *NCSI_CorpWebProbeUrl*
- GP path: *Network\Network Connectivity Status Indicator*
- GP ADMX file name: *NCSI.admx*
@ -368,7 +368,7 @@ Available in Windows 10 Insider Preview Build 20185. This policy setting enables
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify domain location determination URL*
- GP name: *DomainLocationDeterminationUrl*
- GP name: *NCSI_DomainLocationDeterminationUrl*
- GP path: *Network\Network Connectivity Status Indicator*
- GP ADMX file name: *NCSI.admx*
@ -433,7 +433,7 @@ Available in Windows 10 Insider Preview Build 20185. This policy setting enables
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify global DNS*
- GP name: *UseGlobalDns*
- GP name: *NCSI_GlobalDns*
- GP path: *Network\Network Connectivity Status Indicator*
- GP ADMX file name: *NCSI.admx*
@ -498,7 +498,7 @@ Available in Windows 10 Insider Preview Build 20185. This Policy setting enables
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify passive polling*
- GP name: *DisablePassivePolling*
- GP name: *NCSI_PassivePolling*
- GP path: *Network\Network Connectivity Status Indicator*
- GP ADMX file name: *NCSI.admx*

70
windows/client-management/mdm/policy-csp-admx-netlogon.md
View File

@ -201,7 +201,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify address lookup behavior for DC locator ping*
- GP name: *AddressLookupOnPingBehavior*
- GP name: *Netlogon_AddressLookupOnPingBehavior*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -274,7 +274,7 @@ If you do not configure this policy setting, DC Locator APIs can return IPv4/IPv
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Return domain controller address type*
- GP name: *AddressTypeReturned*
- GP name: *Netlogon_AddressTypeReturned*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -347,7 +347,7 @@ If you disable this policy setting, when the AllowSingleLabelDnsDomain policy is
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Use DNS name resolution when a single-label domain name is used, by appending different registered DNS suffixes, if the AllowSingleLabelDnsDomain setting is not enabled.*
- GP name: *AllowDnsSuffixSearch*
- GP name: *Netlogon_AllowDnsSuffixSearch*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -422,7 +422,7 @@ If you do not configure this policy setting, Net Logon will not allow the negoti
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Allow cryptography algorithms compatible with Windows NT 4.0*
- GP name: *AllowNT4Crypto*
- GP name: *Netlogon_AllowNT4Crypto*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -497,7 +497,7 @@ If you do not configure this policy setting, it is not applied to any computers,
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Use DNS name resolution with a single-label domain name instead of NetBIOS name resolution to locate the DC*
- GP name: *AllowSingleLabelDnsDomain*
- GP name: *Netlogon_AllowSingleLabelDnsDomain*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -570,7 +570,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Use automated site coverage by the DC Locator DNS SRV Records*
- GP name: *AutoSiteCoverage*
- GP name: *Netlogon_AutoSiteCoverage*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -646,7 +646,7 @@ If you disable this policy setting, the DC location algorithm can use NetBIOS-ba
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Do not use NetBIOS-based discovery for domain controller location when DNS-based discovery fails*
- GP name: *AvoidFallbackNetbiosDiscovery*
- GP name: *Netlogon_AvoidFallbackNetbiosDiscovery*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -721,7 +721,7 @@ If you do not configure this policy setting, it is not applied to any DCs.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Contact PDC on logon failure*
- GP name: *AvoidPdcOnWan*
- GP name: *Netlogon_AvoidPdcOnWan*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -799,7 +799,7 @@ If the value of this setting is less than the value specified in the NegativeCac
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Use initial DC discovery retry setting for background callers*
- GP name: *BackgroundRetryInitialPeriod*
- GP name: *Netlogon_BackgroundRetryInitialPeriod*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -879,7 +879,7 @@ If the value for this setting is too small and the DC is not available, the freq
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Use maximum DC discovery retry interval setting for background callers*
- GP name: *BackgroundRetryMaximumPeriod*
- GP name: *Netlogon_BackgroundRetryMaximumPeriod*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -951,7 +951,7 @@ The default value for this setting is to not quit retrying (0). The maximum valu
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Use final DC discovery retry setting for background callers*
- GP name: *BackgroundRetryQuitTime*
- GP name: *Netlogon_BackgroundRetryQuitTime*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -1018,7 +1018,7 @@ Available in Windows 10 Insider Preview Build 20185. This policy setting determi
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Use positive periodic DC cache refresh for background callers*
- GP name: *BackgroundSuccessfulRefreshPeriod*
- GP name: *Netlogon_BackgroundSuccessfulRefreshPeriod*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -1093,7 +1093,7 @@ If you disable this policy setting or do not configure it, the default behavior
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify log file debug output level*
- GP name: *dbFlag*
- GP name: *Netlogon_DebugFlag*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -1192,7 +1192,7 @@ If you do not configure this policy setting, DCs use their local configuration.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify DC Locator DNS records not registered by the DCs*
- GP name: *DnsAvoidRegisterRecords*
- GP name: *Netlogon_DnsAvoidRegisterRecords*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -1268,7 +1268,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify Refresh Interval of the DC Locator DNS records*
- GP name: *DnsRefreshInterval*
- GP name: *Netlogon_DnsRefreshInterval*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -1344,7 +1344,7 @@ A reboot is not required for changes to this setting to take effect.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Use lowercase DNS host names when registering domain controller SRV records*
- GP name: *DnsSrvRecordUseLowerCaseHostNames*
- GP name: *Netlogon_DnsSrvRecordUseLowerCaseHostNames*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -1414,7 +1414,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Set TTL in the DC Locator DNS Records*
- GP name: *DnsTtl*
- GP name: *Netlogon_DnsTtl*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -1485,7 +1485,7 @@ If you do not configure this policy setting, it is not applied to any computers,
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify expected dial-up delay on logon*
- GP name: *ExpectedDialupDelay*
- GP name: *Netlogon_ExpectedDialupDelay*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -1560,7 +1560,7 @@ If you do not configure this policy setting, Force Rediscovery will be used by d
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Force Rediscovery Interval*
- GP name: *ForceRediscoveryInterval*
- GP name: *Netlogon_ForceRediscoveryInterval*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -1633,7 +1633,7 @@ If you do not configure this policy setting, it is not applied to any GCs, and G
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify sites covered by the GC Locator DNS SRV Records*
- GP name: *GcSiteCoverage*
- GP name: *Netlogon_GcSiteCoverage*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -1709,7 +1709,7 @@ If you disable or do not configure this policy setting, this DC processes incomi
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names*
- GP name: *IgnoreIncomingMailslotMessages*
- GP name: *Netlogon_IgnoreIncomingMailslotMessages*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -1782,7 +1782,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Set Priority in the DC Locator DNS SRV records*
- GP name: *LdapSrvPriority*
- GP name: *Netlogon_LdapSrvPriority*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -1855,7 +1855,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Set Weight in the DC Locator DNS SRV records*
- GP name: *LdapSrvWeight*
- GP name: *Netlogon_LdapSrvWeight*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -1926,7 +1926,7 @@ If you disable or do not configure this policy setting, the default behavior occ
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify maximum log file size*
- GP name: *MaximumLogFileSize*
- GP name: *Netlogon_MaximumLogFileSize*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -1999,7 +1999,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify sites covered by the application directory partition DC Locator DNS SRV records*
- GP name: *NdncSiteCoverage*
- GP name: *Netlogon_NdncSiteCoverage*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -2071,7 +2071,7 @@ The default value for this setting is 45 seconds. The maximum value for this set
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify negative DC Discovery cache setting*
- GP name: *NegativeCachePeriod*
- GP name: *Netlogon_NegativeCachePeriod*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -2149,7 +2149,7 @@ If you enable this policy setting, domain administrators should ensure that the
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Set Netlogon share compatibility*
- GP name: *AllowExclusiveScriptsShareAccess*
- GP name: *Netlogon_NetlogonShareCompatibilityMode*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -2218,7 +2218,7 @@ The default value for this setting is 30 minutes (1800). The maximum value for t
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify positive periodic DC Cache refresh for non-background callers*
- GP name: *NonBackgroundSuccessfulRefreshPeriod*
- GP name: *Netlogon_NonBackgroundSuccessfulRefreshPeriod*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -2296,7 +2296,7 @@ If you do not configure this policy setting, it is not applied to any computers,
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Use urgent mode when pinging domain controllers*
- GP name: *PingUrgencyMode*
- GP name: *Netlogon_PingUrgencyMode*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -2373,7 +2373,7 @@ To enable the setting, click Enabled, and then specify the interval in seconds.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Set scavenge interval*
- GP name: *ScavengeInterval*
- GP name: *Netlogon_ScavengeInterval*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -2446,7 +2446,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify sites covered by the DC Locator DNS SRV records*
- GP name: *SiteCoverage*
- GP name: *Netlogon_SiteCoverage*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -2519,7 +2519,7 @@ If you do not configure this policy setting, it is not applied to any computers,
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify site name*
- GP name: *SiteName*
- GP name: *Netlogon_SiteName*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -2597,7 +2597,7 @@ If you enable this policy setting, domain administrators should ensure that the
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Set SYSVOL share compatibility*
- GP name: *AllowExclusiveSysvolShareAccess*
- GP name: *Netlogon_SysvolShareCompatibilityMode*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -2672,7 +2672,7 @@ If you do not configure this policy setting, Try Next Closest Site DC Location w
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Try Next Closest Site*
- GP name: *TryNextClosestSite*
- GP name: *Netlogon_TryNextClosestSite*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -2745,7 +2745,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify dynamic registration of the DC Locator DNS Records*
- GP name: *UseDynamicDns*
- GP name: *Netlogon_UseDynamicDns*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*

94
windows/client-management/mdm/policy-csp-admx-offlinefiles.md
View File

@ -228,7 +228,7 @@ If you disable this setting or do not configure it, the system asks users whethe
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Subfolders always available offline*
- GP name: *AlwaysPinSubFolders*
- GP name: *Pol_AlwaysPinSubFolders*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -302,7 +302,7 @@ If you do not configure this policy setting, no files or folders are made availa
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify administratively assigned Offline Files*
- GP name: *AssignedOfflineFolders*
- GP name: *Pol_AssignedOfflineFiles_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -376,7 +376,7 @@ If you do not configure this policy setting, no files or folders are made availa
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify administratively assigned Offline Files*
- GP name: *AssignedOfflineFolders*
- GP name: *Pol_AssignedOfflineFiles_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -447,7 +447,7 @@ If you disable or do not configure this policy setting, Windows performs a backg
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Configure Background Sync*
- GP name: *BackgroundSyncEnabled*
- GP name: *Pol_BackgroundSyncSettings*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -528,7 +528,7 @@ This setting replaces the Default Cache Size setting used by pre-Windows Vista s
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Limit disk space used by Offline Files*
- GP name: *CacheQuotaLimitUnpinned*
- GP name: *Pol_CacheSize*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -612,7 +612,7 @@ Also, see the "Non-default server disconnect actions" setting.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Action on server disconnect*
- GP name: *GoOfflineAction*
- GP name: *Pol_CustomGoOfflineActions_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -696,7 +696,7 @@ Also, see the "Non-default server disconnect actions" setting.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Action on server disconnect*
- GP name: *GoOfflineAction*
- GP name: *Pol_CustomGoOfflineActions_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -776,7 +776,7 @@ If you do not configure this setting, disk space for automatically cached files
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Default cache size*
- GP name: *DefCacheSize*
- GP name: *Pol_DefCacheSize*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -850,7 +850,7 @@ If you do not configure this policy setting, Offline Files is enabled on Windows
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Allow or Disallow use of the Offline Files feature*
- GP name: *Enabled*
- GP name: *Pol_Enabled*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -927,7 +927,7 @@ This setting is applied at user logon. If this setting is changed after user log
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Encrypt the Offline Files cache*
- GP name: *EncryptCache*
- GP name: *Pol_EncryptOfflineFiles*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -1007,7 +1007,7 @@ To use this setting, in the "Enter" box, select the number corresponding to the
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Event logging level*
- GP name: *EventLoggingLevel*
- GP name: *Pol_EventLoggingLevel_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -1087,7 +1087,7 @@ To use this setting, in the "Enter" box, select the number corresponding to the
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Event logging level*
- GP name: *EventLoggingLevel*
- GP name: *Pol_EventLoggingLevel_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -1156,7 +1156,7 @@ If you disable or do not configure this policy setting, a user can create a file
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Enable file screens*
- GP name: *ExcludedFileTypes*
- GP name: *Pol_ExclusionListSettings*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -1230,7 +1230,7 @@ To use this setting, type the file name extension in the "Extensions" box. To ty
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Files not cached*
- GP name: *ExcludeExtensions*
- GP name: *Pol_ExtExclusionList*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -1314,7 +1314,7 @@ Also, see the "Non-default server disconnect actions" setting.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Action on server disconnect*
- GP name: *GoOfflineAction*
- GP name: *Pol_GoOfflineAction_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -1398,7 +1398,7 @@ Also, see the "Non-default server disconnect actions" setting.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Action on server disconnect*
- GP name: *GoOfflineAction*
- GP name: *Pol_GoOfflineAction_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -1472,7 +1472,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Prevent use of Offline Files folder*
- GP name: *NoCacheViewer*
- GP name: *Pol_NoCacheViewer_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -1546,7 +1546,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Prevent use of Offline Files folder*
- GP name: *NoCacheViewer*
- GP name: *Pol_NoCacheViewer_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -1620,7 +1620,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Prohibit user configuration of Offline Files*
- GP name: *NoConfigCache*
- GP name: *Pol_NoConfigCache_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -1694,7 +1694,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Prohibit user configuration of Offline Files*
- GP name: *NoConfigCache*
- GP name: *Pol_NoConfigCache_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -1767,7 +1767,7 @@ If you disable or do not configure this policy setting, users can manually speci
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Remove "Make Available Offline" command*
- GP name: *NoMakeAvailableOffline*
- GP name: *Pol_NoMakeAvailableOffline_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -1840,7 +1840,7 @@ If you disable or do not configure this policy setting, users can manually speci
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Remove "Make Available Offline" command*
- GP name: *NoMakeAvailableOffline*
- GP name: *Pol_NoMakeAvailableOffline_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -1917,7 +1917,7 @@ If you do not configure this policy setting, the "Make Available Offline" comman
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Remove "Make Available Offline" for these files and folders*
- GP name: *NoMakeAvailableOfflineList*
- GP name: *Pol_NoPinFiles_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -1994,7 +1994,7 @@ If you do not configure this policy setting, the "Make Available Offline" comman
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Remove "Make Available Offline" for these files and folders*
- GP name: *NoMakeAvailableOfflineList*
- GP name: *Pol_NoPinFiles_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -2074,7 +2074,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn off reminder balloons*
- GP name: *NoReminders*
- GP name: *Pol_NoReminders_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -2154,7 +2154,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn off reminder balloons*
- GP name: *NoReminders*
- GP name: *Pol_NoReminders_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -2227,7 +2227,7 @@ If you disable or do not configure this policy setting, remote files will be not
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Enable Transparent Caching*
- GP name: *OnlineCachingLatencyThreshold*
- GP name: *Pol_OnlineCachingSettings*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -2298,7 +2298,7 @@ If you disable this setting or do not configure it, the system asks users whethe
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Subfolders always available offline*
- GP name: *AlwaysPinSubFolders*
- GP name: *Pol_AlwaysPinSubFolders*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -2370,7 +2370,7 @@ If you disable this setting or do not configure it, automatically and manually c
<!--ADMXBacked-->
ADMX Info:
- GP English name: *At logoff, delete local copy of users offline files*
- GP name: *PurgeOnlyAutoCacheAtLogoff*
- GP name: *Pol_PurgeAtLogoff*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -2439,7 +2439,7 @@ If you disable this policy setting, all administratively assigned folders are sy
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn on economical application of administratively assigned Offline Files*
- GP name: *EconomicalAdminPinning*
- GP name: *Pol_QuickAdimPin*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -2513,7 +2513,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Reminder balloon frequency*
- GP name: *ReminderFreqMinutes*
- GP name: *Pol_ReminderFreq_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -2587,7 +2587,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Reminder balloon frequency*
- GP name: *ReminderFreqMinutes*
- GP name: *Pol_ReminderFreq_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -2656,7 +2656,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Initial reminder balloon lifetime*
- GP name: *InitialBalloonTimeoutSeconds*
- GP name: *Pol_ReminderInitTimeout_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -2725,7 +2725,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Initial reminder balloon lifetime*
- GP name: *InitialBalloonTimeoutSeconds*
- GP name: *Pol_ReminderInitTimeout_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -2794,7 +2794,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Reminder balloon lifetime*
- GP name: *ReminderBalloonTimeoutSeconds*
- GP name: *Pol_ReminderTimeout_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -2863,7 +2863,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Reminder balloon lifetime*
- GP name: *ReminderBalloonTimeoutSeconds*
- GP name: *Pol_ReminderTimeout_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -2942,7 +2942,7 @@ If you disable this policy setting, computers will not use the slow-link mode.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Configure slow-link mode*
- GP name: *SlowLinkEnabled*
- GP name: *Pol_SlowLinkSettings*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -3016,7 +3016,7 @@ If this setting is disabled or not configured, the default threshold value of 64
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Configure Slow link speed*
- GP name: *SlowLinkSpeed*
- GP name: *Pol_SlowLinkSpeed*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -3094,7 +3094,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Synchronize all offline files before logging off*
- GP name: *SyncAtLogoff*
- GP name: *Pol_SyncAtLogoff_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -3172,7 +3172,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Synchronize all offline files before logging off*
- GP name: *SyncAtLogoff*
- GP name: *Pol_SyncAtLogoff_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -3250,7 +3250,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Synchronize all offline files when logging on*
- GP name: *SyncAtLogon*
- GP name: *Pol_SyncAtLogon_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -3330,7 +3330,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Synchronize all offline files when logging on*
- GP name: *SyncAtLogon*
- GP name: *Pol_SyncAtLogon_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -3402,7 +3402,7 @@ If you disable or do not configuring this setting, files are not synchronized wh
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Synchronize offline files before suspend*
- GP name: *SyncAtSuspend*
- GP name: *Pol_SyncAtSuspend_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -3474,7 +3474,7 @@ If you disable or do not configuring this setting, files are not synchronized wh
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Synchronize offline files before suspend*
- GP name: *SyncAtSuspend*
- GP name: *Pol_SyncAtSuspend_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -3543,7 +3543,7 @@ If this setting is disabled or not configured, synchronization will not run in t
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Enable file synchronization on costed networks*
- GP name: *SyncEnabledForCostedNetwork*
- GP name: *Pol_SyncOnCostedNetwork*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -3612,7 +3612,7 @@ If you disable or do not configure this policy setting, the "Work offline" comma
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Remove "Work offline" command*
- GP name: *WorkOfflineDisabled*
- GP name: *Pol_WorkOfflineDisabled_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -3681,7 +3681,7 @@ If you disable or do not configure this policy setting, the "Work offline" comma
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Remove "Work offline" command*
- GP name: *WorkOfflineDisabled*
- GP name: *Pol_WorkOfflineDisabled_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*

18
windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
View File

@ -125,7 +125,7 @@ Select one of the following:
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn on BranchCache*
- GP name: *Enable*
- GP name: *EnableWindowsBranchCache*
- GP path: *Network\BranchCache*
- GP ADMX file name: *PeerToPeerCaching.admx*
@ -203,7 +203,7 @@ Select one of the following:
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Set BranchCache Distributed Cache mode*
- GP name: *Enable*
- GP name: *EnableWindowsBranchCache_Distributed*
- GP path: *Network\BranchCache*
- GP ADMX file name: *PeerToPeerCaching.admx*
@ -287,7 +287,7 @@ Hosted cache clients must trust the server certificate that is issued to the hos
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Set BranchCache Hosted Cache mode*
- GP name: *Location*
- GP name: *EnableWindowsBranchCache_Hosted*
- GP path: *Network\BranchCache*
- GP ADMX file name: *PeerToPeerCaching.admx*
@ -374,7 +374,7 @@ Select one of the following:
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Enable Automatic Hosted Cache Discovery by Service Connection Point*
- GP name: *SCPDiscoveryEnabled*
- GP name: *EnableWindowsBranchCache_HostedCacheDiscovery*
- GP path: *Network\BranchCache*
- GP ADMX file name: *PeerToPeerCaching.admx*
@ -457,7 +457,7 @@ In circumstances where this setting is enabled, you can also select and configur
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Configure Hosted Cache Servers*
- GP name: *MultipleServers*
- GP name: *EnableWindowsBranchCache_HostedMultipleServers*
- GP path: *Network\BranchCache*
- GP ADMX file name: *PeerToPeerCaching.admx*
@ -534,7 +534,7 @@ In circumstances where this policy setting is enabled, you can also select and c
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Configure BranchCache for network files*
- GP name: *PeerCachingLatencyThreshold*
- GP name: *EnableWindowsBranchCache_SMB*
- GP path: *Network\BranchCache*
- GP ADMX file name: *PeerToPeerCaching.admx*
@ -618,7 +618,7 @@ In circumstances where this setting is enabled, you can also select and configur
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Set percentage of disk space used for client computer cache*
- GP name: *SizePercent*
- GP name: *SetCachePercent*
- GP path: *Network\BranchCache*
- GP ADMX file name: *PeerToPeerCaching.admx*
@ -699,7 +699,7 @@ In circumstances where this setting is enabled, you can also select and configur
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Set age for segments in the data cache*
- GP name: *SegmentTTL*
- GP name: *SetDataCacheEntryMaxAge*
- GP path: *Network\BranchCache*
- GP ADMX file name: *PeerToPeerCaching.admx*
@ -783,7 +783,7 @@ Select from the following versions
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Configure Client BranchCache Version Support*
- GP name: *PreferredContentInformationVersion*
- GP name: *SetDowngrading*
- GP path: *Network\BranchCache*
- GP ADMX file name: *PeerToPeerCaching.admx*

8
windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
View File

@ -108,7 +108,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Configure Scenario Execution Level*
- GP name: *ScenarioExecutionEnabled*
- GP name: *WdiScenarioExecutionPolicy_1*
- GP path: *System\Troubleshooting and Diagnostics\Windows Boot Performance Diagnostics*
- GP ADMX file name: *PerformanceDiagnostics.admx*
@ -185,7 +185,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Configure Scenario Execution Level*
- GP name: *ScenarioExecutionEnabled*
- GP name: *WdiScenarioExecutionPolicy_2*
- GP path: *System\Troubleshooting and Diagnostics\Windows System Responsiveness Performance Diagnostics*
- GP ADMX file name: *PerformanceDiagnostics.admx*
@ -262,7 +262,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Configure Scenario Execution Level*
- GP name: *ScenarioExecutionEnabled*
- GP name: *WdiScenarioExecutionPolicy_3*
- GP path: *System\Troubleshooting and Diagnostics\Windows Shutdown Performance Diagnostics*
- GP ADMX file name: *PerformanceDiagnostics.admx*
@ -339,7 +339,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Configure Scenario Execution Level*
- GP name: *ScenarioExecutionEnabled*
- GP name: *WdiScenarioExecutionPolicy_4*
- GP path: *System\Troubleshooting and Diagnostics\Windows Standby/Resume Performance Diagnostics*
- GP ADMX file name: *PerformanceDiagnostics.admx*

8
windows/client-management/mdm/policy-csp-admx-reliability.md
View File

@ -105,7 +105,7 @@ If you do not configure this policy setting, the Persistent System Timestamp is
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Enable Persistent Time Stamp*
- GP name: *TimeStampEnabled*
- GP name: *EE_EnablePersistentTimeStamp*
- GP path: *System*
- GP ADMX file name: *Reliability.admx*
@ -180,7 +180,7 @@ Also see the "Configure Error Reporting" policy setting.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Report unplanned shutdown events*
- GP name: *IncludeShutdownErrs*
- GP name: *PCH_ReportShutdownEvents*
- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
- GP ADMX file name: *Reliability.admx*
@ -258,7 +258,7 @@ If you do not configure this policy setting, the default behavior for the System
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Activate Shutdown Event Tracker System State Data feature*
- GP name: *SnapShot*
- GP name: *ShutdownEventTrackerStateFile*
- GP path: *System*
- GP ADMX file name: *Reliability.admx*
@ -338,7 +338,7 @@ If you do not configure this policy setting, the default behavior for the Shutdo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Display Shutdown Event Tracker*
- GP name: *ShutdownReasonOn*
- GP name: *ShutdownReason*
- GP path: *System*
- GP ADMX file name: *Reliability.admx*

24
windows/client-management/mdm/policy-csp-admx-scripts.md
View File

@ -124,7 +124,7 @@ If you disable or do not configure this policy setting, user account cross-fores
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Allow logon scripts when NetBIOS or WINS is disabled*
- GP name: *Allow-LogonScript-NetbiosDisabled*
- GP name: *Allow_Logon_Script_NetbiosDisabled*
- GP path: *System\Scripts*
- GP ADMX file name: *Scripts.admx*
@ -199,7 +199,7 @@ If you disable or do not configure this setting the system lets the combined set
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify maximum wait time for Group Policy scripts*
- GP name: *MaxGPOScriptWait*
- GP name: *MaxGPOScriptWaitPolicy*
- GP path: *System\Scripts*
- GP ADMX file name: *Scripts.admx*
@ -291,7 +291,7 @@ Within GPO C: C.cmd, C.ps1
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Run Windows PowerShell scripts first at computer startup, shutdown*
- GP name: *RunComputerPSScriptsFirst*
- GP name: *Run_Computer_PS_Scripts_First*
- GP path: *System\Scripts*
- GP ADMX file name: *Scripts.admx*
@ -364,7 +364,7 @@ Also, see the "Run Logon Scripts Visible" setting.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Run legacy logon scripts hidden*
- GP name: *HideLegacyLogonScripts*
- GP name: *Run_Legacy_Logon_Script_Hidden*
- GP path: *System\Scripts*
- GP ADMX file name: *Scripts.admx*
@ -435,7 +435,7 @@ If you disable or do not configure this policy setting, the instructions are sup
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Display instructions in logoff scripts as they run*
- GP name: *HideLogoffScripts*
- GP name: *Run_Logoff_Script_Visible*
- GP path: *System\Scripts*
- GP ADMX file name: *Scripts.admx*
@ -506,7 +506,7 @@ This policy setting appears in the Computer Configuration and User Configuration
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Run logon scripts synchronously*
- GP name: *RunLogonScriptSync*
- GP name: *Run_Logon_Script_Sync_1*
- GP path: *System\Scripts*
- GP ADMX file name: *Scripts.admx*
@ -577,7 +577,7 @@ This policy setting appears in the Computer Configuration and User Configuration
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Run logon scripts synchronously*
- GP name: *RunLogonScriptSync*
- GP name: *Run_Logon_Script_Sync_2*
- GP path: *System\Scripts*
- GP ADMX file name: *Scripts.admx*
@ -648,7 +648,7 @@ If you disable or do not configure this policy setting, the instructions are sup
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Display instructions in logon scripts as they run*
- GP name: *HideLogonScripts*
- GP name: *Run_Logon_Script_Visible*
- GP path: *System\Scripts*
- GP ADMX file name: *Scripts.admx*
@ -719,7 +719,7 @@ If you disable or do not configure this policy setting, the instructions are sup
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Display instructions in shutdown scripts as they run*
- GP name: *HideShutdownScripts*
- GP name: *Run_Shutdown_Script_Visible*
- GP path: *System\Scripts*
- GP ADMX file name: *Scripts.admx*
@ -793,7 +793,7 @@ If you disable or do not configure this policy setting, a startup cannot run unt
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Run startup scripts asynchronously*
- GP name: *RunStartupScriptSync*
- GP name: *Run_Startup_Script_Sync*
- GP path: *System\Scripts*
- GP ADMX file name: *Scripts.admx*
@ -867,7 +867,7 @@ If you disable or do not configure this policy setting, the instructions are sup
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Display instructions in startup scripts as they run*
- GP name: *HideStartupScripts*
- GP name: *Run_Startup_Script_Visible*
- GP path: *System\Scripts*
- GP ADMX file name: *Scripts.admx*
@ -962,7 +962,7 @@ This policy setting appears in the Computer Configuration and User Configuration
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Run Windows PowerShell scripts first at user logon, logoff*
- GP name: *RunUserPSScriptsFirst*
- GP name: *Run_User_PS_Scripts_First*
- GP path: *System\Scripts*
- GP ADMX file name: *Scripts.admx*

6
windows/client-management/mdm/policy-csp-admx-sdiageng.md
View File

@ -97,7 +97,7 @@ If you disable this policy setting, users can only access and search troubleshoo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS)*
- GP name: *EnableQueryRemoteServer*
- GP name: *BetterWhenConnected*
- GP path: *System\Troubleshooting and Diagnostics\Scripted Diagnostics*
- GP ADMX file name: *sdiageng.admx*
@ -168,7 +168,7 @@ Note that this setting also controls a user's ability to launch standalone troub
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Troubleshooting: Allow users to access and run Troubleshooting Wizards*
- GP name: *EnableDiagnostics*
- GP name: *ScriptedDiagnosticsExecutionPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Scripted Diagnostics*
- GP ADMX file name: *sdiageng.admx*
@ -237,7 +237,7 @@ If you disable or do not configure this policy setting, the scripted diagnostics
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Configure Security Policy for Scripted Diagnostics*
- GP name: *ValidateTrust*
- GP name: *ScriptedDiagnosticsSecurityPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Scripted Diagnostics*
- GP ADMX file name: *sdiageng.admx*

2
windows/client-management/mdm/policy-csp-admx-securitycenter.md
View File

@ -103,7 +103,7 @@ In Windows Vista, this policy setting monitors essential security settings to in
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn on Security Center (Domain PCs only)*
- GP name: *SecurityCenterInDomain*
- GP name: *SecurityCenter_SecurityCenterInDomain*
- GP path: *Windows Components\Security Center*
- GP ADMX file name: *Securitycenter.admx*

2
windows/client-management/mdm/policy-csp-admx-servicing.md
View File

@ -93,7 +93,7 @@ If you disable or do not configure this policy setting, or if the required files
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify settings for optional component installation and component repair*
- GP name: *RepairContentServerSource*
- GP name: *Servicing*
- GP path: *System*
- GP ADMX file name: *Servicing.admx*

6
windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
View File

@ -174,7 +174,7 @@ To prevent users from using other administrative tools, use the "Run only specif
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Prevent access to registry editing tools*
- GP name: *DisableRegistryTools*
- GP name: *DisableRegedit*
- GP path: *System*
- GP ADMX file name: *Shell-CommandPrompt-RegEditTools.admx*
@ -250,7 +250,7 @@ This policy setting only prevents users from running programs that are started b
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Don't run specified Windows applications*
- GP name: *DisallowRun*
- GP name: *DisallowApps*
- GP path: *System*
- GP ADMX file name: *Shell-CommandPrompt-RegEditTools.admx*
@ -325,7 +325,7 @@ This policy setting only prevents users from running programs that are started b
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Run only specified Windows applications*
- GP name: *RestrictRun*
- GP name: *RestrictApps*
- GP path: *System*
- GP ADMX file name: *Shell-CommandPrompt-RegEditTools.admx*

1229
windows/client-management/mdm/policy-csp-admx-smartcard.md Normal file
View File

File diff suppressed because it is too large Load Diff

290
windows/client-management/mdm/policy-csp-admx-snmp.md Normal file
View File

@ -0,0 +1,290 @@
---
title: Policy CSP - ADMX_Snmp
description: Policy CSP - ADMX_Snmp
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 09/24/2020
ms.reviewer:
manager: dansimp
---
# Policy CSP - ADMX_Snmp
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## ADMX_Snmp policies
<dl>
<dd>
<a href="#admx-snmp-snmp-communities">ADMX_Snmp/SNMP_Communities</a>
</dd>
<dd>
<a href="#admx-snmp-snmp-permittedmanagers">ADMX_Snmp/SNMP_PermittedManagers</a>
</dd>
<dd>
<a href="#admx-snmp-snmp-traps-public">ADMX_Snmp/SNMP_Traps_Public</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="admx-snmp-snmp-communities"></a>**ADMX_Snmp/SNMP_Communities**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service.
SNMP is a protocol designed to give a user the capability to remotely manage a computer network, by polling and setting terminal values and monitoring network events.
A valid community is a community recognized by the SNMP service, while a community is a group of hosts (servers, workstations, hubs, and routers) that are administered together by SNMP. The SNMP service is a managed network node that receives SNMP packets from the network.
If you enable this policy setting, the SNMP agent only accepts requests from management systems within the communities it recognizes, and only SNMP Read operation is allowed for the community.
If you disable or do not configure this policy setting, the SNMP service takes the Valid Communities configured on the local computer instead.
Best practice: For security purposes, it is recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\ValidCommunities key to allow only the local admin group full control.
> [!NOTE]
> - It is good practice to use a cryptic community name.
> - This policy setting has no effect if the SNMP agent is not installed on the client computer.
Also, see the other two SNMP settings: "Specify permitted managers" and "Specify trap configuration".
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify communities*
- GP name: *SNMP_Communities*
- GP path: *Network\SNMP*
- GP ADMX file name: *Snmp.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-snmp-snmp-permittedmanagers"></a>**ADMX_Snmp/SNMP_PermittedManagers**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer.
Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.
The manager is located on the host computer on the network. The manager's role is to poll the agents for certain requested information.
If you enable this policy setting, the SNMP agent only accepts requests from the list of permitted managers that you configure using this setting.
If you disable or do not configure this policy setting, SNMP service takes the permitted managers configured on the local computer instead.
Best practice: For security purposes, it is recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\PermittedManagers key to allow only the local admin group full control.
> [!NOTE]
> This policy setting has no effect if the SNMP agent is not installed on the client computer.
Also, see the other two SNMP policy settings: "Specify trap configuration" and "Specify Community Name".
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify permitted managers*
- GP name: *SNMP_PermittedManagers*
- GP path: *Network\SNMP*
- GP ADMX file name: *Snmp.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-snmp-snmp-traps-public"></a>**ADMX_Snmp/SNMP_Traps_Public**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent.
Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.
This policy setting allows you to configure the name of the hosts that receive trap messages for the community sent by the SNMP service. A trap message is an alert or significant event that allows the SNMP agent to notify management systems asynchronously.
If you enable this policy setting, the SNMP service sends trap messages to the hosts within the "public" community.
If you disable or do not configure this policy setting, the SNMP service takes the trap configuration configured on the local computer instead.
> [!NOTE]
> This setting has no effect if the SNMP agent is not installed on the client computer.
Also, see the other two SNMP settings: "Specify permitted managers" and "Specify Community Name".
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify traps for public community*
- GP name: *SNMP_Traps_Public*
- GP path: *Network\SNMP*
- GP ADMX file name: *Snmp.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
<!--/Policies-->

1011
windows/client-management/mdm/policy-csp-admx-tcpip.md Normal file
View File

File diff suppressed because it is too large Load Diff

264
windows/client-management/mdm/policy-csp-admx-thumbnails.md Normal file
View File

@ -0,0 +1,264 @@
---
title: Policy CSP - ADMX_Thumbnails
description: Policy CSP - ADMX_Thumbnails
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 09/25/2020
ms.reviewer:
manager: dansimp
---
# Policy CSP - ADMX_Thumbnails
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## ADMX_Thumbnails policies
<dl>
<dd>
<a href="#admx-thumbnails-disablethumbnails">ADMX_Thumbnails/DisableThumbnails</a>
</dd>
<dd>
<a href="#admx-thumbnails-disablethumbnailsonnetworkfolders">ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders</a>
</dd>
<dd>
<a href="#admx-thumbnails-disablethumbsdbonnetworkfolders">ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="admx-thumbnails-disablethumbnails"></a>**ADMX_Thumbnails/DisableThumbnails**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * User
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure how File Explorer displays thumbnail images or icons on the local computer.
File Explorer displays thumbnail images by default.
If you enable this policy setting, File Explorer displays only icons and never displays thumbnail images.
If you disable or do not configure this policy setting, File Explorer displays only thumbnail images.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn off the display of thumbnails and only display icons.*
- GP name: *DisableThumbnails*
- GP path: *Windows Components\File Explorer*
- GP ADMX file name: *Thumbnails.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-thumbnails-disablethumbnailsonnetworkfolders"></a>**ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * User
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure how File Explorer displays thumbnail images or icons on network folders.
File Explorer displays thumbnail images on network folders by default.
If you enable this policy setting, File Explorer displays only icons and never displays thumbnail images on network folders.
If you disable or do not configure this policy setting, File Explorer displays only thumbnail images on network folders.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn off the display of thumbnails and only display icons on network folders*
- GP name: *DisableThumbnailsOnNetworkFolders*
- GP path: *Windows Components\File Explorer*
- GP ADMX file name: *Thumbnails.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-thumbnails-disablethumbsdbonnetworkfolders"></a>**ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * User
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. Turns off the caching of thumbnails in hidden thumbs.db files.
This policy setting allows you to configure File Explorer to cache thumbnails of items residing in network folders in hidden thumbs.db files.
If you enable this policy setting, File Explorer does not create, read from, or write to thumbs.db files.
If you disable or do not configure this policy setting, File Explorer creates, reads from, and writes to thumbs.db files.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn off the caching of thumbnails in hidden thumbs.db files*
- GP name: *DisableThumbsDBOnNetworkFolders*
- GP path: *Windows Components\File Explorer*
- GP ADMX file name: *Thumbnails.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
<!--/Policies-->

803
windows/client-management/mdm/policy-csp-admx-tpm.md Normal file
View File

@ -0,0 +1,803 @@
---
title: Policy CSP - ADMX_TPM
description: Policy CSP - ADMX_TPM
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 09/25/2020
ms.reviewer:
manager: dansimp
---
# Policy CSP - ADMX_TPM
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## ADMX_TPM policies
<dl>
<dd>
<a href="#admx-tpm-blockedcommandslist-name">ADMX_TPM/BlockedCommandsList_Name</a>
</dd>
<dd>
<a href="#admx-tpm-cleartpmifnotready-name">ADMX_TPM/ClearTPMIfNotReady_Name</a>
</dd>
<dd>
<a href="#admx-tpm-ignoredefaultlist-name">ADMX_TPM/IgnoreDefaultList_Name</a>
</dd>
<dd>
<a href="#admx-tpm-ignorelocallist-name">ADMX_TPM/IgnoreLocalList_Name</a>
</dd>
<dd>
<a href="#admx-tpm-osmanagedauth-name">ADMX_TPM/OSManagedAuth_Name</a>
</dd>
<dd>
<a href="#admx-tpm-optintodsha-name">ADMX_TPM/OptIntoDSHA_Name</a>
</dd>
<dd>
<a href="#admx-tpm-standarduserauthorizationfailureduration-name">ADMX_TPM/StandardUserAuthorizationFailureDuration_Name</a>
</dd>
<dd>
<a href="#admx-tpm-standarduserauthorizationfailureindividualthreshold-name">ADMX_TPM/StandardUserAuthorizationFailureIndividualThreshold_Name</a>
</dd>
<dd>
<a href="#admx-tpm-standarduserauthorizationfailuretotalthreshold-name">ADMX_TPM/StandardUserAuthorizationFailureTotalThreshold_Name</a>
</dd>
<dd>
<a href="#admx-tpm-uselegacydap-name">ADMX_TPM/UseLegacyDAP_Name</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="admx-tpm-blockedcommandslist-name"></a>**ADMX_TPM/BlockedCommandsList_Name**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the Group Policy list of Trusted Platform Module (TPM) commands blocked by Windows.
If you enable this policy setting, Windows will block the specified commands from being sent to the TPM on the computer. TPM commands are referenced by a command number. For example, command number 129 is TPM_OwnerReadInternalPub, and command number 170 is TPM_FieldUpgrade. To find the command number associated with each TPM command with TPM 1.2, run "tpm.msc" and navigate to the "Command Management" section.
If you disable or do not configure this policy setting, only those TPM commands specified through the default or local lists may be blocked by Windows. The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. See related policy settings to enforce or ignore the default and local lists of blocked TPM commands.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Configure the list of blocked TPM commands*
- GP name: *BlockedCommandsList_Name*
- GP path: *System\Trusted Platform Module Services*
- GP ADMX file name: *TPM.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-tpm-cleartpmifnotready-name"></a>**ADMX_TPM/ClearTPMIfNotReady_Name**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting configures the system to prompt the user to clear the TPM if the TPM is detected to be in any state other than Ready. This policy will take effect only if the systems TPM is in a state other than Ready, including if the TPM is “Ready, with reduced functionality”. The prompt to clear the TPM will start occurring after the next reboot, upon user login only if the logged in user is part of the Administrators group for the system. The prompt can be dismissed, but will reappear after every reboot and login until the policy is disabled or until the TPM is in a Ready state.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Configure the system to clear the TPM if it is not in a ready state.*
- GP name: *ClearTPMIfNotReady_Name*
- GP path: *System\Trusted Platform Module Services*
- GP ADMX file name: *TPM.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-tpm-ignoredefaultlist-name"></a>**ADMX_TPM/IgnoreDefaultList_Name**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) commands.
If you enable this policy setting, Windows will ignore the computer's default list of blocked TPM commands and will only block those TPM commands specified by Group Policy or the local list.
The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. See the related policy setting to configure the Group Policy list of blocked TPM commands.
If you disable or do not configure this policy setting, Windows will block the TPM commands in the default list, in addition to commands in the Group Policy and local lists of blocked TPM commands.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Ignore the default list of blocked TPM commands*
- GP name: *IgnoreDefaultList_Name*
- GP path: *System\Trusted Platform Module Services*
- GP ADMX file name: *TPM.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-tpm-ignorelocallist-name"></a>**ADMX_TPM/IgnoreLocalList_Name**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) commands.
If you enable this policy setting, Windows will ignore the computer's local list of blocked TPM commands and will only block those TPM commands specified by Group Policy or the default list.
The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. The default list of blocked TPM commands is pre-configured by Windows. See the related policy setting to configure the Group Policy list of blocked TPM commands.
If you disable or do not configure this policy setting, Windows will block the TPM commands found in the local list, in addition to commands in the Group Policy and default lists of blocked TPM commands.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Ignore the local list of blocked TPM commands*
- GP name: *IgnoreLocalList_Name*
- GP path: *System\Trusted Platform Module Services*
- GP ADMX file name: *TPM.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-tpm-osmanagedauth-name"></a>**ADMX_TPM/OSManagedAuth_Name**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting configures how much of the TPM owner authorization information is stored in the registry of the local computer. Depending on the amount of TPM owner authorization information stored locally, the operating system and TPM-based applications can perform certain TPM actions which require TPM owner authorization without requiring the user to enter the TPM owner password.
You can choose to have the operating system store either the full TPM owner authorization value, the TPM administrative delegation blob plus the TPM user delegation blob, or none.
If you enable this policy setting, Windows will store the TPM owner authorization in the registry of the local computer according to the operating system managed TPM authentication setting you choose.
Choose the operating system managed TPM authentication setting of "Full" to store the full TPM owner authorization, the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting allows use of the TPM without requiring remote or external storage of the TPM owner authorization value. This setting is appropriate for scenarios which do not depend on preventing reset of the TPM anti-hammering logic or changing the TPM owner authorization value. Some TPM-based applications may require this setting be changed before features which depend on the TPM anti-hammering logic can be used.
Choose the operating system managed TPM authentication setting of "Delegated" to store only the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting is appropriate for use with TPM-based applications that depend on the TPM anti-hammering logic.
Choose the operating system managed TPM authentication setting of "None" for compatibility with previous operating systems and applications or for use with scenarios that require TPM owner authorization not be stored locally. Using this setting might cause issues with some TPM-based applications.
> [!NOTE]
> If the operating system managed TPM authentication setting is changed from "Full" to "Delegated", the full TPM owner authorization value will be regenerated and any copies of the original TPM owner authorization value will be invalid.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Configure the level of TPM owner authorization information available to the operating system*
- GP name: *OSManagedAuth_Name*
- GP path: *System\Trusted Platform Module Services*
- GP ADMX file name: *TPM.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-tpm-optintodsha-name"></a>**ADMX_TPM/OptIntoDSHA_Name**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This group policy enables Device Health Attestation reporting (DHA-report) on supported devices. It enables supported devices to send Device Health Attestation related information (device boot logs, PCR values, TPM certificate, etc.) to Device Health Attestation Service (DHA-Service) every time a device starts. Device Health Attestation Service validates the security state and health of the devices, and makes the findings accessible to enterprise administrators via a cloud based reporting portal. This policy is independent of DHA reports that are initiated by device manageability solutions (like MDM or SCCM), and will not interfere with their workflows.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Enable Device Health Attestation Monitoring and Reporting*
- GP name: *OptIntoDSHA_Name*
- GP path: *System\Device Health Attestation Service*
- GP ADMX file name: *TPM.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-tpm-standarduserauthorizationfailureduration-name"></a>**ADMX_TPM/StandardUserAuthorizationFailureDuration_Name**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the duration in minutes for counting standard user authorization failures for Trusted Platform Module (TPM) commands requiring authorization. If the number of TPM commands with an authorization failure within the duration equals a threshold, a standard user is prevented from sending commands requiring authorization to the TPM.
This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM.
An authorization failure occurs each time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occurred. Authorization failures older than this duration are ignored.
For each standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization.
The Standard User Lockout Threshold Individual value is the maximum number of authorization failures each standard user may have before the user is not allowed to send commands requiring authorization to the TPM.
The Standard User Lockout Total Threshold value is the maximum total number of authorization failures all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM.
The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode.
An administrator with the TPM owner password may fully reset the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard users to use the TPM normally again immediately.
If this value is not configured, a default value of 480 minutes (8 hours) is used.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Standard User Lockout Duration*
- GP name: *StandardUserAuthorizationFailureDuration_Name*
- GP path: *System\Trusted Platform Module Services*
- GP ADMX file name: *TPM.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-tpm-standarduserauthorizationfailureindividualthreshold-name"></a>**ADMX_TPM/StandardUserAuthorizationFailureIndividualThreshold_Name**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the maximum number of authorization failures for each standard user for the Trusted Platform Module (TPM). If the number of authorization failures for the user within the duration for Standard User Lockout Duration equals this value, the standard user is prevented from sending commands to the Trusted Platform Module (TPM) that require authorization.
This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM.
An authorization failure occurs each time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occurred. Authorization failures older than the duration are ignored.
For each standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization.
This value is the maximum number of authorization failures each standard user may have before the user is not allowed to send commands requiring authorization to the TPM.
The Standard User Lockout Total Threshold value is the maximum total number of authorization failures all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM.
The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode.
An administrator with the TPM owner password may fully reset the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard users to use the TPM normally again immediately.
If this value is not configured, a default value of 4 is used.
A value of zero means the OS will not allow standard users to send commands to the TPM which may cause an authorization failure.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Standard User Individual Lockout Threshold*
- GP name: *StandardUserAuthorizationFailureIndividualThreshold_Name*
- GP path: *System\Trusted Platform Module Services*
- GP ADMX file name: *TPM.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-tpm-standarduserauthorizationfailuretotalthreshold-name"></a>**ADMX_TPM/StandardUserAuthorizationFailureTotalThreshold_Name**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the maximum number of authorization failures for all standard users for the Trusted Platform Module (TPM). If the total number of authorization failures for all standard users within the duration for Standard User Lockout Duration equals this value, all standard users are prevented from sending commands to the Trusted Platform Module (TPM) that require authorization.
This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM.
An authorization failure occurs each time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occurred. Authorization failures older than the duration are ignored.
For each standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization.
The Standard User Individual Lockout value is the maximum number of authorization failures each standard user may have before the user is not allowed to send commands requiring authorization to the TPM.
This value is the maximum total number of authorization failures all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM.
The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode.
An administrator with the TPM owner password may fully reset the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard users to use the TPM normally again immediately.
If this value is not configured, a default value of 9 is used.
A value of zero means the OS will not allow standard users to send commands to the TPM which may cause an authorization failure.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Standard User Total Lockout Threshold*
- GP name: *StandardUserAuthorizationFailureTotalThreshold_Name*
- GP path: *System\Trusted Platform Module Services*
- GP ADMX file name: *TPM.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-tpm-uselegacydap-name"></a>**ADMX_TPM/UseLegacyDAP_Name**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting configures the TPM to use the Dictionary Attack Prevention Parameters (lockout threshold and recovery time) to the values that were used for Windows 10 Version 1607 and below. Setting this policy will take effect only if a) the TPM was originally prepared using a version of Windows after Windows 10 Version 1607 and b) the System has a TPM 2.0. Note that enabling this policy will only take effect after the TPM maintenance task runs (which typically happens after a system restart). Once this policy has been enabled on a system and has taken effect (after a system restart), disabling it will have no impact and the system's TPM will remain configured using the legacy Dictionary Attack Prevention parameters, regardless of the value of this group policy. The only way for the disabled setting of this policy to take effect on a system where it was once enabled is to a) disable it from group policy and b)clear the TPM on the system.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0.*
- GP name: *UseLegacyDAP_Name*
- GP path: *System\Trusted Platform Module Services*
- GP ADMX file name: *TPM.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
<!--/Policies-->

9476
windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md Normal file
View File

File diff suppressed because it is too large Load Diff

429
windows/client-management/mdm/policy-csp-admx-w32time.md Normal file
View File

@ -0,0 +1,429 @@
---
title: Policy CSP - ADMX_W32Time
description: Policy CSP - ADMX_W32Time
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 09/28/2020
ms.reviewer:
manager: dansimp
---
# Policy CSP - ADMX_W32Time
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## ADMX_W32Time policies
<dl>
<dd>
<a href="#admx-w32time-policy-config">ADMX_W32Time/W32TIME_POLICY_CONFIG</a>
</dd>
<dd>
<a href="#admx-w32time-policy-configure-ntpclient">ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT</a>
</dd>
<dd>
<a href="#admx-w32time-policy-enable-ntpclient">ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT</a>
</dd>
<dd>
<a href="#admx-w32time-policy-enable-ntpserver">ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPSERVER</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="admx-w32time-policy-config"></a>**ADMX_W32Time/W32TIME_POLICY_CONFIG**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify Clock discipline and General values for the Windows Time service (W32time) for domain controllers including RODCs.
If this policy setting is enabled, W32time Service on target machines use the settings provided here. Otherwise, the service on target machines use locally configured settings values.
For more details on individual parameters, combinations of parameter values as well as definitions of flags, see https://go.microsoft.com/fwlink/?linkid=847809.
**FrequencyCorrectRate**
This parameter controls the rate at which the W32time corrects the local clock's frequency. Lower values cause slower corrections; larger values cause more frequent corrections. Default: 4 (scalar).
**HoldPeriod**
This parameter indicates how many consistent time samples the client computer must receive in a series before subsequent time samples are evaluated as potential spikes. Default: 5
**LargePhaseOffset**
If a time sample differs from the client computer's local clock by more than LargePhaseOffset, the local clock is deemed to have drifted considerably, or in other words, spiked. Default: 50,000,000 100-nanosecond units (ns) or 5 seconds.
**MaxAllowedPhaseOffset**
If a response is received that has a time variation that is larger than this parameter value, W32time sets the client computer's local clock immediately to the time that is accepted as accurate from the Network Time Protocol (NTP) server. If the time variation is less than this value, the client computer's local clock is corrected gradually. Default: 300 seconds.
**MaxNegPhaseCorrection**
If a time sample is received that indicates a time in the past (as compared to the client computer's local clock) that has a time difference that is greater than the MaxNegPhaseCorrection value, the time sample is discarded. Default: 172,800 seconds.
**MaxPosPhaseCorrection**
If a time sample is received that indicates a time in the future (as compared to the client computer's local clock) that has a time difference greater than the MaxPosPhaseCorrection value, the time sample is discarded. Default: 172,800 seconds.
**PhaseCorrectRate**
This parameter controls how quickly W32time corrects the client computer's local clock difference to match time samples that are accepted as accurate from the NTP server. Lower values cause the clock to correct more slowly; larger values cause the clock to correct more quickly. Default: 7 (scalar).
**PollAdjustFactor**
This parameter controls how quickly W32time changes polling intervals. When responses are considered to be accurate, the polling interval lengthens automatically. When responses are considered to be inaccurate, the polling interval shortens automatically. Default: 5 (scalar).
**SpikeWatchPeriod**
This parameter specifies the amount of time that samples with time offset larger than LargePhaseOffset are received before these samples are accepted as accurate. SpikeWatchPeriod is used in conjunction with HoldPeriod to help eliminate sporadic, inaccurate time samples that are returned from a peer. Default: 900 seconds.
**UpdateInterval**
This parameter specifies the amount of time that W32time waits between corrections when the clock is being corrected gradually. When it makes a gradual correction, the service adjusts the clock slightly, waits this amount of time, and then checks to see if another adjustment is needed, until the correction is finished. Default: 100 1/100th second units, or 1 second.
General parameters:
**AnnounceFlags**
This parameter is a bitmask value that controls how time service availability is advertised through NetLogon. Default: 0x0a hexadecimal
**EventLogFlags**
This parameter controls special events that may be logged to the Event Viewer System log. Default: 0x02 hexadecimal bitmask.
**LocalClockDispersion**
This parameter indicates the maximum error in seconds that is reported by the NTP server to clients that are requesting a time sample. (Applies only when the NTP server is using the time of the local CMOS clock.) Default: 10 seconds.
**MaxPollInterval**
This parameter controls the maximum polling interval, which defines the maximum amount of time between polls of a peer. Default: 10 in log base-2, or 1024 seconds. (Should not be set higher than 15.)
**MinPollInterval**
This parameter controls the minimum polling interval that defines the minimum amount of time between polls of a peer. Default: 6 in log base-2, or 64 seconds.
**ClockHoldoverPeriod**
This parameter indicates the maximum number of seconds a system clock can nominally hold its accuracy without synchronizing with a time source. If this period of time passes without W32time obtaining new samples from any of its input providers, W32time initiates a rediscovery of time sources. Default: 7800 seconds.
**RequireSecureTimeSyncRequests**
This parameter controls whether or not the DC will respond to time sync requests that use older authentication protocols. If enabled (set to 1), the DC will not respond to requests using such protocols. Default: 0 Boolean.
**UtilizeSslTimeData**
This parameter controls whether W32time will use time data computed from SSL traffic on the machine as an additional input for correcting the local clock. Default: 1 (enabled) Boolean
**ClockAdjustmentAuditLimit**
This parameter specifies the smallest local clock adjustments that may be logged to the W32time service event log on the target machine. Default: 800 Parts per million (PPM).
RODC parameters:
**ChainEntryTimeout**
This parameter specifies the maximum amount of time that an entry can remain in the chaining table before the entry is considered to be expired. Expired entries may be removed when the next request or response is processed. Default: 16 seconds.
**ChainMaxEntries**
This parameter controls the maximum number of entries that are allowed in the chaining table. If the chaining table is full and no expired entries can be removed, any incoming requests are discarded. Default: 128 entries.
**ChainMaxHostEntries**
This parameter controls the maximum number of entries that are allowed in the chaining table for a particular host. Default: 4 entries.
**ChainDisable**
This parameter controls whether or not the chaining mechanism is disabled. If chaining is disabled (set to 0), the RODC can synchronize with any domain controller, but hosts that do not have their passwords cached on the RODC will not be able to synchronize with the RODC. Default: 0 Boolean.
**ChainLoggingRate**
This parameter controls the frequency at which an event that indicates the number of successful and unsuccessful chaining attempts is logged to the System log in Event Viewer. Default: 30 minutes.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Global Configuration Settings*
- GP name: *W32TIME_POLICY_CONFIG*
- GP path: *System\Windows Time Service*
- GP ADMX file name: *W32Time.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-w32time-policy-configure-ntpclient"></a>**ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies a set of parameters for controlling the Windows NTP Client.
If you enable this policy setting, you can specify the following parameters for the Windows NTP Client.
If you disable or do not configure this policy setting, the Windows NTP Client uses the defaults of each of the following parameters.
**NtpServer**
The Domain Name System (DNS) name or IP address of an NTP time source. This value is in the form of ""dnsName,flags"" where ""flags"" is a hexadecimal bitmask of the flags for that host. For more information, see the NTP Client Group Policy Settings Associated with Windows Time section of the Windows Time Service Group Policy Settings. The default value is ""time.windows.com,0x09"".
**Type**
This value controls the authentication that W32time uses. The default value is NT5DS.
**CrossSiteSyncFlags**
This value, expressed as a bitmask, controls how W32time chooses time sources outside its own site. The possible values are 0, 1, and 2. Setting this value to 0 (None) indicates that the time client should not attempt to synchronize time outside its site. Setting this value to 1 (PdcOnly) indicates that only the computers that function as primary domain controller (PDC) emulator operations masters in other domains can be used as synchronization partners when the client has to synchronize time with a partner outside its own site. Setting a value of 2 (All) indicates that any synchronization partner can be used. This value is ignored if the NT5DS value is not set. The default value is 2 decimal (0x02 hexadecimal).
**ResolvePeerBackoffMinutes**
This value, expressed in minutes, controls how long W32time waits before it attempts to resolve a DNS name when a previous attempt failed. The default value is 15 minutes.
**ResolvePeerBackoffMaxTimes**
This value controls how many times W32time attempts to resolve a DNS name before the discovery process is restarted. Each time DNS name resolution fails, the amount of time to wait before the next attempt will be twice the previous amount. The default value is seven attempts.
**SpecialPollInterval**
This NTP client value, expressed in seconds, controls how often a manually configured time source is polled when the time source is configured to use a special polling interval. If the SpecialInterval flag is enabled on the NTPServer setting, the client uses the value that is set as the SpecialPollInterval, instead of a variable interval between MinPollInterval and MaxPollInterval values, to determine how frequently to poll the time source. SpecialPollInterval must be in the range of [MinPollInterval, MaxPollInterval], else the nearest value of the range is picked. Default: 1024 seconds.
**EventLogFlags**
This value is a bitmask that controls events that may be logged to the System log in Event Viewer. Setting this value to 0x1 indicates that W32time will create an event whenever a time jump is detected. Setting this value to 0x2 indicates that W32time will create an event whenever a time source change is made. Because it is a bitmask value, setting 0x3 (the addition of 0x1 and 0x2) indicates that both time jumps and time source changes will be logged.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Configure Windows NTP Client*
- GP name: *W32TIME_POLICY_CONFIGURE_NTPCLIENT*
- GP path: *System\Windows Time Service\Time Providers*
- GP ADMX file name: *W32Time.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-w32time-policy-enable-ntpclient"></a>**ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether the Windows NTP Client is enabled.
Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers. You might want to disable this service if you decide to use a third-party time provider.
If you enable this policy setting, you can set the local computer clock to synchronize time with NTP servers.
If you disable or do not configure this policy setting, the local computer clock does not synchronize time with NTP servers.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Enable Windows NTP Client*
- GP name: *W32TIME_POLICY_ENABLE_NTPCLIENT*
- GP path: *System\Windows Time Service\Time Providers*
- GP ADMX file name: *W32Time.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-w32time-policy-enable-ntpserver"></a>**ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPSERVER**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify whether the Windows NTP Server is enabled.
If you enable this policy setting for the Windows NTP Server, your computer can service NTP requests from other computers.
If you disable or do not configure this policy setting, your computer cannot service NTP requests from other computers.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Enable Windows NTP Server*
- GP name: *W32TIME_POLICY_ENABLE_NTPSERVER*
- GP path: *System\Windows Time Service\Time Providers*
- GP ADMX file name: *W32Time.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
<!--/Policies-->

192
windows/client-management/mdm/policy-csp-admx-wincal.md Normal file
View File

@ -0,0 +1,192 @@
---
title: Policy CSP - ADMX_WinCal
description: Policy CSP - ADMX_WinCal
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 09/28/2020
ms.reviewer:
manager: dansimp
---
# Policy CSP - ADMX_WinCal
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## ADMX_WinCal policies
<dl>
<dd>
<a href="#admx-wincal-turnoffwincal-1">ADMX_WinCal/TurnOffWinCal_1</a>
</dd>
<dd>
<a href="#admx-wincal-turnoffwincal-2">ADMX_WinCal/TurnOffWinCal_2</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="admx-wincal-turnoffwincal-1"></a>**ADMX_WinCal/TurnOffWinCal_1**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * User
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars.
If you enable this setting, Windows Calendar will be turned off.
If you disable or do not configure this setting, Windows Calendar will be turned on.
The default is for Windows Calendar to be turned on.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn off Windows Calendar*
- GP name: *TurnOffWinCal_1*
- GP path: *Windows Components\Windows Calendar*
- GP ADMX file name: *WinCal.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<hr/>
<!--Policy-->
<a href="" id="admx-wincal-turnoffwincal-2"></a>**ADMX_WinCal/TurnOffWinCal_2**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars.
If you enable this setting, Windows Calendar will be turned off.
If you disable or do not configure this setting, Windows Calendar will be turned on.
The default is for Windows Calendar to be turned on.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn off Windows Calendar*
- GP name: *TurnOffWinCal_2*
- GP path: *Windows Components\Windows Calendar*
- GP ADMX file name: *WinCal.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
<!--/Policies-->

115
windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md Normal file
View File

@ -0,0 +1,115 @@
---
title: Policy CSP - ADMX_WindowsAnytimeUpgrade
description: Policy CSP - ADMX_WindowsAnytimeUpgrade
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 09/29/2020
ms.reviewer:
manager: dansimp
---
# Policy CSP - ADMX_WindowsAnytimeUpgrade
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## ADMX_WindowsAnytimeUpgrade policies
<dl>
<dd>
<a href="#admx-windowsanytimeupgrade-disabled">ADMX_WindowsAnytimeUpgrade/Disabled</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="admx-windowsanytimeupgrade-disabled"></a>**ADMX_WindowsAnytimeUpgrade/Disabled**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
> * User
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. By default, Add features to Windows 10 is available for all administrators.
If you enable this policy setting, the wizard will not run.
If you disable this policy setting or set it to Not Configured, the wizard will run.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Prevent the wizard from running.*
- GP name: *Disabled*
- GP path: *Windows Components\Add features to Windows 10*
- GP ADMX file name: *WindowsAnytimeUpgrade.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
<!--/Policies-->

264
windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md Normal file
View File

@ -0,0 +1,264 @@
---
title: Policy CSP - ADMX_WindowsConnectNow
description: Policy CSP - ADMX_WindowsConnectNow
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 09/28/2020
ms.reviewer:
manager: dansimp
---
# Policy CSP - ADMX_WindowsConnectNow
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## ADMX_WindowsConnectNow policies
<dl>
<dd>
<a href="#admx-windowsconnectnow-wcn-disablewcnui-1">ADMX_WindowsConnectNow/WCN_DisableWcnUi_1</a>
</dd>
<dd>
<a href="#admx-windowsconnectnow-wcn-disablewcnui-2">ADMX_WindowsConnectNow/WCN_DisableWcnUi_2</a>
</dd>
<dd>
<a href="#admx-windowsconnectnow-wcn-enableregistrar">ADMX_WindowsConnectNow/WCN_EnableRegistrar</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="admx-windowsconnectnow-wcn-disablewcnui-1"></a>**ADMX_WindowsConnectNow/WCN_DisableWcnUi_1**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * User
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting prohibits access to Windows Connect Now (WCN) wizards.
If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled.
If you disable or do not configure this policy setting, users can access the wizard tasks, including "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Prohibit access of the Windows Connect Now wizards*
- GP name: *WCN_DisableWcnUi_1*
- GP path: *Network\Windows Connect Now*
- GP ADMX file name: *WindowsConnectNow.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-windowsconnectnow-wcn-disablewcnui-2"></a>**ADMX_WindowsConnectNow/WCN_DisableWcnUi_2**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting prohibits access to Windows Connect Now (WCN) wizards.
If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled.
If you disable or do not configure this policy setting, users can access the wizard tasks, including "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Prohibit access of the Windows Connect Now wizards*
- GP name: *WCN_DisableWcnUi_2*
- GP path: *Network\Windows Connect Now*
- GP ADMX file name: *WindowsConnectNow.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-windowsconnectnow-wcn-enableregistrar"></a>**ADMX_WindowsConnectNow/WCN_EnableRegistrar**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the discovery and configuration of devices over Ethernet (UPnP), over In-band 802.11 WLAN, through the Windows Portable Device API (WPD), and via USB Flash drives.
Additional options are available to allow discovery and configuration over a specific medium.
If you enable this policy setting, additional choices are available to turn off the operations over a specific medium.
If you disable this policy setting, operations are disabled over all media.
If you do not configure this policy setting, operations are enabled over all media.
The default for this policy setting allows operations over all media.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Configuration of wireless settings using Windows Connect Now*
- GP name: *WCN_EnableRegistrar*
- GP path: *Network\Windows Connect Now*
- GP ADMX file name: *WindowsConnectNow.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
<!--/Policies-->

116
windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md Normal file
View File

@ -0,0 +1,116 @@
---
title: Policy CSP - ADMX_WindowsMediaDRM
description: Policy CSP - ADMX_WindowsMediaDRM
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 08/13/2020
ms.reviewer:
manager: dansimp
---
# Policy CSP - ADMX_WindowsMediaDRM
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## ADMX_WindowsMediaDRM policies
<dl>
<dd>
<a href="#admx-windowsmediadrm-disableonline">ADMX_WindowsMediaDRM/DisableOnline</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="admx-windowsmediadrm-disableonline"></a>**ADMX_WindowsMediaDRM/DisableOnline**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting prevents Windows Media Digital Rights Management (DRM) from accessing the Internet (or intranet).
When enabled, Windows Media DRM is prevented from accessing the Internet (or intranet) for license acquisition and security upgrades.
When this policy is enabled, programs are not able to acquire licenses for secure content, upgrade Windows Media DRM security components, or restore backed up content licenses. Secure content that is already licensed to the local computer will continue to play. Users are also able to protect music that they copy from a CD and play this protected content on their computer, since the license is generated locally in this scenario.
When this policy is either disabled or not configured, Windows Media DRM functions normally and will connect to the Internet (or intranet) to acquire licenses, download security upgrades, and perform license restoration.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Prevent Windows Media DRM Internet Access*
- GP name: *DisableOnline*
- GP path: *Windows Components\Windows Media Digital Rights Management*
- GP ADMX file name: *WindowsMediaDRM.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
<!--/Policies-->

1614
windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md Normal file
View File

File diff suppressed because it is too large Load Diff

258
windows/client-management/mdm/policy-csp-admx-wininit.md Normal file
View File

@ -0,0 +1,258 @@
---
title: Policy CSP - ADMX_WinInit
description: Policy CSP - ADMX_WinInit
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 09/29/2020
ms.reviewer:
manager: dansimp
---
# Policy CSP - ADMX_WinInit
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## ADMX_WinInit policies
<dl>
<dd>
<a href="#admx-wininit-disablenamedpipeshutdownpolicydescription">ADMX_WinInit/DisableNamedPipeShutdownPolicyDescription</a>
</dd>
<dd>
<a href="#admx-wininit-hiberboot">ADMX_WinInit/Hiberboot</a>
</dd>
<dd>
<a href="#admx-wininit-shutdowntimeouthungsessionsdescription">ADMX_WinInit/ShutdownTimeoutHungSessionsDescription</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="admx-wininit-disablenamedpipeshutdownpolicydescription"></a>**ADMX_WinInit/DisableNamedPipeShutdownPolicyDescription**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting controls the legacy remote shutdown interface (named pipe). The named pipe remote shutdown interface is needed in order to shutdown this system from a remote Windows XP or Windows Server 2003 system.
If you enable this policy setting, the system does not create the named pipe remote shutdown interface.
If you disable or do not configure this policy setting, the system creates the named pipe remote shutdown interface.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn off legacy remote shutdown interface*
- GP name: *DisableNamedPipeShutdownPolicyDescription*
- GP path: *Windows Components\Shutdown Options*
- GP ADMX file name: *WinInit.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-wininit-hiberboot"></a>**ADMX_WinInit/Hiberboot**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting controls the use of fast startup.
If you enable this policy setting, the system requires hibernate to be enabled.
If you disable or do not configure this policy setting, the local setting is used.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Require use of fast startup*
- GP name: *Hiberboot*
- GP path: *System\Shutdown*
- GP ADMX file name: *WinInit.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-wininit-shutdowntimeouthungsessionsdescription"></a>**ADMX_WinInit/ShutdownTimeoutHungSessionsDescription**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting configures the number of minutes the system waits for the hung logon sessions before proceeding with the system shutdown.
If you enable this policy setting, the system waits for the hung logon sessions for the number of minutes specified.
If you disable or do not configure this policy setting, the default timeout value is 3 minutes for workstations and 15 minutes for servers.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Timeout for hung logon sessions during shutdown*
- GP name: *ShutdownTimeoutHungSessionsDescription*
- GP path: *Windows Components\Shutdown Options*
- GP ADMX file name: *WinInit.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
<!--/Policies-->

2
windows/client-management/mdm/policy-csp-controlpolicyconflict.md
View File

@ -100,7 +100,7 @@ The [Policy DDF](policy-ddf-file.md) contains the following tags to identify the
- \<MSFT:GPRegistryMappedName\>
- \<MSFT:GPDBMappedName\>
For the list MDM-GP mapping list, see [Policy CSPs supported by Group Policy
For the list MDM-GP mapping list, see [Policies in Policy CSP supported by Group Policy
](policy-csps-supported-by-group-policy.md).
The MDM Diagnostic report shows the applied configurations states of a device including policies, certificates, configuration sources, and resource information. The report includes a list of blocked GP settings because MDM equivalent is configured, if any. To get the diagnostic report, go to **Settings** > **Accounts** > **Access work or school** > and then click the desired work or school account. Scroll to the bottom of the page to **Advanced Diagnostic Report** and then click **Create Report**.

232
windows/client-management/mdm/policy-csp-localusersandgroups.md Normal file
View File

@ -0,0 +1,232 @@
---
title: Policy CSP - LocalUsersAndGroups
description: Policy CSP - LocalUsersAndGroups
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
ms.date: 10/14/2020
ms.reviewer:
manager: dansimp
---
# Policy CSP - LocalUsersAndGroups
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## LocalUsersAndGroups policies
<dl>
<dd>
<a href="#localusersandgroups-configure">LocalUsersAndGroups/Configure</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="localusersandgroups-configure"></a>**LocalUsersAndGroups/Configure**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10, version 20H2. This policy setting allows IT admins to add, remove, or replace members of local groups on a managed device.
> [!NOTE]
> The [RestrictedGroups/ConfigureGroupMembership](./policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership) policy setting also allows you to configure members (users or AAD groups) to a Windows 10 local group. However, it allows only for a full replace of the existing groups with the new members and does not allow selective add or remove.
>
> Starting from Windows 10, version 20H2, it is recommended to use the LocalUsersandGroups policy instead of the RestrictedGroups policy. Applying both the policies to the same device is unsupported and may yield unpredictable results.
Here's an example of the policy definition XML for group configuration:
```xml
<GroupConfiguration>
<accessgroup desc = "">
<group action = ""/>
<add member = ""/>
<remove member = ""/>
</accessgroup>
</GroupConfiguration>
```
where:
- `<accessgroup desc>`: Specifies the name or SID of the local group to configure. If you specify a SID, the [LookupAccountSid](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountsida) API is used to translate the SID to a valid group name. If you specify a name, the [LookupAccountName](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountnamea) API is used to lookup the group and validate the name. If name/SID lookup fails, the group is skipped and the next group in the XML file is processed. If there are multiple errors, the last error is returned at the end of the policy processing.
- `<group action>`: Specifies the action to take on the local group, which can be Update and Restrict, represented by U and R:
- Update. This action must be used to keep the current group membership intact and add or remove members of the specific group.
- Restrict. This action must be used to replace current membership with the newly specified groups. This action provides the same functionality as the [RestrictedGroups/ConfigureGroupMembership](./policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership) policy setting.
- `<add member>`: Specifies the SID or name of the member to configure.
- `<remove member>`: Specifies the SID or name of the member to remove from the specified group.
> [!NOTE]
> When specifying member names of domain accounts, use fully qualified account names where possible (for example, domain_name\user_name) instead of isolated names (for example, group_name). This way, you can avoid getting ambiguous results when users or groups with the same name exist in multiple domains and locally. See [LookupAccountNameA function](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountnamea#remarks) for more information.
See [Use custom settings for Windows 10 devices in Intune](https://docs.microsoft.com/mem/intune/configuration/custom-settings-windows-10) for information on how to create custom profiles.
> [!IMPORTANT]
> - `<add member>` and `<remove member>` can use an Azure AD SID or the user's name. For adding or removing Azure AD groups using this policy, you must use the group's SID. Azure AD group SIDs can be obtained using [Graph](https://docs.microsoft.com/graph/api/resources/group?view=graph-rest-1.0#json-representation) API for Groups. The SID is present in the `securityIdentifier` attribute.
> - When specifying a SID in the `<add member>` or `<remove member>`, member SIDs are added without attempting to resolve them. Therefore, be very careful when specifying a SID to ensure it is correct.
> - `<remove member>` is not valid for the R (Restrict) action and will be ignored if present.
> - The list in the XML is processed in the given order except for the R actions, which get processed last to ensure they win. It also means that if a group is present multiple times with different add/remove values, all of them will be processed in the order they are present.
<!--/Description-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
**Examples**
Example 1: Update action for adding and removing group members.
The following example shows how you can update a local group (**Backup Operators**)—add a domain group as a member using its name (**Contoso\ITAdmins**), add the built-in Administrators group using its [well known SID](https://docs.microsoft.com/windows/win32/secauthz/well-known-sids), add a AAD group by its SID (**S-1-12-1-111111111-22222222222-3333333333-4444444444**), and remove a local account (**Guest**).
```xml
<GroupConfiguration>
<accessgroup desc = "Backup Operators">
<group action = "U" />
<add member = "Contoso\ITAdmins"/>
<add member = "S-1-5-32-544"/>
<add member = "S-1-12-1-111111111-22222222222-3333333333-4444444444"/>
<remove member = "Guest"/>
</accessgroup>
</GroupConfiguration>
```
Example 2: Restrict action for replacing the group membership.
The following example shows how you can restrict a local group (**Backup Operators**)—replace its membership with the built-in Administrators group using its [well known SID](https://docs.microsoft.com/windows/win32/secauthz/well-known-sids) and add a local account (**Guest**).
```xml
<GroupConfiguration>
<accessgroup desc = "Backup Operators">
<group action = "R" />
<add member = "S-1-5-32-544"/>
<add member = "Guest"/>
</accessgroup>
</GroupConfiguration>
```
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
## FAQs
This section provides answers to some common questions you might have about the LocalUsersAndGroups policy CSP.
### What happens if I accidentally remove the built-in Administrator SID from the Administrators group?
Removing the built-in Administrator account from the built-in Administrators group is blocked at SAM/OS level for security reasons. Attempting to do so will result in failure with the following error:
| Error Code | Symbolic Name | Error Description | Header |
|----------|----------|----------|----------|
| 0x55b (Hex) <br> 1371 (Dec) |ERROR_SPECIAL_ACCOUNT|Cannot perform this operation on built-in accounts.| winerror.h |
When configuring the built-in Administrators group with the R (Restrict) action, specify the built-in Administrator account SID/Name in `<add member>` to avoid this error.
### Can I add a member that already exists?
Yes, you can add a member that is already a member of a group. This will result in no changes to the group and no error.
### Can I remove a member if it isn't a member of the group?
Yes, you can remove a member even if it isn't a member of the group. This will result in no changes to the group and no error.
### How can I add a domain group as a member to a local group?
To add a domain group as a member to a local group, specify the domain group in `<add member>` of the local group. Use fully qualified account names (for example, domain_name\group_name) instead of isolated names (for example, group_name) for the best results. See [LookupAccountNameA function](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountnamea#remarks) for more information.
### Can I apply more than one LocalUserAndGroups policy/XML to the same device?
No, this is not allowed. Attempting to do so will result in a conflict in Intune.
### What happens if I specify a group name that doesn't exist?
Invalid group names or SIDs will be skipped. Valid parts of the policy will apply, and error will be returned at the end of the processing. This behavior aligns with the on-prem AD GPP (Group Policy Preferences) LocalUsersAndGroups policy. Similarly, invalid member names will be skipped, and error will be returned at the end to notify that not all settings were applied successfully.
### What happens if I specify R and U in the same XML?
If you specify both R and U in the same XML, the R (Restrict) action takes precedence over U (Update). Therefore, if a group appears twice in the XML, once with U and again with R, the R action wins.
### How do I check the result of a policy that is applied on the client device?
After a policy is applied on the client device, you can investigate the event log to review the result:
1. Open Event Viewer (**eventvwr.exe**).
2. Navigate to **Applications and Services Logs** > **Microsoft** > **Windows** > **DeviceManagement-Enterprise-
Diagnostics-Provider** > **Admin**.
3. Search for the `LocalUsersAndGroups` string to review the relevant details.
### How can I troubleshoot Name/SID lookup APIs?
To troubleshoot Name/SID lookup APIs:
1. Enable **lsp.log** on the client device by running the following commands:
```cmd
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name LspDbgInfoLevel -Value 0x800 -Type dword -Force
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name LspDbgTraceOptions -Value 0x1 -Type dword -Force
```
The **lsp.log** file (**C:\windows\debug\lsp.log**) will be displayed. This log file tracks the SID-Name resolution.
2. Turn the logging off by running the following command:
```cmd
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name LspDbgInfoLevel -Value 0x0 -Type dword -Force
```
Footnotes:
- 9 - Available in Windows 10, version 20H2.
<!--/Policies-->

314
windows/client-management/mdm/policy-csp-mixedreality.md Normal file
View File

@ -0,0 +1,314 @@
---
title: Policy CSP - MixedReality
description: Policy CSP - MixedReality
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 10/06/2020
ms.reviewer:
manager: dansimp
---
# Policy CSP - MixedReality
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## MixedReality policies
<dl>
<dd>
<a href="#mixedreality-aadgroupmembershipcachevalidityindays">MixedReality/AADGroupMembershipCacheValidityInDays</a>
</dd>
<dd>
<a href="#mixedreality-brightnessbuttondisabled">MixedReality/BrightnessButtonDisabled</a>
</dd>
<dd>
<a href="#mixedreality-fallbackdiagnostics">MixedReality/FallbackDiagnostics</a>
</dd>
<dd>
<a href="#mixedreality-microphonedisabled">MixedReality/MicrophoneDisabled</a>
</dd>
<dd>
<a href="#mixedreality-volumebuttondisabled">MixedReality/VolumeButtonDisabled</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="mixedreality-aadgroupmembershipcachevalidityindays"></a>**MixedReality/AADGroupMembershipCacheValidityInDays**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>HoloLens (1st gen) Development Edition</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>HoloLens (1st gen) Commercial Suite</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>HoloLens 2</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting controls for how many days Azure AD group membership cache is allowed to be used for Assigned Access configurations targeting Azure AD groups for signed in user. Once this policy setting is set only then cache is used otherwise not. In order for this policy setting to take effect, user must sign out and sign in with Internet available at least once before the cache can be used for subsequent "disconnected" sessions.
<!--/Description-->
<!--ADMXBacked-->
<!--/ADMXBacked-->
<!--SupportedValues-->
Supported values are 0-60. The default value is 0 (day) and maximum value is 60 (days).
<!--/SupportedValues-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="mixedreality-brightnessbuttondisabled"></a>**MixedReality/BrightnessButtonDisabled**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>HoloLens (1st gen) Development Edition</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>HoloLens (1st gen) Commercial Suite</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>HoloLens 2</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting controls if pressing the brightness button changes the brightness or not. It only impacts brightness on HoloLens and not the functionality of the button when it is used with other buttons as combination for other purposes.
<!--/Description-->
<!--ADMXBacked-->
<!--/ADMXBacked-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 - False (Default)
- 1 - True
<!--/SupportedValues-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="mixedreality-fallbackdiagnostics"></a>**MixedReality/FallbackDiagnostics**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>HoloLens (1st gen) Development Edition</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>HoloLens (1st gen) Commercial Suite</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>HoloLens 2</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting controls when and if diagnostic logs can be collected using specific button combination on HoloLens.
<!--/Description-->
<!--ADMXBacked-->
<!--/ADMXBacked-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 - Disabled
- 1 - Enabled for device owners
- 2 - Enabled for all (Default)
<!--/SupportedValues-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="mixedreality-microphonedisabled"></a>**MixedReality/MicrophoneDisabled**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>HoloLens (1st gen) Development Edition</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>HoloLens (1st gen) Commercial Suite</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>HoloLens 2</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting controls whether microphone on HoloLens 2 is disabled or not.
<!--/Description-->
<!--ADMXBacked-->
<!--/ADMXBacked-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 - False (Default)
- 1 - True
<!--/SupportedValues-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="mixedreality-volumebuttondisabled"></a>**MixedReality/VolumeButtonDisabled**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>HoloLens (1st gen) Development Edition</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>HoloLens (1st gen) Commercial Suite</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>HoloLens 2</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting controls if pressing the volume button changes the volume or not. It only impacts volume on HoloLens and not the functionality of the button when it is used with other buttons as combination for other purposes.
<!--/Description-->
<!--ADMXBacked-->
<!--/ADMXBacked-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 - False (Default)
- 1 - True
<!--/SupportedValues-->
<!--/Policy-->
<hr/>
Footnotes:
- 9 - Available in Windows 10, version 20H2.
<!--/Policies-->

3
windows/client-management/mdm/policy-csp-restrictedgroups.md
View File

@ -14,6 +14,9 @@ manager: dansimp
# Policy CSP - RestrictedGroups
> [!IMPORTANT]
> Starting from Windows 10, version 20H2, it is recommended to use the [LocalUsersandGroups](policy-csp-localusersandgroups.md) policy instead of the RestrictedGroups policy to configure members (users or AAD groups) to a Windows 10 local group. Applying both the policies to the same device is unsupported and may yield unpredictable results.
<hr/>

25
windows/client-management/mdm/policy-csp-system.md
View File

@ -1,13 +1,13 @@
---
title: Policy CSP - System
description: Learn policy settings that determines whether users can access the Insider build controls in the advanced options for Windows Update.
description: Learn policy settings that determine whether users can access the Insider build controls in the advanced options for Windows Update.
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
ms.date: 08/12/2020
ms.date: 10/14/2020
ms.reviewer:
manager: dansimp
---
@ -212,14 +212,13 @@ The following list shows the supported values:
<!--/Scope-->
<!--Description-->
This policy setting controls whether Microsoft is a processor or controller for Windows diagnostic data collected from devices.
This policy setting opts the device into the Windows enterprise data pipeline.
If you enable this policy and enroll your devices in your Azure AD tenant, your organization becomes the controller and Microsoft is the processor of this data.
If you enable this setting, data collected from the device will be opted into the Windows enterprise data pipeline.
If you disable or don't configure this policy setting, Microsoft will be the controller for Windows diagnostic data collected from the device.
If you disable or don't configure this setting, all data from the device will be collected and processed in accordance with our policies for the Windows standard data pipeline.
>[!Note]
> This policy setting only controls if Microsoft is a processor for Windows diagnostic data from this device. Use the [System/AllowTelemetry](#system-allowtelemetry) policy setting to limit the diagnostic data that can be collected from the device.
Configuring this setting does not change the telemetry collection level or the ability of the user to change the level. This setting only applies to the Windows operating system and apps included with Windows, not third-party apps or services running on Windows 10.
<!--/Description-->
<!--ADMXMapped-->
@ -234,8 +233,8 @@ ADMX Info:
<!--SupportedValues-->
The following list shows the supported values:
- 0 (default) - Do not use the Windows Commercial Data Pipeline
- 1 - Use the Windows Commercial Data Pipeline
- 0 (default) - Disabled.
- 1 - Enabled.
<!--/SupportedValues-->
<!--Example-->
@ -245,7 +244,9 @@ The following list shows the supported values:
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="system-allowdevicenameindiagnosticdata"></a>**System/AllowDeviceNameInDiagnosticData**
@ -488,7 +489,7 @@ The following list shows the supported values:
<!--/Scope-->
<!--Description-->
Added in Windows 10, version 1703. Boolean policy setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. If you disable this policy setting, Windows does not connect to an online font provider and only enumerates locally-installed fonts.
Added in Windows 10, version 1703. Boolean policy setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. If you disable this policy setting, Windows does not connect to an online font provider and only enumerates locally installed fonts.
This MDM setting corresponds to the EnableFontProviders Group Policy setting. If both the Group Policy and the MDM settings are configured, the group policy setting takes precedence. If neither is configured, the behavior depends on a DisableFontProviders registry value. In server editions, this registry value is set to 1 by default, so the default behavior is false (disabled). In all other editions, the registry value is not set by default, so the default behavior is true (enabled).
@ -509,7 +510,7 @@ ADMX Info:
<!--SupportedValues-->
The following list shows the supported values:
- 0 - false - No traffic to fs.microsoft.com and only locally-installed fonts are available.
- 0 - false - No traffic to fs.microsoft.com and only locally installed fonts are available.
- 1 - true (default) - There may be network traffic to fs.microsoft.com and downloadable fonts are available to apps that support them.
<!--/SupportedValues-->
@ -1605,7 +1606,7 @@ The following list shows the supported values:
This policy setting, in combination with the System/AllowTelemetry
policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services.
To enable this behavior you must complete two steps:
To enable this behavior, you must complete two steps:
<ul>
<li>Enable this policy setting</li>
<li>Set Allow Telemetry to level 2 (Enhanced)</li>

89
windows/client-management/mdm/policy-csp-update.md
View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
ms.date: 02/10/2020
ms.date: 10/21/2020
ms.reviewer:
manager: dansimp
---
@ -96,6 +96,9 @@ manager: dansimp
<dd>
<a href="#update-disabledualscan">Update/DisableDualScan</a>
</dd>
<dd>
<a href="#update-disablewufbsafeguards">Update/DisableWUfBSafeguards</a>
</dd>
<dd>
<a href="#update-engagedrestartdeadline">Update/EngagedRestartDeadline</a>
</dd>
@ -1110,8 +1113,8 @@ ADMX Info:
<!--/ADMXMapped-->
<!--SupportedValues-->
Supported values:
- true - Enable
- false - Disable (Default)
- 0 - Disable (Default)
- 1 - Enable
<!--/SupportedValues-->
<!--Example-->
@ -2013,6 +2016,85 @@ The following list shows the supported values:
<hr/>
<!--Policy-->
<a href="" id="update-disablewufbsafeguards"></a>**Update/DisableWUfBSafeguards**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows Update for Business (WUfB) devices running Windows 10, version 1809 and above and installed with October 2020 security update. This policy setting specifies that a WUfB device should skip safeguards.
Safeguard holds prevent a device with a known compatibility issue from being offered a new OS version. The offering will proceed once a fix is issued and is verified on a held device. The aim of safeguards is to protect the device and user from a failed or poor upgrade experience.
The safeguard holds protection is provided by default to all the devices trying to update to a new Windows 10 Feature Update version via Windows Update.
IT admins can, if necessary, opt devices out of safeguard protections using this policy setting or via the “Disable safeguards for Feature Updates” Group Policy.
> [!NOTE]
> Opting out of the safeguards can put devices at risk from known performance issues. We recommend opting out only in an IT environment for validation purposes. Further, you can leverage the Windows Insider Program for Business Release Preview Channel in order to validate the upcoming Windows 10 Feature Update version without the safeguards being applied.
>
> The disable safeguards policy will revert to “Not Configured” on a device after moving to a new Windows 10 version, even if previously enabled. This ensures the admin is consciously disabling Microsofts default protection from known issues for each new feature update.
>
> Disabling safeguards does not guarantee your device will be able to successfully update. The update may still fail on the device and will likely result in a bad experience post upgrade as you are bypassing the protection given by Microsoft pertaining to known issues.
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Disable safeguards for Feature Updates*
- GP name: *DisableWUfBSafeguards*
- GP path: *Windows Components/Windows Update/Windows Update for Business*
- GP ADMX file name: *WindowsUpdate.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 (default) - Safeguards are enabled and devices may be blocked for upgrades until the safeguard is cleared.
- 1 - Safeguards are not enabled and upgrades will be deployed without blocking on safeguards.
<!--/SupportedValues-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="update-engagedrestartdeadline"></a>**Update/EngagedRestartDeadline**
@ -4525,4 +4607,3 @@ Footnotes:
- 8 - Available in Windows 10, version 2004.
<!--/Policies-->

561
windows/client-management/mdm/policy-csp-windowssandbox.md Normal file
View File

@ -0,0 +1,561 @@
---
title: Policy CSP - WindowsSandbox
description: Policy CSP - WindowsSandbox
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
ms.date: 10/14/2020
---
# Policy CSP - WindowsSandbox
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## WindowsSandbox policies
<dl>
<dd>
<a href="#windowssandbox-allowaudioinput">WindowsSandbox/AllowAudioInput</a>
</dd>
<dd>
<a href="#windowssandbox-allowclipboardredirection">WindowsSandbox/AllowClipboardRedirection</a>
</dd>
<dd>
<a href="#windowssandbox-allownetworking">WindowsSandbox/AllowNetworking</a>
</dd>
<dd>
<a href="#windowssandbox-allowprinterredirection">WindowsSandbox/AllowPrinterRedirection</a>
</dd>
<dd>
<a href="#windowssandbox-allowvgpu">WindowsSandbox/AllowVGPU</a>
</dd>
<dd>
<a href="#windowssandbox-allowvideoinput">WindowsSandbox/AllowVideoInput</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="windowssandbox-allowaudioinput"></a>**WindowsSandbox/AllowAudioInput**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting allows the IT admin to enable or disable audio input to the Sandbox.
> [!NOTE]
> There may be security implications of exposing host audio input to the container.
If this policy is not configured, end-users get the default behavior (audio input enabled).
If audio input is disabled, a user will not be able to enable audio input from their own configuration file.
If audio input is enabled, a user will be able to disable audio input from their own configuration file to make the device more secure.
> [!NOTE]
> You must restart Windows Sandbox for any changes to this policy setting to take effect.
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English Name: *Allow audio input in Windows Sandbox*
- GP name: *AllowAudioInput*
- GP path: *Windows Components/Windows Sandbox*
- GP ADMX file name: *WindowsSandbox.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
The following are the supported values:
- 0 - Disabled
- 1 (default) - Enabled
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="windowssandbox-allowclipboardredirection"></a>**WindowsSandbox/AllowClipboardRedirection**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting allows the IT admin to enable or disable sharing of the host clipboard with the sandbox.
If this policy is not configured, end-users get the default behavior (clipboard redirection enabled.
If clipboard sharing is disabled, a user will not be able to enable clipboard sharing from their own configuration file.
If clipboard sharing is enabled, a user will be able to disable clipboard sharing from their own configuration file to make the device more secure.
> [!NOTE]
> You must restart Windows Sandbox for any changes to this policy setting to take effect.
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English Name: *Allow clipboard sharing with Windows Sandbox*
- GP name: *AllowClipboardRedirection*
- GP path: *Windows Components/Windows Sandbox*
- GP ADMX file name: *WindowsSandbox.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
The following are the supported values:
- 0 - Disabled
- 1 (default) - Enabled
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="windowssandbox-allownetworking"></a>**WindowsSandbox/AllowNetworking**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting allows the IT admin to enable or disable networking in Windows Sandbox. Disabling network access can decrease the attack surface exposed by the Sandbox. Enabling networking can expose untrusted applications to the internal network.
If this policy is not configured, end-users get the default behavior (networking enabled).
If networking is disabled, a user will not be able to enable networking from their own configuration file.
If networking is enabled, a user will be able to disable networking from their own configuration file to make the device more secure.
> [!NOTE]
> You must restart Windows Sandbox for any changes to this policy setting to take effect.
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English Name: *Allow networking in Windows Sandbox*
- GP name: *AllowNetworking*
- GP path: *Windows Components/Windows Sandbox*
- GP ADMX file name: *WindowsSandbox.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
The following are the supported values:
- 0 - Disabled
- 1 (default) - Enabled
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="windowssandbox-allowprinterredirection"></a>**WindowsSandbox/AllowPrinterRedirection**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting allows the IT admin to enable or disable printer sharing from the host into the Sandbox.
If this policy is not configured, end-users get the default behavior (printer sharing disabled).
If printer sharing is disabled, a user will not be able to enable printer sharing from their own configuration file.
If printer sharing is enabled, a user will be able to disable printer sharing from their own configuration file to make the device more secure.
> [!NOTE]
> You must restart Windows Sandbox for any changes to this policy setting to take effect.
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English Name: *Allow printer sharing with Windows Sandbox*
- GP name: *AllowPrinterRedirection*
- GP path: *Windows Components/Windows Sandbox*
- GP ADMX file name: *WindowsSandbox.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
The following are the supported values:
- 0 - Disabled
- 1 (default) - Enabled
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="windowssandbox-allowvgpu"></a>**WindowsSandbox/AllowVGPU**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting allows the IT admin to enable or disable virtualized GPU for Windows Sandbox.
> [!NOTE]
> Enabling virtualized GPU can potentially increase the attack surface of Windows Sandbox.
If this policy is not configured, end-users get the default behavior (vGPU is disabled).
If vGPU is disabled, a user will not be able to enable vGPU support from their own configuration file.
If vGPU is enabled, a user will be able to disable vGPU support from their own configuration file to make the device more secure.
> [!NOTE]
> You must restart Windows Sandbox for any changes to this policy setting to take effect.
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English Name: *Allow vGPU sharing for Windows Sandbox*
- GP name: *AllowVGPU*
- GP path: *Windows Components/Windows Sandbox*
- GP ADMX file name: *WindowsSandbox.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
The following are the supported values:
- 0 (default) - Disabled
- 1 - Enabled
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="windowssandbox-allowvideoinput"></a>**WindowsSandbox/AllowVideoInput**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting allows the IT admin to enable or disable video input to the Sandbox.
> [!NOTE]
> There may be security implications of exposing host video input to the container.
If this policy is not configured, users get the default behavior (video input disabled).
If video input is disabled, users will not be able to enable video input from their own configuration file.
If video input is enabled, users will be able to disable video input from their own configuration file to make the device more secure.
> [!NOTE]
> You must restart Windows Sandbox for any changes to this policy setting to take effect.
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English Name: *Allow video input in Windows Sandbox*
- GP name: *AllowVideoInput*
- GP path: *Windows Components/Windows Sandbox*
- GP ADMX file name: *WindowsSandbox.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
The following are the supported values:
- 0 (default) - Disabled
- 1 - Enabled
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 9 - Available in Windows 10, version 20H2.
<!--/Policies-->

4
windows/client-management/mdm/surfacehub-csp.md
View File

@ -161,7 +161,7 @@ The following diagram shows the SurfaceHub CSP management objects in tree format
<thead>
<tr class="header">
<th>ErrorContext value</th>
<th>Stage where error occured</th>
<th>Stage where error occurred</th>
<th>Description and suggestions</th>
</tr>
</thead>
@ -239,7 +239,7 @@ The following diagram shows the SurfaceHub CSP management objects in tree format
<p style="margin-left: 20px">The data type is boolean. Supported operation is Get and Replace.
<a href="" id="inboxapps-welcome-currentbackgroundpath"></a>**InBoxApps/Welcome/CurrentBackgroundPath**
<p style="margin-left: 20px">Background image for the welcome screen. To set this, specify a https URL to a PNG file (only PNGs are supported for security reasons).
<p style="margin-left: 20px">Background image for the welcome screen. To set this, specify a https URL to a PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, please ensure they are valid and installed on the Hub, otherwise it may not be able to load the image.
<p style="margin-left: 20px">The data type is string. Supported operation is Get and Replace.

4
windows/client-management/troubleshoot-stop-errors.md
View File

@ -43,7 +43,9 @@ To troubleshoot Stop error messages, follow these general steps:
2. As a best practice, we recommend that you do the following:
a. Make sure that you install the latest Windows updates, cumulative updates, and rollup updates. To verify the update status, refer to the appropriate update history for your system:
- [Windows 10, version 2004](https://support.microsoft.com/help/4555932)
- [Windows 10, version 1909](https://support.microsoft.com/help/4529964)
- [Windows 10, version 1903](https://support.microsoft.com/help/4498140)
- [Windows 10, version 1809](https://support.microsoft.com/help/4464619)
- [Windows 10, version 1803](https://support.microsoft.com/help/4099479)
- [Windows 10, version 1709](https://support.microsoft.com/help/4043454)

2
windows/client-management/troubleshoot-tcpip-netmon.md
View File

@ -16,7 +16,7 @@ manager: dansimp
In this topic, you will learn how to use Microsoft Network Monitor 3.4, which is a tool for capturing network traffic.
> [Note]
> [!NOTE]
> Network Monitor is the archived protocol analyzer and is no longer under development. **Microsoft Message Analyzer** is the replacement for Network Monitor. For more details, see [Microsoft Message Analyzer Operating Guide](https://docs.microsoft.com/message-analyzer/microsoft-message-analyzer-operating-guide).
To get started, [download and run NM34_x64.exe](https://www.microsoft.com/download/details.aspx?id=4865). When you install Network Monitor, it installs its driver and hooks it to all the network adapters installed on the device. You can see the same on the adapter properties, as shown in the following image.

4
windows/deployment/TOC.yml
View File

@ -144,6 +144,8 @@
href: update/media-dynamic-update.md
- name: Migrating and acquiring optional Windows content
href: update/optional-content.md
- name: Safeguard holds
href: update/safeguard-holds.md
- name: Manage the Windows 10 update experience
items:
- name: Manage device restarts after updates
@ -237,6 +239,8 @@
items:
- name: How to troubleshoot Windows Update
href: update/windows-update-troubleshooting.md
- name: Opt out of safeguard holds
href: update/safeguard-opt-out.md
- name: Determine the source of Windows Updates
href: update/windows-update-sources.md
- name: Common Windows Update errors

BIN
windows/deployment/images/sigverif.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 38 KiB

4
windows/deployment/planning/windows-10-deprecated-features.md
View File

@ -26,6 +26,7 @@ The features described below are no longer being actively developed, and might b
|Feature | Details and mitigation | Announced in version |
| ----------- | --------------------- | ---- |
| Microsoft Edge | The legacy version of Microsoft Edge is no longer being developed.| 2004 |
| Companion Device Framework | The [Companion Device Framework](https://docs.microsoft.com/windows-hardware/design/device-experiences/windows-hello-companion-device-framework) is no longer under active development.| 2004 |
| Microsoft Edge | The legacy version of Microsoft Edge is no longer being developed.| 2004 |
| Dynamic Disks | The [Dynamic Disks](https://docs.microsoft.com/windows/win32/fileio/basic-and-dynamic-disks#dynamic-disks) feature is no longer being developed. This feature will be fully replaced by [Storage Spaces](https://docs.microsoft.com/windows-server/storage/storage-spaces/overview) in a future release.| 2004 |
@ -37,12 +38,13 @@ The features described below are no longer being actively developed, and might b
| Wi-Fi WEP and TKIP | Since the 1903 release, a warning message has appeared when connecting to Wi-Fi networks secured with WEP or TKIP (which are not as secure as those using WPA2 or WPA3). In a future release, any connection to a Wi-Fi network using these old ciphers will be disallowed. Wi-Fi routers should be updated to use AES ciphers, available with WPA2 or WPA3. | 1903 |
| Windows To Go | Windows To Go is no longer being developed. <br><br>The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.| 1903 |
| Print 3D app | Going forward, 3D Builder is the recommended 3D printing app. To 3D print objects on new Windows devices, customers must first install 3D Builder from the Store.| 1903 |
|Companion device dynamic lock APIS|The companion device framework (CDF) APIs enable wearables and other devices to unlock a PC. In Windows 10, version 1709, we introduced [Dynamic Lock](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-features#dynamic-lock), including an inbox method using Bluetooth to detect whether a user is present and lock or unlock the PC. Because of this, and because third party partners didn't adopt the CDF method, we're no longer developing CDF Dynamic Lock APIs.| 1809 |
|Companion device dynamic lock APIS|The companion device framework (CDF) APIs enable wearables and other devices to unlock a PC. In Windows 10, version 1709, we introduced [Dynamic Lock](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-features#dynamic-lock), including an inbox method using Bluetooth to detect whether a user is present and lock or unlock the PC. Because of this, and because non-Microsoft partners didn't adopt the CDF method, we're no longer developing CDF Dynamic Lock APIs.| 1809 |
|OneSync service|The OneSync service synchronizes data for the Mail, Calendar, and People apps. We've added a sync engine to the Outlook app that provides the same synchronization.| 1809 |
|Snipping Tool|The Snipping Tool is an application included in Windows 10 that is used to capture screenshots, either the full screen or a smaller, custom "snip" of the screen. In Windows 10, version 1809, we're [introducing a new universal app, Snip & Sketch](https://blogs.windows.com/windowsexperience/2018/05/03/announcing-windows-10-insider-preview-build-17661/#8xbvP8vMO0lF20AM.97), that provides the same screen snipping abilities, as well as additional features. You can launch Snip & Sketch directly and start a snip from there, or just press WIN + Shift + S. Snip & Sketch can also be launched from the “Screen snip” button in the Action Center. We're no longer developing the Snipping Tool as a separate app but are instead consolidating its functionality into Snip & Sketch.| 1809 |
|[Software Restriction Policies](https://docs.microsoft.com/windows-server/identity/software-restriction-policies/software-restriction-policies) in Group Policy|Instead of using the Software Restriction Policies through Group Policy, you can use [AppLocker](https://docs.microsoft.com/windows/security/threat-protection/applocker/applocker-overview) or [Windows Defender Application Control](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control) to control which apps users can access and what code can run in the kernel.| 1803 |
|[Offline symbol packages](https://docs.microsoft.com/windows-hardware/drivers/debugger/debugger-download-symbols) (Debug symbol MSIs)|We're no longer making the symbol packages available as a downloadable MSI. Instead, the [Microsoft Symbol Server is moving to be an Azure-based symbol store](https://blogs.msdn.microsoft.com/windbg/2017/10/18/update-on-microsofts-symbol-server/). If you need the Windows symbols, connect to the Microsoft Symbol Server to cache your symbols locally or use a manifest file with SymChk.exe on a computer with internet access.| 1803 |
|Windows Help Viewer (WinHlp32.exe)|All Windows help information is [available online](https://support.microsoft.com/products/windows?os=windows-10). The Windows Help Viewer is no longer supported in Windows 10. If for any reason you see an error message about "help not supported," possibly when using a non-Microsoft application, read [this support article](https://support.microsoft.com/help/917607/error-opening-help-in-windows-based-programs-feature-not-included-or-h) for additional information and any next steps.| 1803 |
|MBAE service metadata|The MBAE app experience is replaced by an MO UWP app. For more information, see [Developer guide for creating service metadata](https://docs.microsoft.com/windows-hardware/drivers/mobilebroadband/developer-guide-for-creating-service-metadata) | 1803 |
|Contacts feature in File Explorer|We're no longer developing the Contacts feature or the corresponding [Windows Contacts API](https://msdn.microsoft.com/library/ff800913.aspx). Instead, you can use the People app in Windows 10 to maintain your contacts.| 1803 |
|Phone Companion|Use the **Phone** page in the Settings app. In Windows 10, version 1709, we added the new **Phone** page to help you sync your mobile phone with your PC. It includes all the Phone Companion features.| 1803 |
|IPv4/6 Transition Technologies (6to4, ISATAP, Teredo, and Direct Tunnels)|6to4 has been disabled by default since Windows 10, version 1607 (the Anniversary Update), ISATAP has been disabled by default since Windows 10, version 1703 (the Creators Update), Teredo has been disabled since Windows 10, version 1803, and Direct Tunnels has always been disabled by default. Please use native IPv6 support instead.| 1803 |

1
windows/deployment/planning/windows-10-removed-features.md
View File

@ -27,6 +27,7 @@ The following features and functionalities have been removed from the installed
|Feature | Details and mitigation | Removed in version |
| ----------- | --------------------- | ------ |
|MBAE service metadata|The MBAE app experience is replaced by an MO UWP app. Metadata for the MBAE service is removed. | 20H2 |
| Connect app | The **Connect** app for wireless projection using Miracast is no longer installed by default, but is available as an optional feature. To install the app, click on **Settings** > **Apps** > **Optional features** > **Add a feature** and then install the **Wireless Display** app. | 2004 |
| Rinna and Japanese Address suggestion | The Rinna and Japanese Address suggestion service for Microsoft Japanese Input Method Editor (IME) ended on August 13th, 2020. For more information, see [Rinna and Japanese Address suggestion will no longer be offered](https://support.microsoft.com/help/4576767/windows-10-rinna-and-japanese-address-suggestion) | 2004 |
| Cortana | Cortana has been updated and enhanced in the Windows 10 May 2020 Update. With [these changes](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-2004#cortana), some previously available consumer skills such as music, connected home, and other non-Microsoft skills are no longer available. | 2004 |

34
windows/deployment/update/create-deployment-plan.md
View File

@ -6,20 +6,20 @@ ms.mktglfcycl: manage
author: jaimeo
ms.localizationpriority: medium
ms.author: jaimeo
ms.reviewer:
ms.collection: m365initiative-coredeploy
manager: laurawi
ms.topic: article
---
# Create a deployment plan
A service management mindset means that the devices in your organization fall into a continuum, with the software update process being constantly planned, deployed, monitored, and optimized. And once this process is used for feature updates, quality updates become a lightweight procedure that is simple and fast to execute, ultimately increasing velocity.
A "service management" mindset means that the devices in your organization fall into a continuum, with the software update process being constantly planned, deployed, monitored, and optimized. And once you use this process for feature updates, quality updates become a lightweight procedure that is simple and fast to execute, ultimately increasing velocity.
When you move to a service management model, you need effective ways of rolling out updates to representative groups of devices, and weve found that ring-based deployment is a methodology that works well for us at Microsoft and many other organizations across the globe. Deployment rings in Windows 10 are similar to the deployment groups most organizations constructed for previous major revision upgrades--they are simply a method by which to separate devices into a deployment timeline.
When you move to a service management model, you need effective ways of rolling out updates to representative groups of devices. Weve found that a ring-based deployment works well for us at Microsoft and many other organizations across the globe. Deployment rings in Windows 10 are similar to the deployment groups most organizations constructed for previous major revision upgrades. They are simply a method to separate devices into a deployment timeline.
At the highest level, each “ring” comprise a group of users or devices that receive a particular update concurrently. For each ring, IT administrators set criteria to control deferral time or adoption (completion) that should be met before deployment to the next broader ring of devices or users can occur.
At the highest level, each “ring” comprises a group of users or devices that receive a particular update concurrently. For each ring, IT administrators set criteria to control deferral time or adoption (completion) that should be met before deployment to the next broader ring of devices or users can occur.
A common ring structure comprises three deployment groups:
A common ring structure uses three deployment groups:
- Preview: Planning and development
- Limited: Pilot and validation
@ -34,22 +34,20 @@ A common ring structure comprises three deployment groups:
## How many rings should I have?
There are no definite rules for exactly how many rings to have for your deployments. As mentioned previously, you might want to ensure zero downtime for mission-critical devices by putting them in their own ring. If you have a large
organization, you might want to consider assigning devices to rings based on geographic location or the size of rings so that helpdesk resources are more available. Consider the needs of your business and introduce rings that make sense for your organization.
There are no definite rules for exactly how many rings to have for your deployments. As mentioned previously, you might want to ensure zero downtime for mission-critical devices by putting them in their own ring. If you have a large organization, you might want to consider assigning devices to rings based on geographic location or the size of rings so that helpdesk resources are more available. Consider the needs of your business and introduce rings that make sense for your organization.
## Advancing between rings
There are basically two strategies for moving deployments from one ring to the next. One is service based, the other project based.
There are basically two strategies for moving deployments from one ring to the next. One is service-based, the other project based.
- "Red button" (service based): Assumes that content is good until proven bad. Content flows until an issue is discovered, at which point the IT administrator presses the “red button” to stop further distribution.
- Green button (project based): Assumes that content is bad until proven good. Once all validation has passed, the IT administrator presses the “green button” to push the content to the next ring.
When it comes to deployments, having manual steps in the process usually impedes update velocity, so a "red button" strategy is better when that is your goal.
When it comes to deployments, having manual steps in the process usually impedes update velocity. A "red button" strategy is better when that is your goal.
## Preview ring
The purpose of the Preview ring is to evaluate the new features of the update. This is specifically *not* for broad parts of the organization but is limited to the people who are responsible for knowing what is coming next,
generally IT administrators. Ultimately, this is the time the design and planning work happens so that when the public update is actually shipped, you can have greater confidence in the update.
The purpose of the Preview ring is to evaluate the new features of the update. It's *not* for broad parts of the organization but is limited to the people who are responsible for knowing what is coming next, generally IT administrators. Ultimately, this phase is the time the design and planning work happens so that when the public update is shipped, you can have greater confidence in the update.
> [!NOTE]
> Being part of the [Windows Insider Program](https://insider.windows.com/for-business/) gives you early access to Windows releases so that you can use Insider Preview builds in your Preview ring to validate your apps and infrastructure, preparing you for public Windows releases.
@ -57,14 +55,14 @@ generally IT administrators. Ultimately, this is the time the design and plannin
### Who goes in the Preview ring?
The Preview ring users are the most tech savvy and resilient people, who will not lose productivity if something goes wrong. In general, these are IT pros, and perhaps a few people in the business organization.
The Preview ring users are the most tech savvy and resilient people, who will not lose productivity if something goes wrong. In general, these users are IT pros, and perhaps a few people in the business organization.
During your plan and prepare phases, these are the activities you should focus on:
During your plan and prepare phases, you should focus on the following activities:
- Work with Windows Insider Preview builds.
- Identify the features and functionality your organization can or wants to use.
- Establish who will use the features and how they will benefit.
- Understand why you are putting the update out.
- Understand why you are putting out the update.
- Plan for usage feedback.
Remember, you are working with pre-release software in the Preview ring and you will be evaluating features and testing the update for a targeted release.
@ -76,7 +74,7 @@ Remember, you are working with pre-release software in the Preview ring and you
## Limited ring
The purpose of the Limited ring is to validate the update on representative devices across the network. During this period, data, and feedback is generated to enable the decision to move forward to broader deployment. Desktop
The purpose of the Limited ring is to validate the update on representative devices across the network. During this period, data, and feedback are generated to enable the decision to move forward to broader deployment. Desktop
Analytics can help with defining a good Limited ring of representative devices and assist in monitoring the deployment.
### Who goes in the Limited ring?
@ -84,7 +82,7 @@ Analytics can help with defining a good Limited ring of representative devices a
The most important part of this phase is finding a representative sample of devices and applications across your network. If possible, all hardware and all applications should be represented, and it's important that the people selected for this ring are using their devices regularly in order to generate the data you will need to make a decision for broader deployment across your organization. The IT department, lab devices, and users with the most cutting-edge hardware usually dont have the applications or device drivers that are truly a representative sample of your network.
During your pilot and validate phases, these are the activities you should focus on:
During your pilot and validate phases, you should focus on the following activities:
- Deploy new innovations.
- Assess and act if issues are encountered.
@ -104,7 +102,7 @@ In most businesses, the Broad ring includes the rest of your organization. Becau
> In some instances, you might hold back on mission critical devices (such as medical devices) until deployment in the Broad ring is complete. Get best practices and recommendations for deploying Windows 10 feature
> updates to mission critical devices.
During the broad deployment phase, these are the activities you should focus on:
During the broad deployment phase, you should focus on the following activities:
- Deploy to all devices in the organization.
- Work through any final unusual issues that were not detected in your Limited ring.
@ -112,7 +110,7 @@ During the broad deployment phase, these are the activities you should focus on:
## Ring deployment planning
Previously, we have provided methods for analyzing your deployments, but these have generally been standalone tools to assess, manage and execute deployments. In other words, you would generate an analysis, make a deployment strategy, and then move to your console for implementation, repeating these steps for each deployment. We have combined many of these tasks, and more, into a single interface with Desktop Analytics.
Previously, we have provided methods for analyzing your deployments, but these have been standalone tools to assess, manage and execute deployments. In other words, you would generate an analysis, make a deployment strategy, and then move to your console for implementation, repeating these steps for each deployment. We have combined many of these tasks, and more, into a single interface with Desktop Analytics.
[Desktop Analytics](https://docs.microsoft.com/mem/configmgr/desktop-analytics/overview) is a cloud-based service and a key tool in [Microsoft Endpoint Manager](https://docs.microsoft.com/mem/configmgr/core/understand/microsoft-endpoint-manager-faq). Using artificial intelligence and machine learning, Desktop Analytics is a powerful tool to give you insights and intelligence to

2
windows/deployment/update/delivery-optimization-proxy.md
View File

@ -54,7 +54,7 @@ With NetworkService (if unable to obtain a user token from a signed-in user):
|---------|---------|
|Internet Explorer proxy, current user | No |
|Internet Explorer proxy, device-wide | Yes |
|netsh proxy | No |
|netsh proxy | Yes |
|Both Internet Explorer proxy (current user) *and* netsh proxy | Yes, netsh proxy is used |
|Both Internet Explorer proxy (device-wide) *and* netsh proxy | Yes, netsh proxy is used |

17
windows/deployment/update/eval-infra-tools.md
View File

@ -1,8 +1,7 @@
---
title: Evaluate infrastructure and tools
ms.reviewer:
manager: laurawi
description:
description: Steps to make sure your infrastructure is ready to deploy updates
keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools
ms.prod: w10
ms.mktglfcycl: manage
@ -11,18 +10,18 @@ author: jaimeo
ms.localizationpriority: medium
ms.audience: itpro
ms.topic: article
ms.collection: M365-modern-desktop
ms.collection: m365initiative-coredeploy
---
# Evaluate infrastructure and tools
Before you deploy an update, it's best to assess your deployment infrastucture (that is, tools such as Configuration Manager, Microsoft Intune, or similar) and current configurations (such as security baselines, administrative templates, and policies that affect updates). Then, set some criteria to define your operational readiness.
Before you deploy an update, it's best to assess your deployment infrastructure (that is, tools such as Configuration Manager, Microsoft Intune, or similar) and current configurations (such as security baselines, administrative templates, and policies that affect updates). Then, set some criteria to define your operational readiness.
## Infrastructure
Do your deployment tools need updates?
- If you use Configuration Manager, is it on the Current Branch with the latest release installed. This ensures that it supports the next Windows 10 feature update. Configuration Manager releases are supported for 18 months.
- If you use Configuration Manager, is it on the Current Branch with the latest release installed. Being on this branch ensures that it supports the next Windows 10 feature update. Configuration Manager releases are supported for 18 months.
- Using a cloud-based management tool like Microsoft Intune reduces support challenges, since no related products need to be updated.
- If you use a non-Microsoft tool, check with its product support to make sure you're using the current version and that it supports the next Windows 10 feature update.
@ -30,11 +29,11 @@ Rely on your experiences and data from previous deployments to help you judge ho
## Device settings
Make sure your security basline, administrative templates, and policies have the right settings to support your devices once the new Windows 10 update is installed.
Make sure your security baseline, administrative templates, and policies have the right settings to support your devices once the new Windows 10 update is installed.
### Security baseline
Keep security baslines current to help ensure that your environment is secure and that new security feature in the coming Windows 10 update are set properly.
Keep security baselines current to help ensure that your environment is secure and that new security feature in the coming Windows 10 update are set properly.
- **Microsoft security baselines**: You should implement security baselines from Microsoft. They are included in the [Security Compliance Toolkit](https://www.microsoft.com/download/details.aspx?id=55319), along with tools for managing them.
- **Industry- or region-specific baselines**: Your specific industry or region might have particular baselines that you must follow per regulations. Ensure that any new baselines support the version of Windows 10 you are about to deploy.
@ -49,14 +48,14 @@ There are a number of Windows policies (set by Group Policy, Intune, or other me
## Define operational readiness criteria
When youve deployed an update, youll need to make sure the update isnt introducing new operational issues. And youll also ensure that if incidents arise, the needed documentation and processes are available. To achieve this, work with your operations and support team to define acceptable trends and what documents or processes require updating:
When youve deployed an update, youll need to make sure the update isnt introducing new operational issues. And youll also ensure that if incidents arise, the needed documentation and processes are available. Work with your operations and support team to define acceptable trends and what documents or processes require updating:
- **Call trend**: Define what percentage increase in calls relating to Windows 10 feature updates are acceptable or can be supported.
- **Incident trend**: Define what percentage of increase in calls asking for support relating to Windows 10 feature updates are acceptable or can be supported.
- **Support documentation**: Review supporting documentation that requires an update to support new infrastructure tooling or configuration as part of the Windows 10 feature update.
- **Process changes:** Define and update any processes that will change as a result of the Windows 10 feature update.
Your operations and support staff can help you determine if the appropriate information is being tracked at the moment. If it isn't, work out how to get get this information so you can gain the right insight.
Your operations and support staff can help you determine if the appropriate information is being tracked at the moment. If it isn't, work out how to get this information so you can gain the right insight.
## Tasks

BIN
windows/deployment/update/images/safeguard-hold-notification.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 36 KiB

130
windows/deployment/update/media-dynamic-update.md
View File

@ -18,7 +18,7 @@ ms.topic: article
**Applies to**: Windows 10
This topic explains how to acquire and apply Dynamic Update packages to existing Windows 10 images <em>prior to deployment</em> and includes Windows PowerShell scripts you can use to automate this process.
This topic explains how to acquire and apply Dynamic Update packages to existing Windows 10 images *prior to deployment* and includes Windows PowerShell scripts you can use to automate this process.
Volume-licensed media is available for each release of Windows 10 in the Volume Licensing Service Center (VLSC) and other relevant channels such as Windows Update for Business, Windows Server Update Services (WSUS), and Visual Studio Subscriptions. You can use Dynamic Update to ensure that Windows 10 devices have the latest feature update packages as part of an in-place upgrade while preserving language pack and Features on Demand (FODs) that might have been previously installed. Dynamic Update also eliminates the need to install a separate quality update as part of the in-place upgrade process.
@ -42,8 +42,7 @@ You can obtain Dynamic Update packages from the [Microsoft Update Catalog](https
![Table with columns labeled Title, Products, Classification, Last Updated, Version, and Size and four rows listing various dynamic updates and associated KB articles](images/update-catalog.png)
The various Dynamic Update packages might not all be present in the results from a single search, so you might have to search with different keywords to find all of the updates. And you'll need to check various parts of the results to be sure you've identified the needed files. This table shows in <em>bold</em> the key items to search for or look for in the results. For example, to find the relevant "Setup Dynamic Update," you'll have to check the detailed description for the download by selecting the link in the **Title** column of the search results.
The various Dynamic Update packages might not all be present in the results from a single search, so you might have to search with different keywords to find all of the updates. And you'll need to check various parts of the results to be sure you've identified the needed files. This table shows in **bold** the key items to search for or look for in the results. For example, to find the relevant "Setup Dynamic Update," you'll have to check the detailed description for the download by selecting the link in the **Title** column of the search results.
|To find this Dynamic Update packages, search for or check the results here--> |Title |Product |Description (select the **Title** link to see **Details**) |
|---------|---------|---------|---------|
@ -94,8 +93,7 @@ Optional Components, along with the .NET feature, can be installed offline, howe
## Windows PowerShell scripts to apply Dynamic Updates to an existing image
These examples are for illustration only, and therefore lack error handling. The script assumes that the following packages is stored locally in this folder structure:
These examples are for illustration only, and therefore lack error handling. The script assumes that the following packages are stored locally in this folder structure:
|Folder |Description |
|---------|---------|
@ -108,18 +106,20 @@ These examples are for illustration only, and therefore lack error handling. The
The script starts by declaring global variables and creating folders to use for mounting images. Then, make a copy of the original media, from \oldMedia to \newMedia, keeping the original media in case there is a script error and it's necessary to start over from a known state. Also, it will provide a comparison of old versus new media to evaluate changes. To ensure that the new media updates, make sure they are not read-only.
```powershell
function Get-TS { return "{0:HH:mm:ss}" -f (Get-Date) }
#Requires -RunAsAdministrator
Write-Host "$(Get-TS): Starting media refresh"
function Get-TS { return "{0:HH:mm:ss}" -f [DateTime]::Now }
# Declare media for FOD and LPs
$FOD_ISO_PATH = "C:\mediaRefresh\packages\FOD-PACKAGES_OEM_PT1_amd64fre_MULTI.iso"
$LP_ISO_PATH = "C:\mediaRefresh\packages\CLIENTLANGPACKDVD_OEM_MULTI.iso"
Write-Output "$(Get-TS): Starting media refresh"
# Declare language for showcasing adding optional localized components
$LANG = "ja-jp"
$LANG_FONT_CAPABILITY = "jpan"
# Declare media for FOD and LPs
$FOD_ISO_PATH = "C:\mediaRefresh\packages\FOD-PACKAGES_OEM_PT1_amd64fre_MULTI.iso"
$LP_ISO_PATH = "C:\mediaRefresh\packages\CLIENTLANGPACKDVD_OEM_MULTI.iso"
# Declare Dynamic Update packages
$LCU_PATH = "C:\mediaRefresh\packages\LCU.msu"
$SSU_PATH = "C:\mediaRefresh\packages\SSU_DU.msu"
@ -128,29 +128,29 @@ $SAFE_OS_DU_PATH = "C:\mediaRefresh\packages\SafeOS_DU.cab"
$DOTNET_CU_PATH = "C:\mediaRefresh\packages\DotNet_CU.msu"
# Declare folders for mounted images and temp files
$WORKING_PATH = "C:\mediaRefresh\temp"
$MEDIA_OLD_PATH = "C:\mediaRefresh\oldMedia"
$MEDIA_NEW_PATH = "C:\mediaRefresh\newMedia"
$MAIN_OS_MOUNT = $WORKING_PATH + "\MainOSMount"
$WINRE_MOUNT = $WORKING_PATH + "\WinREMount"
$WINPE_MOUNT = $WORKING_PATH + "\WinPEMount"
$WORKING_PATH = "C:\mediaRefresh\temp"
$MAIN_OS_MOUNT = "C:\mediaRefresh\temp\MainOSMount"
$WINRE_MOUNT = "C:\mediaRefresh\temp\WinREMount"
$WINPE_MOUNT = "C:\mediaRefresh\temp\WinPEMount"
# Mount the language pack ISO
Write-Host "$(Get-TS): Mounting LP ISO"
Write-Output "$(Get-TS): Mounting LP ISO"
$LP_ISO_DRIVE_LETTER = (Mount-DiskImage -ImagePath $LP_ISO_PATH -ErrorAction stop | Get-Volume).DriveLetter
# Declare language related cabs
$WINPE_OC_PATH = Join-Path $LP_ISO_DRIVE_LETTER":" -ChildPath "Windows Preinstallation Environment" | Join-Path -ChildPath "x64" | Join-Path -ChildPath "WinPE_OCs"
$WINPE_OC_LANG_PATH = Join-Path $WINPE_OC_PATH $LANG
$WINPE_OC_LANG_CABS = Get-ChildItem $WINPE_OC_LANG_PATH -name
$WINPE_OC_LP_PATH = Join-Path $WINPE_OC_LANG_PATH "lp.cab"
$WINPE_FONT_SUPPORT_PATH = Join-Path $WINPE_OC_PATH "WinPE-FontSupport-$LANG.cab"
$WINPE_SPEECH_TTS_PATH = Join-Path $WINPE_OC_PATH "WinPE-Speech-TTS.cab"
$WINPE_SPEECH_TTS_LANG_PATH = Join-Path $WINPE_OC_PATH "WinPE-Speech-TTS-$LANG.cab"
$OS_LP_PATH = $LP_ISO_DRIVE_LETTER + ":\x64\langpacks\" + "Microsoft-Windows-Client-Language-Pack_x64_" + $LANG + ".cab"
$WINPE_OC_PATH = "$LP_ISO_DRIVE_LETTER`:\Windows Preinstallation Environment\x64\WinPE_OCs"
$WINPE_OC_LANG_PATH = "$WINPE_OC_PATH\$LANG"
$WINPE_OC_LANG_CABS = Get-ChildItem $WINPE_OC_LANG_PATH -Name
$WINPE_OC_LP_PATH = "$WINPE_OC_LANG_PATH\lp.cab"
$WINPE_FONT_SUPPORT_PATH = "$WINPE_OC_PATH\WinPE-FontSupport-$LANG.cab"
$WINPE_SPEECH_TTS_PATH = "$WINPE_OC_PATH\WinPE-Speech-TTS.cab"
$WINPE_SPEECH_TTS_LANG_PATH = "$WINPE_OC_PATH\WinPE-Speech-TTS-$LANG.cab"
$OS_LP_PATH = "$LP_ISO_DRIVE_LETTER`:\x64\langpacks\Microsoft-Windows-Client-Language-Pack_x64_$LANG.cab"
# Mount the Features on Demand ISO
Write-Host "$(Get-TS): Mounting FOD ISO"
Write-Output "$(Get-TS): Mounting FOD ISO"
$FOD_ISO_DRIVE_LETTER = (Mount-DiskImage -ImagePath $FOD_ISO_PATH -ErrorAction stop | Get-Volume).DriveLetter
$FOD_PATH = $FOD_ISO_DRIVE_LETTER + ":\"
@ -161,10 +161,11 @@ New-Item -ItemType directory -Path $WINRE_MOUNT -ErrorAction stop | Out-Null
New-Item -ItemType directory -Path $WINPE_MOUNT -ErrorAction stop | Out-Null
# Keep the original media, make a copy of it for the new, updated media.
Write-Host "$(Get-TS): Copying original media to new media path"
Write-Output "$(Get-TS): Copying original media to new media path"
Copy-Item -Path $MEDIA_OLD_PATH"\*" -Destination $MEDIA_NEW_PATH -Force -Recurse -ErrorAction stop | Out-Null
Get-ChildItem -Path $MEDIA_NEW_PATH -Recurse | Where-Object { -not $_.PSIsContainer -and $_.IsReadOnly } | ForEach-Object { $_.IsReadOnly = $false }
```
### Update WinRE
The script assumes that only a single edition is being updated, indicated by Index = 1 (Windows 10 Education Edition). Then the script mounts the image, saves Winre.wim to the working folder, and mounts it. It then applies servicing stack Dynamic Update, since its components are used for updating other components. Since the script is optionally adding Japanese, it adds the language pack to the image, and installs the Japanese versions of all optional packages already installed in Winre.wim. Then, it applies the Safe OS Dynamic Update package.
@ -176,25 +177,25 @@ It finishes by cleaning and exporting the image to reduce the image size.
```powershell
# Mount the main operating system, used throughout the script
Write-Host "$(Get-TS): Mounting main OS"
Write-Output "$(Get-TS): Mounting main OS"
Mount-WindowsImage -ImagePath $MEDIA_NEW_PATH"\sources\install.wim" -Index 1 -Path $MAIN_OS_MOUNT -ErrorAction stop| Out-Null
#
# update Windows Recovery Environment (WinRE)
#
Copy-Item -Path $MAIN_OS_MOUNT"\windows\system32\recovery\winre.wim" -Destination $WORKING_PATH"\winre.wim" -Force -Recurse -ErrorAction stop | Out-Null
Write-Host "$(Get-TS): Mounting WinRE"
Write-Output "$(Get-TS): Mounting WinRE"
Mount-WindowsImage -ImagePath $WORKING_PATH"\winre.wim" -Index 1 -Path $WINRE_MOUNT -ErrorAction stop | Out-Null
# Add servicing stack update
Write-Host "$(Get-TS): Adding package $SSU_PATH"
Write-Output "$(Get-TS): Adding package $SSU_PATH"
Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SSU_PATH -ErrorAction stop | Out-Null
#
# Optional: Add the language to recovery environment
#
# Install lp.cab cab
Write-Host "$(Get-TS): Adding package $WINPE_OC_LP_PATH"
Write-Output "$(Get-TS): Adding package $WINPE_OC_LP_PATH"
Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_OC_LP_PATH -ErrorAction stop | Out-Null
# Install language cabs for each optional package installed
@ -210,7 +211,7 @@ Foreach ($PACKAGE in $WINRE_INSTALLED_OC) {
$OC_CAB = $PACKAGE.PackageName.Substring(0, $INDEX) + "_" + $LANG + ".cab"
if ($WINPE_OC_LANG_CABS.Contains($OC_CAB)) {
$OC_CAB_PATH = Join-Path $WINPE_OC_LANG_PATH $OC_CAB
Write-Host "$(Get-TS): Adding package $OC_CAB_PATH"
Write-Output "$(Get-TS): Adding package $OC_CAB_PATH"
Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $OC_CAB_PATH -ErrorAction stop | Out-Null
}
}
@ -219,7 +220,7 @@ Foreach ($PACKAGE in $WINRE_INSTALLED_OC) {
# Add font support for the new language
if ( (Test-Path -Path $WINPE_FONT_SUPPORT_PATH) ) {
Write-Host "$(Get-TS): Adding package $WINPE_FONT_SUPPORT_PATH"
Write-Output "$(Get-TS): Adding package $WINPE_FONT_SUPPORT_PATH"
Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_FONT_SUPPORT_PATH -ErrorAction stop | Out-Null
}
@ -227,30 +228,31 @@ if ( (Test-Path -Path $WINPE_FONT_SUPPORT_PATH) ) {
if (Test-Path -Path $WINPE_SPEECH_TTS_PATH) {
if ( (Test-Path -Path $WINPE_SPEECH_TTS_LANG_PATH) ) {
Write-Host "$(Get-TS): Adding package $WINPE_SPEECH_TTS_PATH"
Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_PATH"
Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_SPEECH_TTS_PATH -ErrorAction stop | Out-Null
Write-Host "$(Get-TS): Adding package $WINPE_SPEECH_TTS_LANG_PATH"
Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_LANG_PATH"
Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_SPEECH_TTS_LANG_PATH -ErrorAction stop | Out-Null
}
}
# Add Safe OS
Write-Host "$(Get-TS): Adding package $SAFE_OS_DU_PATH"
Write-Output "$(Get-TS): Adding package $SAFE_OS_DU_PATH"
Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SAFE_OS_DU_PATH -ErrorAction stop | Out-Null
# Perform image cleanup
Write-Host "$(Get-TS): Performing image cleanup on WinRE"
Write-Output "$(Get-TS): Performing image cleanup on WinRE"
DISM /image:$WINRE_MOUNT /cleanup-image /StartComponentCleanup | Out-Null
# Dismount
Dismount-WindowsImage -Path $WINRE_MOUNT -Save -ErrorAction stop | Out-Null
# Export
Write-Host "$(Get-TS): Exporting image to $WORKING_PATH\winre2.wim"
Write-Output "$(Get-TS): Exporting image to $WORKING_PATH\winre2.wim"
Export-WindowsImage -SourceImagePath $WORKING_PATH"\winre.wim" -SourceIndex 1 -DestinationImagePath $WORKING_PATH"\winre2.wim" -ErrorAction stop | Out-Null
Move-Item -Path $WORKING_PATH"\winre2.wim" -Destination $WORKING_PATH"\winre.wim" -Force -ErrorAction stop | Out-Null
```
### Update WinPE
This script is similar to the one that updates WinRE, but instead it mounts Boot.wim, applies the packages with the latest cumulative update last, and saves. It repeats this for all images inside of Boot.wim, typically two images. It starts by applying the servicing stack Dynamic Update. Since the script is customizing this media with Japanese, it installs the language pack from the WinPE folder on the language pack ISO. Additionally, add font support and text to speech (TTS) support. Since the script is adding a new language, it rebuilds lang.ini, used to identify languages installed in the image. Finally, it cleans and exports Boot.wim, and copies it back to the new media.
@ -266,15 +268,15 @@ $WINPE_IMAGES = Get-WindowsImage -ImagePath $MEDIA_NEW_PATH"\sources\boot.wim"
Foreach ($IMAGE in $WINPE_IMAGES) {
# update WinPE
Write-Host "$(Get-TS): Mounting WinPE"
Write-Output "$(Get-TS): Mounting WinPE"
Mount-WindowsImage -ImagePath $MEDIA_NEW_PATH"\sources\boot.wim" -Index $IMAGE.ImageIndex -Path $WINPE_MOUNT -ErrorAction stop | Out-Null
# Add SSU
Write-Host "$(Get-TS): Adding package $SSU_PATH"
Write-Output "$(Get-TS): Adding package $SSU_PATH"
Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $SSU_PATH -ErrorAction stop | Out-Null
# Install lp.cab cab
Write-Host "$(Get-TS): Adding package $WINPE_OC_LP_PATH"
Write-Output "$(Get-TS): Adding package $WINPE_OC_LP_PATH"
Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $WINPE_OC_LP_PATH -ErrorAction stop | Out-Null
# Install language cabs for each optional package installed
@ -291,7 +293,7 @@ Foreach ($IMAGE in $WINPE_IMAGES) {
$OC_CAB = $PACKAGE.PackageName.Substring(0, $INDEX) + "_" + $LANG + ".cab"
if ($WINPE_OC_LANG_CABS.Contains($OC_CAB)) {
$OC_CAB_PATH = Join-Path $WINPE_OC_LANG_PATH $OC_CAB
Write-Host "$(Get-TS): Adding package $OC_CAB_PATH"
Write-Output "$(Get-TS): Adding package $OC_CAB_PATH"
Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $OC_CAB_PATH -ErrorAction stop | Out-Null
}
}
@ -300,7 +302,7 @@ Foreach ($IMAGE in $WINPE_IMAGES) {
# Add font support for the new language
if ( (Test-Path -Path $WINPE_FONT_SUPPORT_PATH) ) {
Write-Host "$(Get-TS): Adding package $WINPE_FONT_SUPPORT_PATH"
Write-Output "$(Get-TS): Adding package $WINPE_FONT_SUPPORT_PATH"
Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $WINPE_FONT_SUPPORT_PATH -ErrorAction stop | Out-Null
}
@ -308,39 +310,40 @@ Foreach ($IMAGE in $WINPE_IMAGES) {
if (Test-Path -Path $WINPE_SPEECH_TTS_PATH) {
if ( (Test-Path -Path $WINPE_SPEECH_TTS_LANG_PATH) ) {
Write-Host "$(Get-TS): Adding package $WINPE_SPEECH_TTS_PATH"
Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_PATH"
Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $WINPE_SPEECH_TTS_PATH -ErrorAction stop | Out-Null
Write-Host "$(Get-TS): Adding package $WINPE_SPEECH_TTS_LANG_PATH"
Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_LANG_PATH"
Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $WINPE_SPEECH_TTS_LANG_PATH -ErrorAction stop | Out-Null
}
}
# Generates a new Lang.ini file which is used to define the language packs inside the image
if ( (Test-Path -Path $WINPE_MOUNT"\sources\lang.ini") ) {
Write-Host "$(Get-TS): Updating lang.ini"
Write-Output "$(Get-TS): Updating lang.ini"
DISM /image:$WINPE_MOUNT /Gen-LangINI /distribution:$WINPE_MOUNT | Out-Null
}
# Add latest cumulative update
Write-Host "$(Get-TS): Adding package $LCU_PATH"
Write-Output "$(Get-TS): Adding package $LCU_PATH"
Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $LCU_PATH -ErrorAction stop | Out-Null
# Perform image cleanup
Write-Host "$(Get-TS): Performing image cleanup on WinPE"
Write-Output "$(Get-TS): Performing image cleanup on WinPE"
DISM /image:$WINPE_MOUNT /cleanup-image /StartComponentCleanup | Out-Null
# Dismount
Dismount-WindowsImage -Path $WINPE_MOUNT -Save -ErrorAction stop | Out-Null
#Export WinPE
Write-Host "$(Get-TS): Exporting image to $WORKING_PATH\boot2.wim"
Write-Output "$(Get-TS): Exporting image to $WORKING_PATH\boot2.wim"
Export-WindowsImage -SourceImagePath $MEDIA_NEW_PATH"\sources\boot.wim" -SourceIndex $IMAGE.ImageIndex -DestinationImagePath $WORKING_PATH"\boot2.wim" -ErrorAction stop | Out-Null
}
Move-Item -Path $WORKING_PATH"\boot2.wim" -Destination $MEDIA_NEW_PATH"\sources\boot.wim" -Force -ErrorAction stop | Out-Null
```
### Update the main operating system
For this next phase, there is no need to mount the main operating system, since it was already mounted in the previous scripts. This script starts by applying the servicing stack Dynamic Update. Then, it adds Japanese language support and then the Japanese language features. Unlike the Dynamic Update packages, it leverages `Add-WindowsCapability` to add these features. For a full list of such features, and their associated capability name, see [Available Features on Demand](https://docs.microsoft.com/windows-hardware/manufacture/desktop/features-on-demand-non-language-fod).
@ -355,36 +358,36 @@ You can install Optional Components, along with the .NET feature, offline, but t
#
# Add servicing stack update
Write-Host "$(Get-TS): Adding package $SSU_PATH"
Write-Output "$(Get-TS): Adding package $SSU_PATH"
Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $SSU_PATH -ErrorAction stop | Out-Null
# Optional: Add language to main OS
Write-Host "$(Get-TS): Adding package $OS_LP_PATH"
Write-Output "$(Get-TS): Adding package $OS_LP_PATH"
Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $OS_LP_PATH -ErrorAction stop | Out-Null
# Optional: Add a Features on Demand to the image
Write-Host "$(Get-TS): Adding language FOD: Language.Fonts.Jpan~~~und-JPAN~0.0.1.0"
Write-Output "$(Get-TS): Adding language FOD: Language.Fonts.Jpan~~~und-JPAN~0.0.1.0"
Add-WindowsCapability -Name "Language.Fonts.$LANG_FONT_CAPABILITY~~~und-$LANG_FONT_CAPABILITY~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
Write-Host "$(Get-TS): Adding language FOD: Language.Basic~~~$LANG~0.0.1.0"
Write-Output "$(Get-TS): Adding language FOD: Language.Basic~~~$LANG~0.0.1.0"
Add-WindowsCapability -Name "Language.Basic~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
Write-Host "$(Get-TS): Adding language FOD: Language.OCR~~~$LANG~0.0.1.0"
Write-Output "$(Get-TS): Adding language FOD: Language.OCR~~~$LANG~0.0.1.0"
Add-WindowsCapability -Name "Language.OCR~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
Write-Host "$(Get-TS): Adding language FOD: Language.Handwriting~~~$LANG~0.0.1.0"
Write-Output "$(Get-TS): Adding language FOD: Language.Handwriting~~~$LANG~0.0.1.0"
Add-WindowsCapability -Name "Language.Handwriting~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
Write-Host "$(Get-TS): Adding language FOD: Language.TextToSpeech~~~$LANG~0.0.1.0"
Write-Output "$(Get-TS): Adding language FOD: Language.TextToSpeech~~~$LANG~0.0.1.0"
Add-WindowsCapability -Name "Language.TextToSpeech~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
Write-Host "$(Get-TS): Adding language FOD:Language.Speech~~~$LANG~0.0.1.0"
Write-Output "$(Get-TS): Adding language FOD:Language.Speech~~~$LANG~0.0.1.0"
Add-WindowsCapability -Name "Language.Speech~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
# Note: If I wanted to enable additional Features on Demand, I'd add these here.
# Add latest cumulative update
Write-Host "$(Get-TS): Adding package $LCU_PATH"
Write-Output "$(Get-TS): Adding package $LCU_PATH"
Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $LCU_PATH -ErrorAction stop | Out-Null
# Copy our updated recovery image from earlier into the main OS
@ -393,7 +396,7 @@ Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $LCU_PATH -ErrorAction stop
Copy-Item -Path $WORKING_PATH"\winre.wim" -Destination $MAIN_OS_MOUNT"\windows\system32\recovery\winre.wim" -Force -Recurse -ErrorAction stop | Out-Null
# Perform image cleanup
Write-Host "$(Get-TS): Performing image cleanup on main OS"
Write-Output "$(Get-TS): Performing image cleanup on main OS"
DISM /image:$MAIN_OS_MOUNT /cleanup-image /StartComponentCleanup | Out-Null
#
@ -402,18 +405,18 @@ DISM /image:$MAIN_OS_MOUNT /cleanup-image /StartComponentCleanup | Out-Null
# the image to be booted, and thus if we tried to cleanup after installation, it would fail.
#
Write-Host "$(Get-TS): Adding NetFX3~~~~"
Write-Output "$(Get-TS): Adding NetFX3~~~~"
Add-WindowsCapability -Name "NetFX3~~~~" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null
# Add .NET Cumulative Update
Write-Host "$(Get-TS): Adding package $DOTNET_CU_PATH"
Write-Output "$(Get-TS): Adding package $DOTNET_CU_PATH"
Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $DOTNET_CU_PATH -ErrorAction stop | Out-Null
# Dismount
Dismount-WindowsImage -Path $MAIN_OS_MOUNT -Save -ErrorAction stop | Out-Null
# Export
Write-Host "$(Get-TS): Exporting image to $WORKING_PATH\install2.wim"
Write-Output "$(Get-TS): Exporting image to $WORKING_PATH\install2.wim"
Export-WindowsImage -SourceImagePath $MEDIA_NEW_PATH"\sources\install.wim" -SourceIndex 1 -DestinationImagePath $WORKING_PATH"\install2.wim" -ErrorAction stop | Out-Null
Move-Item -Path $WORKING_PATH"\install2.wim" -Destination $MEDIA_NEW_PATH"\sources\install.wim" -Force -ErrorAction stop | Out-Null
```
@ -428,9 +431,10 @@ This part of the script updates the Setup files. It simply copies the individual
#
# Add Setup DU by copy the files from the package into the newMedia
Write-Host "$(Get-TS): Adding package $SETUP_DU_PATH"
Write-Output "$(Get-TS): Adding package $SETUP_DU_PATH"
cmd.exe /c $env:SystemRoot\System32\expand.exe $SETUP_DU_PATH -F:* $MEDIA_NEW_PATH"\sources" | Out-Null
```
### Finish up
As a last step, the script removes the working folder of temporary files, and unmounts our language pack and Features on Demand ISOs.
@ -444,9 +448,9 @@ As a last step, the script removes the working folder of temporary files, and un
Remove-Item -Path $WORKING_PATH -Recurse -Force -ErrorAction stop | Out-Null
# Dismount ISO images
Write-Host "$(Get-TS): Dismounting ISO images"
Write-Output "$(Get-TS): Dismounting ISO images"
Dismount-DiskImage -ImagePath $LP_ISO_PATH -ErrorAction stop | Out-Null
Dismount-DiskImage -ImagePath $FOD_ISO_PATH -ErrorAction stop | Out-Null
Write-Host "$(Get-TS): Media refresh completed!"
Write-Output "$(Get-TS): Media refresh completed!"
```

15
windows/deployment/update/plan-define-readiness.md
View File

@ -1,6 +1,5 @@
---
title: Define readiness criteria
ms.reviewer:
manager: laurawi
description: Identify important roles and figure out how to classify apps
keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools
@ -11,14 +10,14 @@ author: jaimeo
ms.localizationpriority: medium
ms.audience: itpro
ms.topic: article
ms.collection: M365-modern-desktop
ms.collection: m365initiative-coredeploy
---
# Define readiness criteria
## Figure out roles and personnel
Planning and managing a deployment involves a variety of distinct activies and roles best suited to each. As you plan, it's worth figuring out which roles you'll need to carry out the deployment and who should fill them. Different roles are active at various phases of a deployment. Depending on the size and complexity of your organization, some of the roles could be filled by the same person. However, it's best to have an established *process manager*, who will oversee all of the tasks for the deployment.
Planning and managing a deployment involves a variety of distinct activities and roles best suited to each. As you plan, it's worth figuring out which roles you'll need to carry out the deployment and who should fill them. Different roles are active at various phases of a deployment. Depending on the size and complexity of your organization, some of the roles could be filled by the same person. However, it's best to have an established *process manager*, who will oversee all of the tasks for the deployment.
### Process manager
@ -39,7 +38,7 @@ This table sketches out one view of the other roles, with their responsibilities
|Role |Responsibilities |Skills |Active phases |
|---------|---------|---------|---------|
|Process manager | Manages the process end to end; ensures inputs and outputs are captures; ensures that activities progress | IT service management | Plan, prepare, pilot deployment, broad deployment |
|Process manager | Manages the process end to end; ensures inputs and outputs are captures; ensures that activities progress | IT Service Management | Plan, prepare, pilot deployment, broad deployment |
|Application owner | Define application test plan; assign user acceptance testers; certify the application | Knowledge of critical and important applications | Plan, prepare, pilot deployment |
|Application developer | Ensure apps are developed to stay compatible with current Windows versions | Application development; application remediation | Plan, prepare |
|End-user computing | Typically a group including infrastructure engineers or deployment engineers who ensure upgrade tools are compatible with Windows | Bare-metal deployment; infrastructure management; application delivery; update management | Plan, prepare, pilot deployment, broad deployment |
@ -54,7 +53,7 @@ This table sketches out one view of the other roles, with their responsibilities
## Set criteria for rating apps
Some apps in your environment are fundamental to your core business activities. Other apps help workers perform their roles, but arent critical to your business operations. Before you start inventorying and assessing the apps in your environment, you should establish some criteria for categorizing your apps, and then determine a priority for each. This will help you understand how best to deploy updates and how to resolve any issues that could arise.
Some apps in your environment are fundamental to your core business activities. Other apps help workers perform their roles, but arent critical to your business operations. Before you start inventorying and assessing the apps in your environment, you should establish some criteria for categorizing your apps, and then determine a priority for each. This process will help you understand how best to deploy updates and how to resolve any issues that could arise.
In the Prepare phase, you'll apply the criteria you define now to every app in your organization.
@ -67,9 +66,9 @@ Here's a suggested classification scheme:
|Important | Applications that individual staff members need to support their productivity. Downtime here would affect individual users, but would only have a minimal impact on the business. |
|Not important | There is no impact on the business if these apps are not available for a while. |
Once you have classified your applications, you should agree what each classification means to the organization in terms of priority and severity. This will help ensure that you can triage problems with the right level of urgency. You should assign each app a time-based priority.
Once you have classified your applications, you should agree what each classification means to the organization in terms of priority and severity. This activity will help ensure that you can triage problems with the right level of urgency. You should assign each app a time-based priority.
Here's an example priority rating system; of course the specifics could vary for your organization:
Here's an example priority rating system; the specifics could vary for your organization:
|Priority |Definition |
@ -101,7 +100,7 @@ Using the suggested scheme, a financial corporation might classify their apps li
|Credit processing app | Critical |
|Frontline customer service app | Critical |
|PDF viewer | Important |
|Image processing app | Not important |
|Image-processing app | Not important |
Further, they might combine this classification with severity and priority rankings like this:

16
windows/deployment/update/plan-define-strategy.md
View File

@ -7,18 +7,18 @@ ms.mktglfcycl: manage
author: jaimeo
ms.localizationpriority: medium
ms.author: jaimeo
ms.reviewer:
manager: laurawi
ms.topic: article
ms.collection: m365initiative-coredeploy
---
# Define update strategy with a calendar
Traditionally, organizations treated the deployment of operating system updates (especially feature updates) as a discrete project that had a beginning, a middle, and an end. A release was "built" (usually in the form of an image) and then distributed to users and their devices.
Today, more organizations are treating deployment as a continual process of updates which roll out across the organization in waves. In this approach, an update is plugged into this process and while it runs, you monitor for anomalies, errors, or user impact and respond as issues arise--without interrupting the entire process. Microsoft has been evolving its Windows 10 release cycles, update mechanisms, and relevant tools to support this model. Feature updates are released twice per year, around March and September. All releases of Windows 10 have 18 months of servicing for all editions. Fall releases of the Enterprise and Education editions have an additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release.
Today, more organizations are treating deployment as a continual process of updates that roll out across the organization in waves. In this approach, an update is plugged into this process and while it runs, you monitor for anomalies, errors, or user impact and respond as issues arise--without interrupting the entire process. Microsoft has been evolving its Windows 10 release cycles, update mechanisms, and relevant tools to support this model. Feature updates are released twice per year, around March and September. All releases of Windows 10 have 18 months of servicing for all editions. Fall releases of the Enterprise and Education editions have an additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release.
Though we encourage you to deploy every available release and maintain a fast cadence for some portion of your environment, we also recognize that you might have a large number of devices, and a need for little or no disruption, an so you might choose to update annually. The 18/30 month lifecycle cadence lets you to allow some portion of you environment to move faster while a majority can move less quickly.
Though we encourage you to deploy every available release and maintain a fast cadence for some portion of your environment, we also recognize that you might have a large number of devices, and a need for little or no disruption, and so you might choose to update annually. The 18/30 month lifecycle cadence lets you allow some portion of your environment to move faster while a majority can move less quickly.
## Calendar approaches
You can use a calendar approach for either a faster twice-per-year cadence or an annual cadence. Depending on company size, installing Windows 10 feature updates less often than once annually risks devices going out of service and becoming vulnerable to security threats, because they will stop receiving the monthly security updates.
@ -26,20 +26,22 @@ You can use a calendar approach for either a faster twice-per-year cadence or an
### Annual
Here's a calendar showing an example schedule that applies one Windows 10 feature update per calendar year, aligned with Microsoft Endpoint Configuration Manager and Microsoft 365 Apps release cycles:
![Calendar showing an annual update cadence](images/annual-calendar.png)
[ ![Calendar showing an annual update cadence](images/annual-calendar.png) ](images/annual-calendar.png#lightbox)
This approach provides approximately twelve months of use from each feature update before the next update is due to be installed. By aligning to the Windows 10, version H2 feature update, each release will be serviced for 30 months from the time of availability, giving you more flexibility when applying future feature updates.
This approach provides approximately 12 months of use from each feature update before the next update is due to be installed. By aligning to the Windows 10, version H2 feature update, each release will be serviced for 30 months from the time of availability, giving you more flexibility when applying future feature updates.
This cadence might be most suitable for you if any of these conditions apply:
- You are just starting your journey with the Windows 10 servicing process. If you are unfamiliar with new processes that support Windows 10 servicing, moving from a once every 3-5 year project to a twice a year feature update process can be daunting. This approach gives you time to learn new approaches and tools to reduce effort and cost.
- You are just starting your journey with the Windows 10 servicing process. If you are unfamiliar with new processes that support Windows 10 servicing, moving from a project happening once every three to five years to a twice-a-year feature update process can be daunting. This approach gives you time to learn new approaches and tools to reduce effort and cost.
- You want to wait and see how successful other companies are at adopting a Windows 10 feature update.
- You want to go quickly with feature updates, and want the ability to skip a feature update while keeping Windows 10 serviced in case business priorities change. Aligning to the Windows 10 feature update released in the second half of each calendar year, you get additional servicing for Windows 10 (30 months of servicing compared to 18 months).
### Rapid
This calendar shows an example schedule that installs each feature update as it is released, twice per year:
![Update calendar showing a faster update cadence](images/rapid-calendar.png)
[ ![Update calendar showing a faster update cadence](images/rapid-calendar.png) ](images/rapid-calendar.png#lightbox)
This cadence might be best for you if these conditions apply:

7
windows/deployment/update/plan-determine-app-readiness.md
View File

@ -1,6 +1,5 @@
---
title: Determine application readiness
ms.reviewer:
manager: laurawi
description: How to test your apps to know which need attention prior to deploying an update
keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools
@ -10,7 +9,7 @@ audience: itpro
ms.localizationpriority: medium
ms.audience: itpro
ms.topic: article
ms.collection: M365-modern-desktop
ms.collection: m365initiative-coredeploy
ms.author: jaimeo
author: jaimeo
---
@ -26,11 +25,11 @@ You can choose from a variety of methods to validate apps. Exactly which ones to
|Validation method |Description |
|---------|---------|
|Full regression | A full quality assurance probing. Staff who know the application very well and can validate its core functionality should do this. |
|Full regression | A full quality assurance probing. Staff who know the application well and can validate its core functionality should do this. |
|Smoke testing | The application goes through formal validation. That is, a user validates the application following a detailed plan, ideally with limited, or no knowledge of the application theyre validating. |
|Automated testing | Software performs tests automatically. The software will let you know whether the tests have passed or failed, and will provide detailed reporting for you automatically. |
|Test in pilot | You pre-select users to be in the pilot deployment group and carry out the same tasks they do on a day-to-day basis to validate the application. Normally you use this method in addition to one of the other validation types. |
|Reactive response | Applications are validated in late pilot, and no specific users are selected. These are normally applications aren't installed on many devices and arent handled by enterprise application distribution. |
|Reactive response | Applications are validated in late pilot, and no specific users are selected. These applications normally aren't installed on many devices and arent handled by enterprise application distribution. |
Combining the various validation methods with the app classifications you've previously established might look like this:

38
windows/deployment/update/prepare-deploy-windows.md
View File

@ -1,6 +1,6 @@
---
title: Prepare to deploy Windows
description:
description: Final steps to get ready to deploy Windows, including preparing infrastructure, environment, applications, devices, network, capability, and users
keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools
ms.prod: w10
ms.mktglfcycl: manage
@ -10,6 +10,7 @@ ms.author: jaimeo
ms.reviewer:
manager: laurawi
ms.topic: article
ms.collection: m365initiative-coredeploy
---
# Prepare to deploy Windows
@ -31,19 +32,25 @@ Now you're ready to actually start making changes in your environment to get rea
Your infrastructure probably includes many different components and tools. Youll need to ensure your environment isnt affected by issues due to the changes you make to the various parts of the infrastructure. Follow these steps:
1. Review all of the infrastructure changes that youve identified in your plan. Its important to understand the changes that need to be made and to detail how to implement them. This prevents problems later on.
1. Review all of the infrastructure changes that youve identified in your plan. Its important to understand the changes that need to be made and to detail how to implement them. This process prevents problems later on.
2. Validate your changes. Youll validate the changes for your infrastructures components and tools, to help you understand how your changes could affect your production environment.
3. Implement the changes. Once the changes have been validated, you can implement the changes across the wider infrastructure.
You should also look at your organizations environments configuration and outline how youll implement any necessary changes previously identified in the plan phase to support the update. Consider what youll need to do for the various settings and policies that currently underpin the environment. For example:
- Implement new draft security guidance. New versions of Windows can include new features that improve your environments security. Your security teams will want to make appropriate changes to security related configurations.
- Update security baselines. Security teams understand the relevant security baselines and will have to work to make sure all baselines fit into whatever guidance they have to adhere to.
However, your configuration will consist of many different settings and policies. Its important to only apply changes where they are necessary, and where you gain a clear improvement. Otherwise, your environment might face issues that will slow down the update process. You want to ensure your environment isnt affected adversely because of changes you make. For example:
1. Review new security settings. Your security team will review the new security settings, to understand how they can best be set to facilitate the update, and to also investigate the potential effects they might have on your environment.
2. Review security baselines for changes. Security teams will also review all the necessary security baselines, to ensure the changes can be implemented, and ensure your environment remains compliant.
3. Implement and validate security settings and baseline changes. Your security teams will then implement all of the security settings and baselines, having addressed any potential outstanding issues.
@ -100,7 +107,8 @@ Set up [Delivery Optimization](waas-delivery-optimization.md) for peer network s
In the course of surveying your device population, either with Desktop Analytics or by some other means, you might find devices that have systemic problems that could interfere with update installation. Now is the time to fix those problems.
- **Low disk space:** Quality updates require a minimum of two GB to successfully install. Feature updates require between 8 and 15 GB depending upon the configuration. On Windows 10, version 1903 and later you can proactively use the "reserved storage" feature (for wipe and loads, rebuilds, and new builds) to avoid running out of disk space. If you find a group of devices that don't have enough disk space, you can often resolve this by cleaning up log files and asking users to clean up data if necessary. A good place to start is to delete the following files:
- **Low disk space:** Quality updates require a minimum of 2 GB to successfully install. Feature updates require between 8 GB and 15 GB depending upon the configuration. On Windows 10, version 1903 and later you can proactively use the "reserved storage" feature (for wipe and loads, rebuilds, and new builds) to avoid running out of disk space. If you find a group of devices that don't have enough disk space, you can often resolve the problem by cleaning up log files and asking users to clean up data if necessary. A good place to start is to delete the following files:
- C:\Windows\temp
- C:\Windows\cbstemp (though this file might be necessary to investigate update failures)
- C:\Windows\WindowsUpdate.log (though this file might be necessary to investigate update failures)
@ -108,14 +116,19 @@ In the course of surveying your device population, either with Desktop Analytics
You can also create and run scripts to perform additional cleanup actions on devices, with administrative rights, or use Group Policy settings.
- Clean up the Windows Store Cache by running C:\Windows\sytem32\wsreset.exe
- Optimize the WinSxS folder on the client machine by using **Dism.exe /online /Cleanup-Image /StartComponentCleanup**
- Compact the operating system by running **Compact.exe /CompactOS:always**
- Clean up the Windows Store Cache by running C:\Windows\sytem32\wsreset.exe.
- Optimize the WinSxS folder on the client machine by using **Dism.exe /online /Cleanup-Image /StartComponentCleanup**.
- Compact the operating system by running **Compact.exe /CompactOS:always**.
- Remove Windows Features on Demand that the user doesn't need. See [Features on Demand](https://docs.microsoft.com/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) for more guidance.
- Move Windows Known Folders to OneDrive. See [Use Group Policy to control OneDrive sync settings](https://docs.microsoft.com/onedrive/use-group-policy) for more information.
- Clean up the Software Distribution folder. Try deploying these commands as a batch file to run on devices to reset the download state of Windows Updates:
```
```console
net stop wuauserv
net stop cryptSvc
net stop bits
@ -127,12 +140,9 @@ net start bits
net start msiserver
```
- **Application and driver updates:** Out-of-date app or driver software can prevent devices from updating successfully. Desktop Analytics will help you identify drivers and applications that need attention. You can also
check for known issues in order to take any appropriate action. Deploy any updates from the vendor(s) for any problematic application or driver versions to resolve issues.
- **Corruption:** In rare circumstances, a device that has repeated installation errors might be corrupted in a way that prevents the system from applying a new update. You might have to repair the Component Based Store from another source. You can do this with the [System File Checker](https://support.microsoft.com/help/929833/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system).
- **Application and driver updates:** Out-of-date app or driver software can prevent devices from updating successfully. Desktop Analytics will help you identify drivers and applications that need attention. You can also check for known issues in order to take any appropriate action. Deploy any updates from the vendor(s) for any problematic application or driver versions to resolve issues.
- **Corruption:** In rare circumstances, a device that has repeated installation errors might be corrupted in a way that prevents the system from applying a new update. You might have to repair the Component-Based Store from another source. You can fix the problem with the [System File Checker](https://support.microsoft.com/help/929833/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system).
## Prepare capability
@ -140,14 +150,16 @@ check for known issues in order to take any appropriate action. Deploy any updat
In the plan phase, you determined the specific infrastructure and configuration changes that needed to be implemented to add new capabilities to the environment. Now you can move on to implementing those changes defined in the plan phase. You'll need to complete these higher-level tasks to gain those new capabilities:
- Enable capabilities across the environment by implementing the changes. For example, implement updates to relevant ADMX templates in Active Directory. New Windows versions will come with new policies that you use to update ADMX templates.
- Validate new changes to understand how they affect the wider environment.
- Remediate any potential problems that have been identified through validation.
## Prepare users
Users often feel like they are forced into updating their devices randomly. They often don't fully understand why an update is needed, and they don't know when updates would be applied to their devices ahead of time. It's best to ensure that upcoming updates are communicated clearly and with adequate warning.
You can employ a variety of measures to achieve this, for example:
You can employ a variety of measures to achieve this goal, for example:
- Send overview email about the update and how it will be deployed to the entire organization.
- Send personalized emails to users about the update with specific details.

44
windows/deployment/update/safeguard-holds.md Normal file
View File

@ -0,0 +1,44 @@
---
title: Safeguard holds
description: What are safeguard holds, how can you tell if one is in effect, and what to do about it
ms.prod: w10
ms.mktglfcycl: manage
author: jaimeo
ms.localizationpriority: medium
ms.author: jaimeo
manager: laurawi
ms.topic: article
---
# Safeguard holds
Microsoft uses quality and compatibility data to identify issues that might cause a Windows 10 feature update to fail or roll back. When we find such an issue, we might apply holds to the updating service to prevent affected devices from installing the update in order to safeguard them from these experiences. We also use holds when a customer, a partner, or Microsoft internal validation finds an issue that would cause severe impact (for example, rollback of the update, data loss, loss of connectivity, or loss of key functionality) and when a workaround is not immediately available.
Safeguard holds prevent a device with a known issue from being offered a new operating system version. We renew the offering once a fix is found and verified. We use holds to ensure customers have a successful experience as their device moves to a new version of Windows 10.
The lifespan of holds varies depending on the time required to investigate and fix an issue. During this time Microsoft works diligently to procure, develop, and validate a fix and then offer it to affected devices. We monitor quality and compatibility data to confirm that a fix is complete before releasing the hold. Once we release the hold, Windows Update will resume offering new operating system versions to devices.
Safeguard holds only affect devices that use the Window Update service for updates. We encourage IT admins who manage updates to devices through other channels (such as media installations or updates coming from Windows Server Update Services) to remain aware of known issues that might also be present in their environments.
## Am I affected by a safeguard hold?
IT admins can use [Update Compliance](update-compliance-feature-update-status.md#safeguard-holds) to monitor various update health metrics for devices in their organization, including ones affected by a safeguard hold that prevents them from updating to a newer operating system version.
Queries identify Safeguard IDs for each affected device, giving IT admins a detailed view into the various protections extended to devices. Safeguard IDs for publicly discussed known issues are also included in the [Windows release health](https://aka.ms/windowsreleasehealth) dashboard, where you can easily find information related to publicly available safeguards.
On devices that use Windows Update (but not Windows Update for Business), the **Windows Update** page in the Settings app displays a message stating that an update is on its way, but not ready for the device. Instead of the option to download and install the update, users will see this message:
![Feature update message reading "The Windows 10 May 2020 Update is on its way. Once it's ready for your device, you'll see the update available on this page](images/safeguard-hold-notification.png)
If you see this message, it means one or more holds affect your device. When the issue is fixed and the update is safe to install, well release the hold and the update can resume safely.
## What can I do?
We recommend that you do not attempt to manually update until issues have been resolved and holds released.
> [!CAUTION]
> Opting out of a safeguard hold can put devices at risk from known performance issues. We strongly recommend that you complete robust testing to ensure the impact is acceptable before opting out.
With that in mind, IT admins who stay informed with [Update Compliance](update-compliance-feature-update-status.md#safeguard-holds) and the [Windows release health](https://aka.ms/windowsreleasehealth) dashboard can choose to temporarily [opt-out of the protection of all safeguard holds](safeguard-opt-out.md) and allow an update to proceed. We recommend opting out only in an IT environment and for validation purposes. If you do opt out of a hold, this condition is temporary. Once an update is complete, the protection of safeguard holds is reinstated automatically.

32
windows/deployment/update/safeguard-opt-out.md Normal file
View File

@ -0,0 +1,32 @@
---
title: Opt out of safeguard holds
description: Steps to install an update even it if has a safeguard hold applied
ms.prod: w10
ms.mktglfcycl: manage
author: jaimeo
ms.localizationpriority: medium
ms.author: jaimeo
manager: laurawi
ms.topic: article
---
# Opt out of safeguard holds
Safeguard holds prevent a device with a known compatibility issue from being offered a new Windows 10 feature update by using Windows Update. We use safeguard holds to protect the device and user from a failed or poor update experience. We renew the offering once a fix is issued and is verified on an affected device. For more information about safeguard holds, see [Safeguard holds](safeguard-holds.md).
## How can I opt out of safeguard holds?
IT admins can, if necessary, opt devices out of safeguard protections by using the disable safeguards policy. In a Mobile Device Management (MDM) tool, use the **Update/DisableWUfBSafeguards** CSP. In Group Policy, use the **Disable safeguards for Feature Updates** Group Policy. This policy is available to Windows Update for Business devices running Windows 10, version 1809 or later that have installed the October 2020 security update.
> [!CAUTION]
> Opting out of a safeguard hold can put devices at risk from known performance issues.
We recommend opting out only in an IT environment and for validation purposes. You can also validate an upcoming Windows 10 feature update version without the safeguards being applied by using the Release Preview channel of the Windows Insider Program for Business.
Disabling safeguards does not guarantee your device will be able to successfully update. The update might still fail and will likely result in a bad experience since you are bypassing the protection against known issues.
> [!NOTE]
> After a device installs a new Windows 10 version, the **Disable safeguards for Feature Updates** Group Policy will revert to “not configured” even if it was previously enabled. We do this to ensure the admin is consciously disabling Microsofts default protection from known issues for each new feature update.

2
windows/deployment/update/servicing-stack-updates.md
View File

@ -28,6 +28,8 @@ Servicing stack updates provide fixes to the servicing stack, the component that
Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest quality updates and feature updates. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes.
For information about some changes to servicing stack updates, see [Simplifing Deployment of Servicing Stack Updates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/simplifying-on-premises-deployment-of-servicing-stack-updates/ba-p/1646039) on the Windows IT Pro blog.
## When are they released?
Servicing stack update are released depending on new issues or vulnerabilities. In rare occasions a servicing stack update may need to be released on demand to address an issue impacting systems installing the monthly security update. Starting in November 2018 new servicing stack updates will be classified as "Security" with a severity rating of "Critical."

14
windows/deployment/update/update-compliance-feature-update-status.md
View File

@ -47,16 +47,6 @@ Update Compliance reporting offers two queriesto help you retrieve data relat
Update Compliance reporting will display the Safeguard IDs for known issues affecting a device in the **DeploymentErrorCode** column. Safeguard IDs for publicly discussed known issues are also included in the Windows Release Health dashboard, where you can easily find information related to publicly available safeguards.
### Opting out of safeguard hold
Microsoft will release a device from a safeguard hold when it has determined it can safely and smoothly install a feature update, but you are ultimately in control of your devices and can opt out if desired.
To opt out, set the registry key as follows:
- Registry Key Path :: **Computer\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion**
- Create New Key :: **502505fe-762c-4e80-911e-0c3fa4c63fb0**
- Name :: **DataRequireGatedScanForFeatureUpdates**
- Type :: **REG_DWORD**
- Value :: **0**
Setting this registry key to **0** will force the device to opt out from *all* safeguard holds. Any other value, or deleting the key, will resume compatibility protection on the device.
### Opt out of safeguard hold
You can [opt out of safeguard protections](safeguard-opt-out.md) by using the **Disable safeguards for Feature Updates** Group Policy. This policy is available to Windows Update for Business devices running Windows 10, version 1809 or later that have installed the October 2020 security update.

8
windows/deployment/update/update-compliance-using.md
View File

@ -62,21 +62,19 @@ The following is a breakdown of the different sections available in Update Compl
## Update Compliance data latency
Update Compliance uses Windows 10 diagnostic data as its data source. After you add Update Compliance and appropriately configure your devices, it could take 48-72 hours before they first appear. The process that follows is as follows:
Update Compliance uses Windows 10 diagnostic data as its data source. After you add Update Compliance and appropriately configure your devices, it could take 48-72 hours before they first appear.
Update Compliance is refreshed every 12 hours. This means that every 12 hours all data that has been gathered over the last 12-hour interval is pushed to Log Analytics. However, the rate at which each type of data is sent from the device and how long it takes to be ready for Update Compliance varies, roughly outlined below.
The data powering Update Compliance is refreshed every 24 hours, and refreshes with the latest data from all devices part of your organization that have been seen in the past 28 days. The entire set of data is refreshed in each daily snapshot, which means that the same data can be re-ingested even if no new data actually arrived from the device since the last snapshot. Snapshot time can be determined by the TimeGenerated field for each record, while LastScan can be used to roughly determine the freshness of each record's data.
| Data Type | Data upload rate from device | Data Latency |
|--|--|--|
|WaaSUpdateStatus | Once per day |4 hours |
|WaaSInsiderStatus| Once per day |4 hours |
|WaaSDeploymentStatus|Every update event (Download, install, etc.)|24-36 hours |
|WDAVStatus|On signature update|24 hours |
|WDAVThreat|On threat detection|24 hours |
|WUDOAggregatedStatus|On update event, aggregated over time|24-36 hours |
|WUDOStatus|Once per day|12 hours |
This means you should generally expect to see new data device data every 24 hours, except for WaaSDeploymentStatus and WUDOAggregatedStatus, which may take 36-48 hours (if it misses the 36th hour refresh, it would be in the 48th, so the data will be present in the 48th hour refresh).
This means you should generally expect to see new data device data every 24 hours, except for WaaSDeploymentStatus and WUDOAggregatedStatus, which may take 36-48 hours.
## Using Log Analytics

18
windows/deployment/update/waas-configure-wufb.md
View File

@ -5,7 +5,7 @@ manager: laurawi
description: You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices.
ms.prod: w10
ms.mktglfcycl: deploy
ms.collection: m365initiative-coredeploy
audience: itpro
author: jaimeo
ms.localizationpriority: medium
@ -48,7 +48,7 @@ With Windows Update for Business, you can set a device to be on either Windows I
**Release branch policies**
| Policy | Sets registry key under **HKLM\Software** |
| Policy | Sets registry key under HKLM\Software |
| --- | --- |
| GPO for Windows 10, version 1607 or later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Feature Updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\BranchReadinessLevel |
| GPO for Windows 10, version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\DeferUpgrade |
@ -73,7 +73,7 @@ For example, a device on the Semi-Annual Channel with `DeferFeatureUpdatesPeriod
</br></br>
**Policy settings for deferring feature updates**
| Policy | Sets registry key under **HKLM\Software** |
| Policy | Sets registry key under HKLM\Software |
| --- | --- |
| GPO for Windows 10, version 1607 later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Feature Updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\DeferFeatureUpdates</br>\Policies\Microsoft\Windows\WindowsUpdate\DeferFeatureUpdatesPeriodInDays |
| GPO for Windows 10, version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\DeferUpgradePeriod |
@ -97,7 +97,7 @@ In cases where the pause policy is first applied after the configured start date
**Policy settings for pausing feature updates**
| Policy | Sets registry key under **HKLM\Software** |
| Policy | Sets registry key under HKLM\Software |
| --- | --- |
| GPO for Windows 10, version 1607 and later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Feature Updates are received** | **1607:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdates</br>**1703 and later:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdatesStartTime |
| GPO for Windows 10, version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\Pause |
@ -134,7 +134,7 @@ You can set your system to receive updates for other Microsoft products—known
**Policy settings for deferring quality updates**
| Policy | Sets registry key under **HKLM\Software** |
| Policy | Sets registry key under HKLM\Software |
| --- | --- |
| GPO for Windows 10, version 1607 and later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Quality Updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\DeferQualityUpdates</br>\Policies\Microsoft\Windows\WindowsUpdate\DeferQualityUpdatesPeriodInDays |
| GPO for Windows 10, version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\DeferUpdatePeriod |
@ -157,7 +157,7 @@ In cases where the pause policy is first applied after the configured start date
**Policy settings for pausing quality updates**
| Policy | Sets registry key under **HKLM\Software** |
| Policy | Sets registry key under HKLM\Software |
| --- | --- |
| GPO for Windows 10, version 1607 and later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Quality Updates are received** |**1607:** \Policies\Microsoft\Windows\WindowsUpdate\PauseQualityUpdates</br>**1703:** \Policies\Microsoft\Windows\WindowsUpdate\PauseQualityUpdatesStartTime |
| GPO for Windows 10, version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\Pause |
@ -207,7 +207,7 @@ Starting with Windows 10, version 1607, you can selectively opt out of receiving
**Policy settings to exclude drivers**
| Policy | Sets registry key under **HKLM\Software** |
| Policy | Sets registry key under HKLM\Software |
| --- | --- |
| GPO for Windows 10, version 1607 and later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Do not include drivers with Windows Updates** | \Policies\Microsoft\Windows\WindowsUpdate\ExcludeWUDriversInQualityUpdate |
| MDM for Windows 10, version 1607 and later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**ExcludeWUDriversInQualityUpdate** | \Microsoft\PolicyManager\default\Update\ExcludeWUDriversInQualityUpdate |
@ -220,7 +220,7 @@ The following are quick-reference tables of the supported policy values for Wind
| GPO Key | Key type | Value |
| --- | --- | --- |
| BranchReadinessLevel | REG_DWORD | 2: systems take Feature Updates for the Windows Insider build - Fast (added in Windows 10, version 1709)</br> 4: systems take Feature Updates for the Windows Insider build - Slow (added in Windows 10, version 1709)</br> 8: systems take Feature Updates for the Release Windows Insider build (added in Windows 10, version 1709)</br> 16: for Windows 10, version 1703: systems take Feature Updates for the Current Branch (CB); for Windows 10, version 1709, 1803 and 1809: systems take Feature Updates from Semi-annual Channel (Targeted) (SAC-T); for Windows 10, version 1903 or later: systems take Feature Updates from Semi-annual Channel </br>32: systems take Feature Updates from Semi-annual Channel </br>Note: Other value or absent: receive all applicable updates |
| BranchReadinessLevel | REG_DWORD | 2: systems take Feature Updates for the Windows Insider build - Fast (added in Windows 10, version 1709)</br> 4: systems take Feature Updates for the Windows Insider build - Slow (added in Windows 10, version 1709)</br> 8: systems take Feature Updates for the Release Windows Insider build (added in Windows 10, version 1709)</br> 16: for Windows 10, version 1703: systems take Feature Updates for the Current Branch (CB); for Windows 10, version 1709, 1803 and 1809: systems take Feature Updates from Semi-Annual Channel (Targeted) (SAC-T); for Windows 10, version 1903 or later: systems take Feature Updates from Semi-Annual Channel </br>32: systems take Feature Updates from Semi-Annual Channel </br>Note: Other value or absent: receive all applicable updates |
| DeferQualityUpdates | REG_DWORD | 1: defer quality updates</br>Other value or absent: dont defer quality updates |
| DeferQualityUpdatesPeriodinDays | REG_DWORD | 0-35: defer quality updates by given days |
| PauseQualityUpdatesStartTime | REG_DWORD | 1: pause quality updates</br>Other value or absent: dont pause quality updates |
@ -234,7 +234,7 @@ The following are quick-reference tables of the supported policy values for Wind
| MDM Key | Key type | Value |
| --- | --- | --- |
| BranchReadinessLevel | REG_DWORD |2: systems take Feature Updates for the Windows Insider build - Fast (added in Windows 10, version 1709)</br> 4: systems take Feature Updates for the Windows Insider build - Slow (added in Windows 10, version 1709)</br> 8: systems take Feature Updates for the Release Windows Insider build (added in Windows 10, version 1709)</br> 16: for Windows 10, version 1703: systems take Feature Updates for the Current Branch (CB); for Windows 10, version 1709, 1803 and 1809: systems take Feature Updates from Semi-annual Channel (Targeted) (SAC-T); for Windows 10, version 1903 or later: systems take Feature Updates from Semi-annual Channel </br>32: systems take Feature Updates from Semi-annual Channel </br>Note: Other value or absent: receive all applicable updates |
| BranchReadinessLevel | REG_DWORD |2: systems take Feature Updates for the Windows Insider build - Fast (added in Windows 10, version 1709)</br> 4: systems take Feature Updates for the Windows Insider build - Slow (added in Windows 10, version 1709)</br> 8: systems take Feature Updates for the Release Windows Insider build (added in Windows 10, version 1709)</br> 16: for Windows 10, version 1703: systems take Feature Updates for the Current Branch (CB); for Windows 10, version 1709, 1803 and 1809: systems take Feature Updates from Semi-Annual Channel (Targeted) (SAC-T); for Windows 10, version 1903 or later: systems take Feature Updates from Semi-Annual Channel </br>32: systems take Feature Updates from Semi-Annual Channel </br>Note: Other value or absent: receive all applicable updates |
| DeferQualityUpdatesPeriodinDays | REG_DWORD | 0-35: defer quality updates by given days |
| PauseQualityUpdatesStartTime | REG_DWORD | 1: pause quality updates</br>Other value or absent: dont pause quality updates |
| DeferFeatureUpdatesPeriodinDays | REG_DWORD | 0-365: defer feature updates by given days |

20
windows/deployment/update/waas-delivery-optimization.md
View File

@ -1,6 +1,5 @@
---
title: Delivery Optimization for Windows 10 updates
ms.reviewer:
manager: laurawi
description: Delivery Optimization is a peer-to-peer distribution method in Windows 10
keywords: oms, operations management suite, wdav, updates, downloads, log analytics
@ -10,7 +9,9 @@ audience: itpro
author: jaimeo
ms.localizationpriority: medium
ms.author: jaimeo
ms.collection: M365-modern-desktop
ms.collection:
- M365-modern-desktop
- m365initiative-coredeploy
ms.topic: article
---
@ -111,7 +112,7 @@ In MDM, the same settings are under **.Vendor/MSFT/Policy/Config/DeliveryOptimiz
Starting with Microsoft Intune version 1902, you can set many Delivery Optimization policies as a profile, which you can then apply to groups of devices. For more information, see [Delivery Optimization settings in Microsoft Intune](https://docs.microsoft.com/intune/delivery-optimization-windows))
**Starting with Windows 10, version 1903,** you can use the Azure Active Directory (AAD) Tenant ID as a means to define groups. To do this set the value for DOGroupIdSource to its new maximum value of 5.
**Starting with Windows 10, version 1903,** you can use the Azure Active Directory (Azure AD) Tenant ID as a means to define groups. To do this set the value for DOGroupIdSource to its new maximum value of 5.
## Reference
@ -136,7 +137,7 @@ If you set up Delivery Optimization to create peer groups that include devices a
Delivery Optimization also communicates with its cloud service by using HTTP/HTTPS over port 80.
**What are the requirements if I use a proxy?**: You must allow Byte Range requests. See [Proxy requirements for Windows Update](https://support.microsoft.com/help/3175743/proxy-requirements-for-windows-update) for details.
**What are the requirements if I use a proxy?**: For Delivery Optimization to successfully use the proxy, you should set up the proxy by using Windows proxy settings or Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](https://docs.microsoft.com/windows/deployment/update/delivery-optimization-proxy). Most content downloaded with Delivery Optimization uses byte range requests. Make sure your proxy allows byte range requests. For more information, see [Proxy requirements for Windows Update](https://support.microsoft.com/help/3175743/proxy-requirements-for-windows-update).
**What hostnames should I allow through my firewall to support Delivery Optimization?**:
@ -192,6 +193,7 @@ If you dont see any bytes coming from peers the cause might be one of the fol
- Clients arent able to reach the Delivery Optimization cloud services.
- The cloud service doesnt see other peers on the network.
- Clients arent able to connect to peers that are offered back from the cloud service.
- None of the computers on the network are getting updates from peers.
### Clients aren't able to reach the Delivery Optimization cloud services.
@ -203,7 +205,6 @@ If you suspect this is the problem, try these steps:
3. If **DownloadMode** is 99 it could indicate your device is unable to reach the Delivery Optimization cloud services. Ensure that the Delivery Optimization hostnames are allowed access: most importantly **\*.do.dsp.mp.microsoft.com**.
### The cloud service doesn't see other peers on the network.
If you suspect this is the problem, try these steps:
@ -222,6 +223,15 @@ If you suspect this is the problem, try a Telnet test between two devices on the
2. Run the test. For example, if you are on device with IP 192.168.8.12 and you are trying to test the connection to 192.168.9.17 run **telnet 192.168.9.17 7680** (the syntax is *telnet [destination IP] [port]*. You will either see a connection error or a blinking cursor like this /_. The blinking cursor means success.
### None of the computers on the network are getting updates from peers
If you suspect this is the problem, check Delivery Optimization settings that could limit participation in peer caching. Check whether the following settings in assigned group policies, local group policies, are MDM policies are too restrictive:
- Minimum RAM (inclusive) allowed to use peer caching
- Minimum disk size allowed to use peer caching
- Enable peer caching while the device connects using VPN.
- Allow uploads when the device is on battery while under the set battery level

5
windows/deployment/update/waas-integrate-wufb.md
View File

@ -6,8 +6,7 @@ ms.mktglfcycl: manage
author: jaimeo
ms.localizationpriority: medium
ms.author: jaimeo
ms.date: 07/27/2017
ms.reviewer:
ms.collection: m365initiative-coredeploy
manager: laurawi
ms.topic: article
---
@ -69,7 +68,7 @@ For Windows 10, version 1607, devices can now be configured to receive updates f
- Device is configured to defer Quality Updates using Windows Update for Business and to be managed by WSUS
- Device is configured to “receive updates for other Microsoft products” along with updates to Windows (**Update/AllowMUUpdateService** = enabled)
- Admin has also placed Microsoft Update, third-paprty, and locally-published update content on the WSUS server
- Admin has also placed Microsoft Update, non-Microsoft, and locally published update content on the WSUS server
In this example, the deferral behavior for updates to Office and other non-Windows products is slightly different than if WSUS were not enabled.
- In a non-WSUS case, these updates would be deferred just as any update to Windows would be.

2
windows/deployment/update/waas-manage-updates-wsus.md
View File

@ -84,7 +84,7 @@ When using WSUS to manage updates on Windows client devices, start by configurin
![Example of UI](images/waas-wsus-fig5.png)
>[!IMPORTANT]
> Use Regedit.exe to check that the following key is not enabled, because it can break Windows Store connectivity: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdateDoNotConnectToWindowsUpdateInternetLocations
> Use Regedit.exe to check that the following key is not enabled, because it can break Windows Store connectivity: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotConnectToWindowsUpdateInternetLocations
> [!NOTE]
> There are three other settings for automatic update download and installation dates and times. This is simply the option this example uses. For more examples of how to control automatic updates and other related policies, see [Configure Automatic Updates by Using Group Policy](https://technet.microsoft.com/library/cc720539%28v=ws.10%29.aspx).

9
windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
View File

@ -9,6 +9,7 @@ ms.author: jaimeo
ms.reviewer:
manager: laurawi
ms.topic: article
ms.collection: m365initiative-coredeploy
---
# Prepare servicing strategy for Windows 10 updates
@ -29,21 +30,21 @@ In the past, traditional Windows deployments tended to be large, lengthy, and ex
Windows 10 spreads the traditional deployment effort of a Windows upgrade, which typically occurred every few years, over smaller, continuous updates. With this change, you must approach the ongoing deployment and servicing of Windows differently. A strong Windows 10 deployment strategy begins with establishing a simple, repeatable process for testing and deploying each feature update. Heres an example of what this process might look like:
- **Configure test devices.** Configure test devices in the Windows Insider Program so that Insiders can test feature updates before theyre available to the Semi-Annual Channel. Typically, this would be a small number of test devices that IT staff members use to evaluate pre-release builds of Windows. Microsoft provides current development builds to Windows Insider members approximately every week so that interested users can see the functionality Microsoft is adding. See the section Windows Insider for details on how to enroll in the Windows Insider Program on a Windows 10 device.
- **Identify excluded devices.** For some organizations, special-purpose devices such as those used to control factory or medical equipment or run ATMs require a stricter, less frequent feature update cycle than the Semi-annual Channel can offer. For those machines, you must install Windows 10 Enterprise LTSB to avoid feature updates for up to 10 years. Identify these devices, and separate them from the phased deployment and servicing cycles to help remove confusion for your administrators and ensure that devices are handled correctly.
- **Identify excluded devices.** For some organizations, special-purpose devices such as those used to control factory or medical equipment or run ATMs require a stricter, less frequent feature update cycle than the Semi-Annual Channel can offer. For those machines, you must install Windows 10 Enterprise LTSB to avoid feature updates for up to 10 years. Identify these devices, and separate them from the phased deployment and servicing cycles to help remove confusion for your administrators and ensure that devices are handled correctly.
- **Recruit volunteers.** The purpose of testing a deployment is to receive feedback. One effective way to recruit pilot users is to request volunteers. When doing so, clearly state that youre looking for feedback rather than people to just “try it out” and that there could be occasional issues involved with accepting feature updates right away. With Windows as a service, the expectation is that there should be few issues, but if an issue does arise, you want testers to let you know as soon as possible. When considering whom to recruit for pilot groups, be sure to include members who provide the broadest set of applications and devices to validate the largest number of apps and devices possible.
- **Update Group Policy.** Each feature update includes new group policies to manage new features. If you use Group Policy to manage devices, the Group Policy Admin for the Active Directory domain will need to download a .admx package and copy it to their [Central Store](https://support.microsoft.com/help/929841/how-to-create-the-central-store-for-group-policy-administrative-templa) (or to the [PolicyDefinitions](https://msdn.microsoft.com/library/bb530196.aspx) directory in the SYSVOL of a domain controller if not using a Central Store). Always manage new group polices from the version of Windows 10 they shipped with by using the Remote Server Administration Tools. The ADMX download package is created at the end of each development cycle and then posted for download. To find the ADMX download package for a given Windows build, search for “ADMX download for Windows build xxxx”. For details about Group Policy management, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra)
- **Update Group Policy.** Each feature update includes new group policies to manage new features. If you use Group Policy to manage devices, the Group Policy Admin for the Active Directory domain will need to download a .admx package and copy it to their [Central Store](https://support.microsoft.com/help/929841/how-to-create-the-central-store-for-group-policy-administrative-templa) (or to the [PolicyDefinitions](https://msdn.microsoft.com/library/bb530196.aspx) directory in the SYSVOL folder of a domain controller if not using a Central Store). Always manage new group polices from the version of Windows 10 they shipped with by using the Remote Server Administration Tools. The ADMX download package is created at the end of each development cycle and then posted for download. To find the ADMX download package for a given Windows build, search for “ADMX download for Windows build xxxx”. For details about Group Policy management, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra)
- **Choose a servicing tool.** Decide which product youll use to manage the Windows updates in your environment. If youre currently using Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager to manage your Windows updates, you can continue using those products to manage Windows 10 updates. Alternatively, you can use Windows Update for Business. In addition to which product youll use, consider how youll deliver the updates. With Windows 10, multiple peer-to-peer options are available to make update distribution faster. For a comparison of tools, see [Servicing tools](waas-overview.md#servicing-tools).
- **Prioritize applications.** First, create an application portfolio. This list should include everything installed in your organization and any webpages your organization hosts. Next, prioritize this list to identify those that are the most business critical. Because the expectation is that application compatibility with Windows 10 will be high, only the most business critical applications should be tested before the pilot phase; everything else can be tested afterwards. For more information about identifying compatibility issues withe applications, see [Manage Windows upgrades with Upgrade Analytics](../upgrade/manage-windows-upgrades-with-upgrade-readiness.md).
> [!NOTE]
> This strategy is applicable to approaching an environment in which Windows 10 already exists. For information about how to deploy or upgrade to Windows 10 where another version of Windows exists, see [Plan for Windows 10 deployment](../planning/index.md).
>
> Windows 10 Enterprise LTSB is a separate Long Term Servicing Channel version.
> Windows 10 Enterprise LTSC is a separate Long Term Servicing Channel version.
Each time Microsoft releases a Windows 10 feature update, the IT department should use the following high-level process to help ensure that the broad deployment is successful:
1. **Validate compatibility of business critical apps.** Test your most important business-critical applications for compatibility with the new Windows 10 feature update running on your Windows Insider machines identified in the earlier “Configure test machines” step of the Predeployment strategy section. The list of applications involved in this validation process should be small because most applications can be tested during the pilot phase. For more information about device and application compatibility in Windows 10, see the section Compatibility.
2. **Target and react to feedback.** With Windows 10, Microsoft expects application and device compatibility to be high, but its still important to have targeted groups within both the IT department and business units to verify application compatibility for the remaining applications in your application portfolio. Because only the most business-critical applications are tested beforehand, this will represent the majority of application compatibility testing in your environment. This should not necessarily be a formal process but rather user validation through the use of a particular application. So, the next step is to deploy the feature update to early-adopting IT users and your targeted groups running in the Semi-annual channel that you identified in the “Recruit volunteers” step of the Predeployment strategy section. Be sure to communicate clearly that youre looking for feedback as soon as possible, and state exactly how users can submit feedback to you. Should an issue arise, have a remediation plan in place to address it.
2. **Target and react to feedback.** With Windows 10, Microsoft expects application and device compatibility to be high, but its still important to have targeted groups within both the IT department and business units to verify application compatibility for the remaining applications in your application portfolio. Because only the most business-critical applications are tested beforehand, this will represent the majority of application compatibility testing in your environment. This should not necessarily be a formal process but rather user validation through the use of a particular application. So, the next step is to deploy the feature update to early-adopting IT users and your targeted groups running in the Semi-Annual channel that you identified in the “Recruit volunteers” step of the Predeployment strategy section. Be sure to communicate clearly that youre looking for feedback as soon as possible, and state exactly how users can submit feedback to you. Should an issue arise, have a remediation plan in place to address it.
3. **Deploy broadly.** Finally, focus on the large-scale deployment using deployment rings, like the ones discussed in Table 1. Build deployment rings that target groups of computers in your selected update-management product. To reduce risk as much as possible, construct your deployment rings in a way that splits individual departments into multiple rings. This way, if you were to encounter an issue, you dont prevent any critical business from continuing. By using this method, each deployment ring reduces risk as more and more people have been updated in any particular department.

6
windows/deployment/update/waas-wufb-group-policy.md
View File

@ -6,7 +6,7 @@ ms.mktglfcycl: manage
author: jaimeo
ms.localizationpriority: medium
ms.author: jaimeo
ms.reviewer:
ms.collection: m365initiative-coredeploy
manager: laurawi
ms.topic: article
---
@ -59,7 +59,7 @@ Both Windows 10 feature and quality updates are automatically offered to devices
To enable Microsoft Updates use the Group Policy Management Console go to **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Automatic Updates** and select **Install updates for other Microsoft products**.
Drivers are automatically enabled because they are beneficial to device systems. We recommend that you allow the driver policy to allow drivers to updated on devices (the default), but you can turn this setting off if you prefer to manage drivers manually. If you want to disable driver updates for some reason, use the Group Policy Management Console to go to **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Do not include drivers with Windows Updates** and enable the policy.
Drivers are automatically enabled because they are beneficial to device systems. We recommend that you allow the driver policy to allow drivers to update on devices (the default), but you can turn this setting off if you prefer to manage drivers manually. If you want to disable driver updates for some reason, use the Group Policy Management Console to go to **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Do not include drivers with Windows Updates** and enable the policy.
We also recommend that you allow Microsoft product updates as discussed previously.
@ -138,7 +138,7 @@ When you set these policies, installation happens automatically at the specified
We recommend that you use **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify deadline for automatic updates and restarts** for feature and quality updates to ensure that devices stay secure on Windows 10, version 1709 and later. This works by enabling you to specify the number of days that can elapse after an update is offered to a device before it must be installed. Also you can set the number of days that can elapse after a pending restart before the user is forced to restart.
This policies also offers an option to opt out of automatic restarts until a deadline is reached by presenting an "engaged restart experience" until the deadline has actually expired. At that point the device will automatically schedule a restart regardles of active hours.
This policies also offers an option to opt out of automatic restarts until a deadline is reached by presenting an "engaged restart experience" until the deadline has actually expired. At that point the device will automatically schedule a restart regardless of active hours.
These notifications are what the user sees depending on the settings you choose:

Some files were not shown because too many files have changed in this diff Show More