From 0163f5f4e42c396f01c6defc883e62d20775ac61 Mon Sep 17 00:00:00 2001
From: Liz Long <104389055+lizgt2000@users.noreply.github.com>
Date: Thu, 5 Jan 2023 10:06:34 -0500
Subject: [PATCH] reliability remoteassistance removablestorage
---
.../mdm/policy-csp-admx-reliability.md | 390 ++-
.../mdm/policy-csp-admx-remoteassistance.md | 229 +-
.../mdm/policy-csp-admx-removablestorage.md | 3089 +++++++++--------
3 files changed, 2052 insertions(+), 1656 deletions(-)
diff --git a/windows/client-management/mdm/policy-csp-admx-reliability.md b/windows/client-management/mdm/policy-csp-admx-reliability.md
index d6f224badc..9163e7efe9 100644
--- a/windows/client-management/mdm/policy-csp-admx-reliability.md
+++ b/windows/client-management/mdm/policy-csp-admx-reliability.md
@@ -1,237 +1,244 @@
---
-title: Policy CSP - ADMX_Reliability
-description: Policy CSP - ADMX_Reliability
+title: ADMX_Reliability Policy CSP
+description: Learn more about the ADMX_Reliability Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
ms.author: vinpa
+ms.date: 01/05/2023
ms.localizationpriority: medium
-ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 08/13/2020
-ms.reviewer:
-manager: aaroncz
+ms.topic: reference
---
+
+
+
# Policy CSP - ADMX_Reliability
->[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+
+> [!TIP]
+> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
+
+
+
-
-## ADMX_Reliability policies
+
+## EE_EnablePersistentTimeStamp
-
- -
- ADMX_Reliability/EE_EnablePersistentTimeStamp
-
- -
- ADMX_Reliability/PCH_ReportShutdownEvents
-
- -
- ADMX_Reliability/ShutdownEventTrackerStateFile
-
- -
- ADMX_Reliability/ShutdownReason
-
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_Reliability/EE_EnablePersistentTimeStamp
+```
+
-
-
-
-**ADMX_Reliability/EE_EnablePersistentTimeStamp**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
+
+
This policy setting allows the system to detect the time of unexpected shutdowns by writing the current time to disk on a schedule controlled by the Timestamp Interval.
-If you enable this policy setting, you're able to specify how often the Persistent System Timestamp is refreshed and then written to the disk. You can specify the Timestamp Interval in seconds.
+If you enable this policy setting, you are able to specify how often the Persistent System Timestamp is refreshed and subsequently written to the disk. You can specify the Timestamp Interval in seconds.
-If you disable this policy setting, the Persistent System Timestamp is turned off and the timing of unexpected shutdowns isn't recorded.
+If you disable this policy setting, the Persistent System Timestamp is turned off and the timing of unexpected shutdowns is not recorded.
-If you don't configure this policy setting, the Persistent System Timestamp is refreshed according to the default, which is every 60 seconds beginning with Windows Server 2003.
+If you do not configure this policy setting, the Persistent System Timestamp is refreshed according the default, which is every 60 seconds beginning with Windows Server 2003.
-> [!NOTE]
-> This feature might interfere with power configuration settings that turn off hard disks after a period of inactivity. These power settings may be accessed in the Power Options Control Panel.
+Note: This feature might interfere with power configuration settings that turn off hard disks after a period of inactivity. These power settings may be accessed in the Power Options Control Panel.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Enable Persistent Time Stamp*
-- GP name: *EE_EnablePersistentTimeStamp*
-- GP path: *System*
-- GP ADMX file name: *Reliability.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-
+**ADMX mapping**:
-
-**ADMX_Reliability/PCH_ReportShutdownEvents**
+| Name | Value |
+|:--|:--|
+| Name | EE_EnablePersistentTimeStamp |
+| Friendly Name | Enable Persistent Time Stamp |
+| Location | Computer Configuration |
+| Path | System |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\Reliability |
+| Registry Value Name | TimeStampEnabled |
+| ADMX File Name | Reliability.admx |
+
-
+
+
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
-
-
+
+## PCH_ReportShutdownEvents
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-> [!div class = "checklist"]
-> * Device
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_Reliability/PCH_ReportShutdownEvents
+```
+
-
-
-
-
+
+
This policy setting controls whether or not unplanned shutdown events can be reported when error reporting is enabled.
If you enable this policy setting, error reporting includes unplanned shutdown events.
-If you disable this policy setting, unplanned shutdown events aren't included in error reporting.
+If you disable this policy setting, unplanned shutdown events are not included in error reporting.
-If you don't configure this policy setting, users can adjust this setting using the control panel, which is set to "Upload unplanned shutdown events" by default.
+If you do not configure this policy setting, users can adjust this setting using the control panel, which is set to "Upload unplanned shutdown events" by default.
Also see the "Configure Error Reporting" policy setting.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Report unplanned shutdown events*
-- GP name: *PCH_ReportShutdownEvents*
-- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
-- GP ADMX file name: *Reliability.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-
+**ADMX mapping**:
-
-**ADMX_Reliability/ShutdownEventTrackerStateFile**
+| Name | Value |
+|:--|:--|
+| Name | PCH_ReportShutdownEvents |
+| Friendly Name | Report unplanned shutdown events |
+| Location | Computer Configuration |
+| Path | CAT_WindowsErrorReporting > Advanced Error Reporting Settings |
+| Registry Key Name | Software\Policies\Microsoft\PCHealth\ErrorReporting |
+| Registry Value Name | IncludeShutdownErrs |
+| ADMX File Name | Reliability.admx |
+
-
+
+
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
-
-
+
+## ShutdownEventTrackerStateFile
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-> [!div class = "checklist"]
-> * Device
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_Reliability/ShutdownEventTrackerStateFile
+```
+
-
-
-
-
+
+
This policy setting defines when the Shutdown Event Tracker System State Data feature is activated.
-The system state data file contains information about the basic system state and the state of all running processes.
+The system state data file contains information about the basic system state as well as the state of all running processes.
If you enable this policy setting, the System State Data feature is activated when the user indicates that the shutdown or restart is unplanned.
If you disable this policy setting, the System State Data feature is never activated.
-If you don't configure this policy setting, the default behavior for the System State Data feature occurs.
+If you do not configure this policy setting, the default behavior for the System State Data feature occurs.
+Note: By default, the System State Data feature is always enabled on Windows Server 2003. See "Supported on" for all supported versions.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Activate Shutdown Event Tracker System State Data feature*
-- GP name: *ShutdownEventTrackerStateFile*
-- GP path: *System*
-- GP ADMX file name: *Reliability.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-
+**ADMX mapping**:
-
-**ADMX_Reliability/ShutdownReason**
+| Name | Value |
+|:--|:--|
+| Name | ShutdownEventTrackerStateFile |
+| Friendly Name | Activate Shutdown Event Tracker System State Data feature |
+| Location | Computer Configuration |
+| Path | System |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\Reliability |
+| Registry Value Name | SnapShot |
+| ADMX File Name | Reliability.admx |
+
-
+
+
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
-
-
+
+## ShutdownReason
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-> [!div class = "checklist"]
-> * Device
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_Reliability/ShutdownReason
+```
+
-
-
-
-
-The Shutdown Event Tracker can be displayed when you shut down a workstation or server. This tracker is an extra set of questions that is displayed when you invoke a shutdown to collect information related to why you're shutting down the computer.
+
+
+The Shutdown Event Tracker can be displayed when you shut down a workstation or server. This is an extra set of questions that is displayed when you invoke a shutdown to collect information related to why you are shutting down the computer.
If you enable this setting and choose "Always" from the drop-down menu list, the Shutdown Event Tracker is displayed when the computer shuts down.
@@ -239,28 +246,55 @@ If you enable this policy setting and choose "Server Only" from the drop-down me
If you enable this policy setting and choose "Workstation Only" from the drop-down menu list, the Shutdown Event Tracker is displayed when you shut down a computer running a client version of Windows. (See "Supported on" for supported versions.)
-If you disable this policy setting, the Shutdown Event Tracker isn't displayed when you shut down the computer.
+If you disable this policy setting, the Shutdown Event Tracker is not displayed when you shut down the computer.
-If you don't configure this policy setting, the default behavior for the Shutdown Event Tracker occurs.
+If you do not configure this policy setting, the default behavior for the Shutdown Event Tracker occurs.
-> [!NOTE]
-> By default, the Shutdown Event Tracker is only displayed on computers running Windows Server.
+Note: By default, the Shutdown Event Tracker is only displayed on computers running Windows Server.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Display Shutdown Event Tracker*
-- GP name: *ShutdownReason*
-- GP path: *System*
-- GP ADMX file name: *Reliability.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+**ADMX mapping**:
+| Name | Value |
+|:--|:--|
+| Name | ShutdownReason |
+| Friendly Name | Display Shutdown Event Tracker |
+| Location | Computer Configuration |
+| Path | System |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\Reliability |
+| Registry Value Name | ShutdownReasonOn |
+| ADMX File Name | Reliability.admx |
+
-
+
+
+
+
+
+
+
+
+
+
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
index bece2eb4d9..324ddf127c 100644
--- a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
@@ -1,159 +1,176 @@
---
-title: Policy CSP - ADMX_RemoteAssistance
-description: Learn about Policy CSP - ADMX_RemoteAssistance.
+title: ADMX_RemoteAssistance Policy CSP
+description: Learn more about the ADMX_RemoteAssistance Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
ms.author: vinpa
+ms.date: 01/05/2023
ms.localizationpriority: medium
-ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 12/14/2020
-ms.reviewer:
-manager: aaroncz
+ms.topic: reference
---
+
+
+
# Policy CSP - ADMX_RemoteAssistance
->[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+
+> [!TIP]
+> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
+
+
+
-
-## ADMX_RemoteAssistance policies
+
+## RA_EncryptedTicketOnly
-
- -
- ADMX_RemoteAssistance/RA_EncryptedTicketOnly
-
- -
- ADMX_RemoteAssistance/RA_Optimize_Bandwidth
-
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_RemoteAssistance/RA_EncryptedTicketOnly
+```
+
-
-
-
-**ADMX_RemoteAssistance/RA_EncryptedTicketOnly**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting enables Remote Assistance invitations to be generated with improved encryption so that only computers running this version (or later versions) of the operating system can connect. This policy setting doesn't affect Remote Assistance connections that are initiated by instant messaging contacts or the unsolicited Offer Remote Assistance.
+
+
+This policy setting enables Remote Assistance invitations to be generated with improved encryption so that only computers running this version (or later versions) of the operating system can connect. This policy setting does not affect Remote Assistance connections that are initiated by instant messaging contacts or the unsolicited Offer Remote Assistance.
If you enable this policy setting, only computers running this version (or later versions) of the operating system can connect to this computer.
If you disable this policy setting, computers running this version and a previous version of the operating system can connect to this computer.
-If you don't configure this policy setting, users can configure this setting in System Properties in the Control Panel.
+If you do not configure this policy setting, users can configure the setting in System Properties in the Control Panel.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Allow only Windows Vista or later connections*
-- GP name: *RA_EncryptedTicketOnly*
-- GP path: *System\Remote Assistance*
-- GP ADMX file name: *RemoteAssistance.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-
-**ADMX_RemoteAssistance/RA_Optimize_Bandwidth**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | RA_EncryptedTicketOnly |
+| Friendly Name | Allow only Windows Vista or later connections |
+| Location | Computer Configuration |
+| Path | System > Remote Assistance |
+| Registry Key Name | Software\policies\Microsoft\Windows NT\Terminal Services |
+| Registry Value Name | CreateEncryptedOnlyTickets |
+| ADMX File Name | RemoteAssistance.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## RA_Optimize_Bandwidth
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_RemoteAssistance/RA_Optimize_Bandwidth
+```
+
-
-
+
+
This policy setting allows you to improve performance in low bandwidth scenarios.
-This setting is incrementally scaled from "No optimization" to "Full optimization". Each incremental setting includes the previous optimization setting.
+This setting is incrementally scaled from "No optimization" to "Full optimization". Each incremental setting includes the previous optimization setting.
For example:
"Turn off background" will include the following optimizations:
-
-- No full window drag
-- Turn off background
+-No full window drag
+-Turn off background
"Full optimization" will include the following optimizations:
-
-- Use 16-bit color (8-bit color in Windows Vista)
-- Turn off font smoothing (not supported in Windows Vista)
-- No full window drag
-- Turn off background
+-Use 16-bit color (8-bit color in Windows Vista)
+-Turn off font smoothing (not supported in Windows Vista)
+-No full window drag
+-Turn off background
If you enable this policy setting, bandwidth optimization occurs at the level specified.
If you disable this policy setting, application-based settings are used.
-If you don't configure this policy setting, application-based settings are used.
+If you do not configure this policy setting, application-based settings are used.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Turn on bandwidth optimization*
-- GP name: *RA_Optimize_Bandwidth*
-- GP path: *System\Remote Assistance*
-- GP ADMX file name: *RemoteAssistance.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | RA_Optimize_Bandwidth |
+| Friendly Name | Turn on bandwidth optimization |
+| Location | Computer Configuration |
+| Path | System > Remote Assistance |
+| Registry Key Name | Software\policies\Microsoft\Windows NT\Terminal Services |
+| Registry Value Name | UseBandwidthOptimization |
+| ADMX File Name | RemoteAssistance.admx |
+
-## Related topics
+
+
+
-[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
+
+
+
+
+
+
+
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-removablestorage.md b/windows/client-management/mdm/policy-csp-admx-removablestorage.md
index 13c9f54981..1623673a7b 100644
--- a/windows/client-management/mdm/policy-csp-admx-removablestorage.md
+++ b/windows/client-management/mdm/policy-csp-admx-removablestorage.md
@@ -1,1623 +1,1968 @@
---
-title: Policy CSP - ADMX_RemovableStorage
-description: Learn about Policy CSP - ADMX_RemovableStorage.
+title: ADMX_RemovableStorage Policy CSP
+description: Learn more about the ADMX_RemovableStorage Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
ms.author: vinpa
+ms.date: 01/05/2023
ms.localizationpriority: medium
-ms.topic: article
ms.prod: windows-client
ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 12/10/2020
-ms.reviewer:
-manager: aaroncz
+ms.topic: reference
---
+
+
+
# Policy CSP - ADMX_RemovableStorage
->[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+
+> [!TIP]
+> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
+
+
+
-
-## ADMX_RemovableStorage policies
+
+## AccessRights_RebootTime_2
-
- -
- ADMX_RemovableStorage/AccessRights_RebootTime_1
-
- -
- ADMX_RemovableStorage/AccessRights_RebootTime_2
-
- -
- ADMX_RemovableStorage/CDandDVD_DenyExecute_Access_2
-
- -
- ADMX_RemovableStorage/CDandDVD_DenyRead_Access_1
-
- -
- ADMX_RemovableStorage/CDandDVD_DenyRead_Access_2
-
- -
- ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_1
-
- -
- ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_2
-
- -
- ADMX_RemovableStorage/CustomClasses_DenyRead_Access_1
-
- -
- ADMX_RemovableStorage/CustomClasses_DenyRead_Access_2
-
- -
- ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_1
-
- -
- ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_2
-
- -
- ADMX_RemovableStorage/FloppyDrives_DenyExecute_Access_2
-
- -
- ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_1
-
- -
- ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_2
-
- -
- ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_1
-
- -
- ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_2
-
- -
- ADMX_RemovableStorage/RemovableDisks_DenyExecute_Access_2
-
- -
- ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_1
-
- -
- ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_2
-
- -
- ADMX_RemovableStorage/RemovableDisks_DenyWrite_Access_1
-
- -
- ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_1
-
- -
- ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_2
-
- -
- ADMX_RemovableStorage/Removable_Remote_Allow_Access
-
- -
- ADMX_RemovableStorage/TapeDrives_DenyExecute_Access_2
-
- -
- ADMX_RemovableStorage/TapeDrives_DenyRead_Access_1
-
- -
- ADMX_RemovableStorage/TapeDrives_DenyRead_Access_2
-
- -
- ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_1
-
- -
- ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_2
-
- -
- ADMX_RemovableStorage/WPDDevices_DenyRead_Access_1
-
- -
- ADMX_RemovableStorage/WPDDevices_DenyRead_Access_2
-
- -
- ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_1
-
- -
- ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_2
-
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/AccessRights_RebootTime_2
+```
+
-
-
-
-**ADMX_RemovableStorage/AccessRights_RebootTime_1**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-
-
-
-
+
+
This policy setting configures the amount of time (in seconds) that the operating system waits to reboot in order to enforce a change in access rights to removable storage devices.
If you enable this policy setting, you can set the number of seconds you want the system to wait until a reboot.
-If you disable or don't configure this setting, the operating system does not force a reboot.
+If you disable or do not configure this setting, the operating system does not force a reboot.
-> [!NOTE]
-> If no reboot is forced, the access right does not take effect until the operating system is restarted.
+Note: If no reboot is forced, the access right does not take effect until the operating system is restarted.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Set time (in seconds) to force reboot*
-- GP name: *AccessRights_RebootTime_1*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-
-**ADMX_RemovableStorage/AccessRights_RebootTime_2**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | AccessRights_RebootTime |
+| Friendly Name | Set time (in seconds) to force reboot |
+| Location | Computer Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices |
+| Registry Value Name | RebootTimeinSeconds_state |
+| ADMX File Name | RemovableStorage.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## CDandDVD_DenyExecute_Access_2
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/CDandDVD_DenyExecute_Access_2
+```
+
-
-
-This policy setting configures the amount of time (in seconds) that the operating system waits to reboot in order to enforce a change in access rights to removable storage devices.
-
-If you enable this policy setting, you can set the number of seconds you want the system to wait until a reboot.
-
-If you disable or don't configure this setting, the operating system does not force a reboot
-
-> [!NOTE]
-> If no reboot is forced, the access right does not take effect until the operating system is restarted.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Set time (in seconds) to force reboot*
-- GP name: *AccessRights_RebootTime_2*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
-
-
-
-
-
-
-**ADMX_RemovableStorage/CDandDVD_DenyExecute_Access_2**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
+
+
This policy setting denies execute access to the CD and DVD removable storage class.
If you enable this policy setting, execute access is denied to this removable storage class.
-If you disable or don't configure this policy setting, execute access is allowed to this removable storage class.
+If you disable or do not configure this policy setting, execute access is allowed to this removable storage class.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *CD and DVD: Deny execute access*
-- GP name: *CDandDVD_DenyExecute_Access_2*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-
-**ADMX_RemovableStorage/CDandDVD_DenyRead_Access_1**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | CDandDVD_DenyExecute_Access |
+| Friendly Name | CD and DVD: Deny execute access |
+| Location | Computer Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b} |
+| Registry Value Name | Deny_Execute |
+| ADMX File Name | RemovableStorage.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## CDandDVD_DenyRead_Access_2
-> [!div class = "checklist"]
-> * User
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/CDandDVD_DenyRead_Access_2
+```
+
-
-
+
+
This policy setting denies read access to the CD and DVD removable storage class.
If you enable this policy setting, read access is denied to this removable storage class.
-If you disable or don't configure this policy setting, read access is allowed to this removable storage class.
-
+If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
+
+
+
+
-
-ADMX Info:
-- GP Friendly name: *CD and DVD: Deny read access*
-- GP name: *CDandDVD_DenyRead_Access_1*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
+
+**Description framework properties**:
-
-
-
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-**ADMX_RemovableStorage/CDandDVD_DenyRead_Access_2**
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-
+**ADMX mapping**:
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+| Name | Value |
+|:--|:--|
+| Name | CDandDVD_DenyRead_Access |
+| Friendly Name | CD and DVD: Deny read access |
+| Location | Computer Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b} |
+| Registry Value Name | Deny_Read |
+| ADMX File Name | RemovableStorage.admx |
+
-
-
+
+
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
-> [!div class = "checklist"]
-> * Device
+
+## CDandDVD_DenyWrite_Access_2
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
-
-This policy setting denies read access to the CD and DVD removable storage class.
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_2
+```
+
-If you enable this policy setting, read access is denied to this removable storage class.
-
-If you disable or don't configure this policy setting, read access is allowed to this removable storage class.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *CD and DVD: Deny read access*
-- GP name: *CDandDVD_DenyRead_Access_2*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
-
-
-
-
-
-
-**ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_1**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-
-
-
-
+
+
This policy setting denies write access to the CD and DVD removable storage class.
If you enable this policy setting, write access is denied to this removable storage class.
-If you disable or don't configure this policy setting, write access is allowed to this removable storage class.
+If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *CD and DVD: Deny write access*
-- GP name: *CDandDVD_DenyWrite_Access_1*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-
-**ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_2**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | CDandDVD_DenyWrite_Access |
+| Friendly Name | CD and DVD: Deny write access |
+| Location | Computer Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b} |
+| Registry Value Name | Deny_Write |
+| ADMX File Name | RemovableStorage.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## CustomClasses_DenyRead_Access_2
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/CustomClasses_DenyRead_Access_2
+```
+
-
-
-This policy setting denies write access to the CD and DVD removable storage class.
-
-If you enable this policy setting, write access is denied to this removable storage class.
-
-If you disable or don't configure this policy setting, write access is allowed to this removable storage class.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *CD and DVD: Deny write access*
-- GP name: *CDandDVD_DenyWrite_Access_2*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
-
-
-
-
-
-
-**ADMX_RemovableStorage/CustomClasses_DenyRead_Access_1**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-
-
-
-
+
+
This policy setting denies read access to custom removable storage classes.
If you enable this policy setting, read access is denied to these removable storage classes.
-If you disable or don't configure this policy setting, read access is allowed to these removable storage classes.
+If you disable or do not configure this policy setting, read access is allowed to these removable storage classes.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Custom Classes: Deny read access*
-- GP name: *CustomClasses_DenyRead_Access_1*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-
-**ADMX_RemovableStorage/CustomClasses_DenyRead_Access_2**
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | CustomClasses_DenyRead_Access |
+| Friendly Name | Custom Classes: Deny read access |
+| Location | Computer Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Read |
+| Registry Value Name | Deny_Read |
+| ADMX File Name | RemovableStorage.admx |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## CustomClasses_DenyWrite_Access_2
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_2
+```
+
-
-
-This policy setting denies read access to custom removable storage classes.
-
-If you enable this policy setting, read access is denied to these removable storage classes.
-
-If you disable or don't configure this policy setting, read access is allowed to these removable storage classes.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Custom Classes: Deny read access*
-- GP name: *CustomClasses_DenyRead_Access_2*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
-
-
-
-
-
-
-**ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_1**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-
-
-
-
+
+
This policy setting denies write access to custom removable storage classes.
If you enable this policy setting, write access is denied to these removable storage classes.
-If you disable or don't configure this policy setting, write access is allowed to these removable storage classes.
+If you disable or do not configure this policy setting, write access is allowed to these removable storage classes.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Custom Classes: Deny write access*
-- GP name: *CustomClasses_DenyWrite_Access_1*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
-
-
-
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-**ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_2**
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-
+**ADMX mapping**:
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+| Name | Value |
+|:--|:--|
+| Name | CustomClasses_DenyWrite_Access |
+| Friendly Name | Custom Classes: Deny write access |
+| Location | Computer Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Write |
+| Registry Value Name | Deny_Write |
+| ADMX File Name | RemovableStorage.admx |
+
-
-
+
+
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
-> [!div class = "checklist"]
-> * Device
+
+## FloppyDrives_DenyExecute_Access_2
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
-
-This policy setting denies write access to custom removable storage classes.
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/FloppyDrives_DenyExecute_Access_2
+```
+
-If you enable this policy setting, write access is denied to these removable storage classes.
-
-If you disable or don't configure this policy setting, write access is allowed to these removable storage classes.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Custom Classes: Deny write access*
-- GP name: *CustomClasses_DenyWrite_Access_2*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
-
-
-
-
-
-**ADMX_RemovableStorage/FloppyDrives_DenyExecute_Access_2**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
+
+
This policy setting denies execute access to the Floppy Drives removable storage class, including USB Floppy Drives.
If you enable this policy setting, execute access is denied to this removable storage class.
-If you disable or don't configure this policy setting, execute access is allowed to this removable storage class.
+If you disable or do not configure this policy setting, execute access is allowed to this removable storage class.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Floppy Drives: Deny execute access*
-- GP name: *FloppyDrives_DenyExecute_Access_2*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
-
-
-
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-**ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_1**
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-
+**ADMX mapping**:
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+| Name | Value |
+|:--|:--|
+| Name | FloppyDrives_DenyExecute_Access |
+| Friendly Name | Floppy Drives: Deny execute access |
+| Location | Computer Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b} |
+| Registry Value Name | Deny_Execute |
+| ADMX File Name | RemovableStorage.admx |
+
-
-
+
+
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
-> [!div class = "checklist"]
-> * User
+
+## FloppyDrives_DenyRead_Access_2
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_2
+```
+
+
+
+
This policy setting denies read access to the Floppy Drives removable storage class, including USB Floppy Drives.
If you enable this policy setting, read access is denied to this removable storage class.
-If you disable or don't configure this policy setting, read access is allowed to this removable storage class.
+If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Floppy Drives: Deny read access*
-- GP name: *FloppyDrives_DenyRead_Access_1*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
-
-
-
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-**ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_2**
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-
+**ADMX mapping**:
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+| Name | Value |
+|:--|:--|
+| Name | FloppyDrives_DenyRead_Access |
+| Friendly Name | Floppy Drives: Deny read access |
+| Location | Computer Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b} |
+| Registry Value Name | Deny_Read |
+| ADMX File Name | RemovableStorage.admx |
+
-
-
+
+
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
-> [!div class = "checklist"]
-> * Device
+
+## FloppyDrives_DenyWrite_Access_2
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
-
-This policy setting denies read access to the Floppy Drives removable storage class, including USB Floppy Drives.
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_2
+```
+
-If you enable this policy setting, read access is denied to this removable storage class.
-
-If you disable or don't configure this policy setting, read access is allowed to this removable storage class.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Floppy Drives: Deny read access*
-- GP name: *FloppyDrives_DenyRead_Access_2*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
-
-
-
-
-
-**ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_1**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-
-
-
-
+
+
This policy setting denies write access to the Floppy Drives removable storage class, including USB Floppy Drives.
If you enable this policy setting, write access is denied to this removable storage class.
-If you disable or don't configure this policy setting, write access is allowed to this removable storage class.
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Floppy Drives: Deny write access*
-- GP name: *FloppyDrives_DenyWrite_Access_1*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
-
-
-
-
-
-**ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_2**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting denies write access to the Floppy Drives removable storage class, including USB Floppy Drives.
-
-If you enable this policy setting, write access is denied to this removable storage class.
-
-If you disable or don't configure this policy setting, write access is allowed to this removable storage class.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Floppy Drives: Deny write access*
-- GP name: *FloppyDrives_DenyWrite_Access_2*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
-
-
-
-
-
-**ADMX_RemovableStorage/RemovableDisks_DenyExecute_Access_2**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting denies execute access to removable disks.
-
-If you enable this policy setting, execute access is denied to this removable storage class.
-
-If you disable or don't configure this policy setting, execute access is allowed to this removable storage class.
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Removable Disks: Deny execute access*
-- GP name: *RemovableDisks_DenyExecute_Access_2*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
-
-
-
-
-
-**ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_1**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-
-
-
-
-This policy setting denies read access to removable disks.
-
-If you enable this policy setting, read access is denied to this removable storage class.
-
-If you disable or don't configure this policy setting, read access is allowed to this removable storage class.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Removable Disks: Deny read access*
-- GP name: *RemovableDisks_DenyRead_Access_1*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
-
-
-
-
-
-**ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_2**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy setting denies read access to removable disks.
-
-If you enable this policy setting, read access is denied to this removable storage class.
-
-If you disable or don't configure this policy setting, read access is allowed to this removable storage class.
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Removable Disks: Deny read access*
-- GP name: *RemovableDisks_DenyRead_Access_2*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
-
-
-
-
-
-**ADMX_RemovableStorage/RemovableDisks_DenyWrite_Access_1**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-
-
-
-
-This policy setting denies write access to removable disks.
-
-If you enable this policy setting, write access is denied to this removable storage class.
-
-If you disable or don't configure this policy setting, write access is allowed to this removable storage class.
-
-> [!NOTE]
-> To require that users write data to BitLocker-protected storage, enable the policy setting "Deny write access to drives not protected by BitLocker," which is located in "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives."
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Removable Disks: Deny write access*
-- GP name: *RemovableDisks_DenyWrite_Access_1*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
-
-
-
-
-
-**ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_1**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-
-
-
-
-Configure access to all removable storage classes.
-
-This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes, use the policy settings available for each class.
-
-If you enable this policy setting, no access is allowed to any removable storage class.
-
-If you disable or don't configure this policy setting, write and read accesses are allowed to all removable storage classes.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *All Removable Storage classes: Deny all access*
-- GP name: *RemovableStorageClasses_DenyAll_Access_1*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
-
-
-
-
-
-**ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_2**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Configure access to all removable storage classes.
-
-This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes, use the policy settings available for each class.
-
-If you enable this policy setting, no access is allowed to any removable storage class.
-
-If you disable or don't configure this policy setting, write and read accesses are allowed to all removable storage classes.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *All Removable Storage classes: Deny all access*
-- GP name: *RemovableStorageClasses_DenyAll_Access_2*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
-
-
-
-
-
-**ADMX_RemovableStorage/Removable_Remote_Allow_Access**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
+If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | FloppyDrives_DenyWrite_Access |
+| Friendly Name | Floppy Drives: Deny write access |
+| Location | Computer Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b} |
+| Registry Value Name | Deny_Write |
+| ADMX File Name | RemovableStorage.admx |
+
+
+
+
+
+
+
+
+
+## Removable_Remote_Allow_Access
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/Removable_Remote_Allow_Access
+```
+
+
+
+
This policy setting grants normal users direct access to removable storage devices in remote sessions.
If you enable this policy setting, remote users can open direct handles to removable storage devices in remote sessions.
-If you disable or don't configure this policy setting, remote users cannot open direct handles to removable storage devices in remote sessions.
+If you disable or do not configure this policy setting, remote users cannot open direct handles to removable storage devices in remote sessions.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *All Removable Storage: Allow direct access in remote sessions*
-- GP name: *Removable_Remote_Allow_Access*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
-
-
-
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-**ADMX_RemovableStorage/TapeDrives_DenyExecute_Access_2**
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-
+**ADMX mapping**:
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+| Name | Value |
+|:--|:--|
+| Name | Removable_Remote_Allow_Access |
+| Friendly Name | All Removable Storage: Allow direct access in remote sessions |
+| Location | Computer Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices |
+| Registry Value Name | AllowRemoteDASD |
+| ADMX File Name | RemovableStorage.admx |
+
-
-
+
+
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
-> [!div class = "checklist"]
-> * Device
+
+## RemovableDisks_DenyExecute_Access_2
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/RemovableDisks_DenyExecute_Access_2
+```
+
+
+
+
+This policy setting denies execute access to removable disks.
+
+If you enable this policy setting, execute access is denied to this removable storage class.
+
+If you disable or do not configure this policy setting, execute access is allowed to this removable storage class.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | RemovableDisks_DenyExecute_Access |
+| Friendly Name | Removable Disks: Deny execute access |
+| Location | Computer Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
+| Registry Value Name | Deny_Execute |
+| ADMX File Name | RemovableStorage.admx |
+
+
+
+
+
+
+
+
+
+## RemovableDisks_DenyRead_Access_2
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_2
+```
+
+
+
+
+This policy setting denies read access to removable disks.
+
+If you enable this policy setting, read access is denied to this removable storage class.
+
+If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | RemovableDisks_DenyRead_Access |
+| Friendly Name | Removable Disks: Deny read access |
+| Location | Computer Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
+| Registry Value Name | Deny_Read |
+| ADMX File Name | RemovableStorage.admx |
+
+
+
+
+
+
+
+
+
+## RemovableStorageClasses_DenyAll_Access_2
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_2
+```
+
+
+
+
+Configure access to all removable storage classes.
+
+This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes, use the policy settings available for each class.
+
+If you enable this policy setting, no access is allowed to any removable storage class.
+
+If you disable or do not configure this policy setting, write and read accesses are allowed to all removable storage classes.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | RemovableStorageClasses_DenyAll_Access |
+| Friendly Name | All Removable Storage classes: Deny all access |
+| Location | Computer Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices |
+| Registry Value Name | Deny_All |
+| ADMX File Name | RemovableStorage.admx |
+
+
+
+
+
+
+
+
+
+## TapeDrives_DenyExecute_Access_2
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/TapeDrives_DenyExecute_Access_2
+```
+
+
+
+
This policy setting denies execute access to the Tape Drive removable storage class.
If you enable this policy setting, execute access is denied to this removable storage class.
-If you disable or don't configure this policy setting, execute access is allowed to this removable storage class.
+If you disable or do not configure this policy setting, execute access is allowed to this removable storage class.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Tape Drives: Deny execute access*
-- GP name: *TapeDrives_DenyExecute_Access_2*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
-
-
-
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-**ADMX_RemovableStorage/TapeDrives_DenyRead_Access_1**
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-
+**ADMX mapping**:
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+| Name | Value |
+|:--|:--|
+| Name | TapeDrives_DenyExecute_Access |
+| Friendly Name | Tape Drives: Deny execute access |
+| Location | Computer Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b} |
+| Registry Value Name | Deny_Execute |
+| ADMX File Name | RemovableStorage.admx |
+
-
-
+
+
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
-> [!div class = "checklist"]
-> * User
+
+## TapeDrives_DenyRead_Access_2
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/TapeDrives_DenyRead_Access_2
+```
+
+
+
+
This policy setting denies read access to the Tape Drive removable storage class.
If you enable this policy setting, read access is denied to this removable storage class.
-If you disable or don't configure this policy setting, read access is allowed to this removable storage class.
-
+If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
+
+
+
+
-
-ADMX Info:
-- GP Friendly name: *Tape Drives: Deny read access*
-- GP name: *TapeDrives_DenyRead_Access_1*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
-
-
-
+
+**Description framework properties**:
-
-**ADMX_RemovableStorage/TapeDrives_DenyRead_Access_2**
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+**ADMX mapping**:
-
-
+| Name | Value |
+|:--|:--|
+| Name | TapeDrives_DenyRead_Access |
+| Friendly Name | Tape Drives: Deny read access |
+| Location | Computer Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b} |
+| Registry Value Name | Deny_Read |
+| ADMX File Name | RemovableStorage.admx |
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+
+
-> [!div class = "checklist"]
-> * Device
+
-
+
+## TapeDrives_DenyWrite_Access_2
-
-
-This policy setting denies read access to the Tape Drive removable storage class.
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-If you enable this policy setting, read access is denied to this removable storage class.
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_2
+```
+
-If you disable or don't configure this policy setting, read access is allowed to this removable storage class.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Tape Drives: Deny read access*
-- GP name: *TapeDrives_DenyRead_Access_2*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
-
-
-
-
-
-**ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_1**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-
-
-
-
+
+
This policy setting denies write access to the Tape Drive removable storage class.
If you enable this policy setting, write access is denied to this removable storage class.
-If you disable or don't configure this policy setting, write access is allowed to this removable storage class.
-
+If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
+
+
+
+
-
-ADMX Info:
-- GP Friendly name: *Tape Drives: Deny write access*
-- GP name: *TapeDrives_DenyWrite_Access_1*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
-
-
-
+
+**Description framework properties**:
-
-**ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_2**
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+**ADMX mapping**:
-
-
+| Name | Value |
+|:--|:--|
+| Name | TapeDrives_DenyWrite_Access |
+| Friendly Name | Tape Drives: Deny write access |
+| Location | Computer Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b} |
+| Registry Value Name | Deny_Write |
+| ADMX File Name | RemovableStorage.admx |
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+
+
-> [!div class = "checklist"]
-> * Device
+
-
+
+## WPDDevices_DenyRead_Access_2
-
-
-This policy setting denies write access to the Tape Drive removable storage class.
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-If you enable this policy setting, write access is denied to this removable storage class.
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/WPDDevices_DenyRead_Access_2
+```
+
-If you disable or don't configure this policy setting, write access is allowed to this removable storage class.
-
-
-
-
-
-ADMX Info:
-- GP Friendly name: *Tape Drives: Deny write access*
-- GP name: *TapeDrives_DenyWrite_Access_2*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
-
-
-
-
-
-**ADMX_RemovableStorage/WPDDevices_DenyRead_Access_1**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-
-
-
-
+
+
This policy setting denies read access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.
If you enable this policy setting, read access is denied to this removable storage class.
-If you disable or don't configure this policy setting, read access is allowed to this removable storage class.
+If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *WPD Devices: Deny read access*
-- GP name: *WPDDevices_DenyRead_Access_1*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
-
-
-
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-**ADMX_RemovableStorage/WPDDevices_DenyRead_Access_2**
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-
+**ADMX mapping**:
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+| Name | Value |
+|:--|:--|
+| Name | WPDDevices_DenyRead_Access |
+| Friendly Name | WPD Devices: Deny read access |
+| Location | Computer Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33} |
+| Registry Value Name | Deny_Read |
+| ADMX File Name | RemovableStorage.admx |
+
-
-
+
+
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
-> [!div class = "checklist"]
-> * Device
+
+## WPDDevices_DenyWrite_Access_2
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
-
-This policy setting denies read access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_2
+```
+
-If you enable this policy setting, read access is denied to this removable storage class.
-
-If you disable or don't configure this policy setting, read access is allowed to this removable storage class.
-
-
-
-
-ADMX Info:
-- GP Friendly name: *WPD Devices: Deny read access*
-- GP name: *WPDDevices_DenyRead_Access_2*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
-
-
-
-
-
-**ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_1**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * User
-
-
-
-
-
+
+
This policy setting denies write access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.
If you enable this policy setting, write access is denied to this removable storage class.
-If you disable or don't configure this policy setting, write access is allowed to this removable storage class.
+If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *WPD Devices: Deny write access*
-- GP name: *WPDDevices_DenyWrite_Access_1*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
-
-
-
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-**ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_2**
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-
+**ADMX mapping**:
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+| Name | Value |
+|:--|:--|
+| Name | WPDDevices_DenyWrite_Access |
+| Friendly Name | WPD Devices: Deny write access |
+| Location | Computer Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33} |
+| Registry Value Name | Deny_Write |
+| ADMX File Name | RemovableStorage.admx |
+
-
-
+
+
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
-> [!div class = "checklist"]
-> * Device
+
+## AccessRights_RebootTime_1
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
-
-
-This policy setting denies write access to removable disks that may include media players, cellular phones, auxiliary displays, and CE devices.
+
+```User
+./User/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/AccessRights_RebootTime_1
+```
+
+
+
+
+This policy setting configures the amount of time (in seconds) that the operating system waits to reboot in order to enforce a change in access rights to removable storage devices.
+
+If you enable this policy setting, you can set the number of seconds you want the system to wait until a reboot.
+
+If you disable or do not configure this setting, the operating system does not force a reboot.
+
+Note: If no reboot is forced, the access right does not take effect until the operating system is restarted.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | AccessRights_RebootTime |
+| Friendly Name | Set time (in seconds) to force reboot |
+| Location | User Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices |
+| Registry Value Name | RebootTimeinSeconds_state |
+| ADMX File Name | RemovableStorage.admx |
+
+
+
+
+
+
+
+
+
+## CDandDVD_DenyRead_Access_1
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```User
+./User/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/CDandDVD_DenyRead_Access_1
+```
+
+
+
+
+This policy setting denies read access to the CD and DVD removable storage class.
+
+If you enable this policy setting, read access is denied to this removable storage class.
+
+If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | CDandDVD_DenyRead_Access |
+| Friendly Name | CD and DVD: Deny read access |
+| Location | User Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b} |
+| Registry Value Name | Deny_Read |
+| ADMX File Name | RemovableStorage.admx |
+
+
+
+
+
+
+
+
+
+## CDandDVD_DenyWrite_Access_1
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```User
+./User/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_1
+```
+
+
+
+
+This policy setting denies write access to the CD and DVD removable storage class.
If you enable this policy setting, write access is denied to this removable storage class.
-If you disable or don't configure this policy setting, write access is allowed to this removable storage class.
+If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *WPD Devices: Deny write access*
-- GP name: *WPDDevices_DenyWrite_Access_2*
-- GP path: *System\Removable Storage Access*
-- GP ADMX file name: *RemovableStorage.admx*
-
-
-
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+**ADMX mapping**:
-
+| Name | Value |
+|:--|:--|
+| Name | CDandDVD_DenyWrite_Access |
+| Friendly Name | CD and DVD: Deny write access |
+| Location | User Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b} |
+| Registry Value Name | Deny_Write |
+| ADMX File Name | RemovableStorage.admx |
+
-## Related topics
+
+
+
-[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
+
+
+
+## CustomClasses_DenyRead_Access_1
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```User
+./User/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/CustomClasses_DenyRead_Access_1
+```
+
+
+
+
+This policy setting denies read access to custom removable storage classes.
+
+If you enable this policy setting, read access is denied to these removable storage classes.
+
+If you disable or do not configure this policy setting, read access is allowed to these removable storage classes.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | CustomClasses_DenyRead_Access |
+| Friendly Name | Custom Classes: Deny read access |
+| Location | User Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Read |
+| Registry Value Name | Deny_Read |
+| ADMX File Name | RemovableStorage.admx |
+
+
+
+
+
+
+
+
+
+## CustomClasses_DenyWrite_Access_1
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```User
+./User/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_1
+```
+
+
+
+
+This policy setting denies write access to custom removable storage classes.
+
+If you enable this policy setting, write access is denied to these removable storage classes.
+
+If you disable or do not configure this policy setting, write access is allowed to these removable storage classes.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | CustomClasses_DenyWrite_Access |
+| Friendly Name | Custom Classes: Deny write access |
+| Location | User Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Write |
+| Registry Value Name | Deny_Write |
+| ADMX File Name | RemovableStorage.admx |
+
+
+
+
+
+
+
+
+
+## FloppyDrives_DenyRead_Access_1
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```User
+./User/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_1
+```
+
+
+
+
+This policy setting denies read access to the Floppy Drives removable storage class, including USB Floppy Drives.
+
+If you enable this policy setting, read access is denied to this removable storage class.
+
+If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | FloppyDrives_DenyRead_Access |
+| Friendly Name | Floppy Drives: Deny read access |
+| Location | User Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b} |
+| Registry Value Name | Deny_Read |
+| ADMX File Name | RemovableStorage.admx |
+
+
+
+
+
+
+
+
+
+## FloppyDrives_DenyWrite_Access_1
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```User
+./User/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_1
+```
+
+
+
+
+This policy setting denies write access to the Floppy Drives removable storage class, including USB Floppy Drives.
+
+If you enable this policy setting, write access is denied to this removable storage class.
+
+If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | FloppyDrives_DenyWrite_Access |
+| Friendly Name | Floppy Drives: Deny write access |
+| Location | User Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b} |
+| Registry Value Name | Deny_Write |
+| ADMX File Name | RemovableStorage.admx |
+
+
+
+
+
+
+
+
+
+## RemovableDisks_DenyRead_Access_1
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```User
+./User/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_1
+```
+
+
+
+
+This policy setting denies read access to removable disks.
+
+If you enable this policy setting, read access is denied to this removable storage class.
+
+If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | RemovableDisks_DenyRead_Access |
+| Friendly Name | Removable Disks: Deny read access |
+| Location | User Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
+| Registry Value Name | Deny_Read |
+| ADMX File Name | RemovableStorage.admx |
+
+
+
+
+
+
+
+
+
+## RemovableDisks_DenyWrite_Access_1
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```User
+./User/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/RemovableDisks_DenyWrite_Access_1
+```
+
+
+
+
+This policy setting denies write access to removable disks.
+
+If you enable this policy setting, write access is denied to this removable storage class.
+
+If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
+
+Note: To require that users write data to BitLocker-protected storage, enable the policy setting "Deny write access to drives not protected by BitLocker," which is located in "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives."
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | RemovableDisks_DenyWrite_Access |
+| Friendly Name | Removable Disks: Deny write access |
+| Location | User Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
+| Registry Value Name | Deny_Write |
+| ADMX File Name | RemovableStorage.admx |
+
+
+
+
+
+
+
+
+
+## RemovableStorageClasses_DenyAll_Access_1
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```User
+./User/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_1
+```
+
+
+
+
+Configure access to all removable storage classes.
+
+This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes, use the policy settings available for each class.
+
+If you enable this policy setting, no access is allowed to any removable storage class.
+
+If you disable or do not configure this policy setting, write and read accesses are allowed to all removable storage classes.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | RemovableStorageClasses_DenyAll_Access |
+| Friendly Name | All Removable Storage classes: Deny all access |
+| Location | User Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices |
+| Registry Value Name | Deny_All |
+| ADMX File Name | RemovableStorage.admx |
+
+
+
+
+
+
+
+
+
+## TapeDrives_DenyRead_Access_1
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```User
+./User/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/TapeDrives_DenyRead_Access_1
+```
+
+
+
+
+This policy setting denies read access to the Tape Drive removable storage class.
+
+If you enable this policy setting, read access is denied to this removable storage class.
+
+If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | TapeDrives_DenyRead_Access |
+| Friendly Name | Tape Drives: Deny read access |
+| Location | User Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b} |
+| Registry Value Name | Deny_Read |
+| ADMX File Name | RemovableStorage.admx |
+
+
+
+
+
+
+
+
+
+## TapeDrives_DenyWrite_Access_1
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```User
+./User/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_1
+```
+
+
+
+
+This policy setting denies write access to the Tape Drive removable storage class.
+
+If you enable this policy setting, write access is denied to this removable storage class.
+
+If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | TapeDrives_DenyWrite_Access |
+| Friendly Name | Tape Drives: Deny write access |
+| Location | User Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b} |
+| Registry Value Name | Deny_Write |
+| ADMX File Name | RemovableStorage.admx |
+
+
+
+
+
+
+
+
+
+## WPDDevices_DenyRead_Access_1
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```User
+./User/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/WPDDevices_DenyRead_Access_1
+```
+
+
+
+
+This policy setting denies read access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.
+
+If you enable this policy setting, read access is denied to this removable storage class.
+
+If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | WPDDevices_DenyRead_Access |
+| Friendly Name | WPD Devices: Deny read access |
+| Location | User Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33} |
+| Registry Value Name | Deny_Read |
+| ADMX File Name | RemovableStorage.admx |
+
+
+
+
+
+
+
+
+
+## WPDDevices_DenyWrite_Access_1
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```User
+./User/Vendor/MSFT/Policy/Config/ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_1
+```
+
+
+
+
+This policy setting denies write access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.
+
+If you enable this policy setting, write access is denied to this removable storage class.
+
+If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | WPDDevices_DenyWrite_Access |
+| Friendly Name | WPD Devices: Deny write access |
+| Location | User Configuration |
+| Path | System > Removable Storage Access |
+| Registry Key Name | Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33} |
+| Registry Value Name | Deny_Write |
+| ADMX File Name | RemovableStorage.admx |
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)