diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index 6dbc487f58..7a91d505ae 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -9,6 +9,7 @@ "build_output_subfolder": "mdop-VSTS", "locale": "en-us", "monikers": [], + "moniker_groups": [], "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content", @@ -25,6 +26,7 @@ "build_output_subfolder": "windows-manage-VSTS", "locale": "en-us", "monikers": [], + "moniker_groups": [], "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content", @@ -41,6 +43,7 @@ "build_output_subfolder": "smb-VSTS", "locale": "en-us", "monikers": [], + "moniker_groups": [], "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content", @@ -57,6 +60,7 @@ "build_output_subfolder": "surface-hub-VSTS", "locale": "en-us", "monikers": [], + "moniker_groups": [], "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content", @@ -73,6 +77,7 @@ "build_output_subfolder": "microsoft-edge-VSTS", "locale": "en-us", "monikers": [], + "moniker_groups": [], "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content", @@ -89,6 +94,7 @@ "build_output_subfolder": "win-development-VSTS", "locale": "en-us", "monikers": [], + "moniker_groups": [], "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content", @@ -105,6 +111,7 @@ "build_output_subfolder": "windows-plan-VSTS", "locale": "en-us", "monikers": [], + "moniker_groups": [], "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content", @@ -121,6 +128,7 @@ "build_output_subfolder": "win-client-management-VSTS", "locale": "en-us", "monikers": [], + "moniker_groups": [], "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content", @@ -137,6 +145,7 @@ "build_output_subfolder": "win-threat-protection-VSTS", "locale": "en-us", "monikers": [], + "moniker_groups": [], "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content", @@ -153,6 +162,7 @@ "build_output_subfolder": "win-app-management-VSTS", "locale": "en-us", "monikers": [], + "moniker_groups": [], "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content", @@ -169,6 +179,7 @@ "build_output_subfolder": "windows-deploy-VSTS", "locale": "en-us", "monikers": [], + "moniker_groups": [], "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content", @@ -185,6 +196,7 @@ "build_output_subfolder": "keep-secure-VSTS", "locale": "en-us", "monikers": [], + "moniker_groups": [], "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content", @@ -201,6 +213,7 @@ "build_output_subfolder": "surface-VSTS", "locale": "en-us", "monikers": [], + "moniker_groups": [], "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content", @@ -217,6 +230,7 @@ "build_output_subfolder": "windows-hub-VSTS", "locale": "en-us", "monikers": [], + "moniker_groups": [], "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content", @@ -233,6 +247,7 @@ "build_output_subfolder": "internet-explorer-VSTS", "locale": "en-us", "monikers": [], + "moniker_groups": [], "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content", @@ -249,6 +264,7 @@ "build_output_subfolder": "bcs-VSTS", "locale": "en-us", "monikers": [], + "moniker_groups": [], "open_to_public_contributors": false, "type_mapping": { "Conceptual": "Content", @@ -265,6 +281,7 @@ "build_output_subfolder": "win-access-protection-VSTS", "locale": "en-us", "monikers": [], + "moniker_groups": [], "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content", @@ -281,6 +298,7 @@ "build_output_subfolder": "win-device-security-VSTS", "locale": "en-us", "monikers": [], + "moniker_groups": [], "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content", @@ -297,6 +315,7 @@ "build_output_subfolder": "education-VSTS", "locale": "en-us", "monikers": [], + "moniker_groups": [], "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content", @@ -313,6 +332,7 @@ "build_output_subfolder": "store-for-business-VSTS", "locale": "en-us", "monikers": [], + "moniker_groups": [], "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content", @@ -329,6 +349,7 @@ "build_output_subfolder": "win-configuration-VSTS", "locale": "en-us", "monikers": [], + "moniker_groups": [], "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content", @@ -345,6 +366,7 @@ "build_output_subfolder": "windows-update-VSTS", "locale": "en-us", "monikers": [], + "moniker_groups": [], "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content", @@ -361,6 +383,7 @@ "build_output_subfolder": "win-whats-new-VSTS", "locale": "en-us", "monikers": [], + "moniker_groups": [], "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content", @@ -377,6 +400,7 @@ "build_output_subfolder": "itpro-hololens-VSTS", "locale": "en-us", "monikers": [], + "moniker_groups": [], "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content", @@ -393,6 +417,7 @@ "build_output_subfolder": "windows-configure-VSTS", "locale": "en-us", "monikers": [], + "moniker_groups": [], "open_to_public_contributors": true, "type_mapping": { "Conceptual": "Content", @@ -402,6 +427,23 @@ "build_entry_point": "docs", "template_folder": "_themes", "version": 0 + }, + { + "docset_name": "microsoft-365", + "build_source_folder": "microsoft-365", + "build_output_subfolder": "microsoft-365", + "locale": "en-us", + "monikers": [], + "moniker_groups": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes", + "version": 0 } ], "notification_subscribers": [ diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md index c62e0d7b6a..9c908fe294 100644 --- a/browsers/edge/available-policies.md +++ b/browsers/edge/available-policies.md @@ -656,7 +656,7 @@ All devices must be enrolled with Intune if you want to use the Windows Custom U ### ClearBrowsingDataOnExit - **Supported versions:** Windows 10, version 1703 -- **Supported devices:** Both +- **Supported devices:** Desktop - **Details:** diff --git a/devices/surface-hub/change-history-surface-hub.md b/devices/surface-hub/change-history-surface-hub.md index 7a75e9bddd..39d6b09259 100644 --- a/devices/surface-hub/change-history-surface-hub.md +++ b/devices/surface-hub/change-history-surface-hub.md @@ -22,6 +22,7 @@ This topic lists new and updated topics in the [Surface Hub Admin Guide]( surfac | --- | --- | | [Windows updates](manage-windows-updates-for-surface-hub.md) | Changed deferral recommendations for Windows Updates | | [Set up and use Whiteboard to Whiteboard collaboration](whiteboard-collaboration.md) | Added Whiteboard URLs to prerequisites | +| [Hybrid deployment](hybrid-deployment-surface-hub-device-accounts.md#skype-for-business-online) | Updated the Skype for Business Online requirements | ## June 2017 diff --git a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md index fd1ab47a02..cda880c3e3 100644 --- a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md +++ b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md @@ -116,15 +116,24 @@ Next, you enable the device account with [Skype for Business Online](#skype-for- ### Skype for Business Online -To enable Skype for Business online, your environment will need to meet the following prerequisites: +To enable Skype for Business online, your tenant users must have Exchange mailboxes (at least one Exchange mailbox in the tenant is required). The following table explains which plans or additional services you need. -- You need to have Lync Online (Plan 2) or higher in your O365 plan. The plan needs to support conferencing capability. +| Skype room system scenario | If you have Office 365 Premium, Office 365 ProPlus, or Skype for Business Standalone Plan 2, you need: | If you have an Enterprise-based plan, you need: | If you have have Skype for Business Server 2015 (on-premises or hybrid), you need: | +| --- | --- | --- | --- | +| Join a scheduled meeting | Skype for Business Standalone Plan 1 | E1, 3, 4, or 5 | Skype for Business Server Standard CAL | +| Initiate an ad-hoc meeting | Skype for Business Standalone Plan 2 | E 1, 3, 4, or 5 | Skype for Business Server Standard CAL or Enterprise CAL | +| Initiate an ad-hoc meeting and dial out from a meeting to phone numbers | Skype for Business Standalone Plan 2 with PSTN Conferencing

**Note** PSTN consumption billing is optional | E1 or E3 with PSTN Conferencing, or E5| Skype for Business Server Standard CAL or Enterprise CAL | +| Give the room a phone number and make or receive calls from the room or join a dial-in conference using a phone number | Skype for Business Standalone Plan 2 with Cloud PBX and a PSTN Voice Calling plan | E1 or E3 with Cloud PBX and a PSTN Voice Calling plan, or E5 | Skype for Business Server Standard CAL or Plus CAL | -- If you need Enterprise Voice (PSTN telephony) using telephony service providers for the Surface Hub, you need Lync Online (Plan 3). - -- Your tenant users must have Exchange mailboxes (at least one Exchange mailbox in the tenant is required). - -- Your Surface Hub account does require a Lync Online (Plan 2) or Lync Online (Plan 3) license, but it does not require an Exchange Online license. +The following table lists the Office 365 plans and Skype for Business options. + +| O365 Plan | Skype for Business | Cloud PBX | PSTN Conferencing | PSTN Calling | +| --- | --- | --- | --- | --- | +| O365 Business Essentials | Included | | | | +| O365 Business Premium | Included | | | | +| E1 | Included | Add-on | Add-on | Add-on (requires Cloud PBX add-on) | +| E3 | Included | Add-on | Add-on | Add-on (requires Cloud PBX add-on) | +| E5 | Included | Included | Included | Add-on | 1. Start by creating a remote PowerShell session from a PC to the Skype for Business online environment. diff --git a/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md b/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md index 78d2526dde..bb53d965cc 100644 --- a/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md +++ b/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md @@ -69,30 +69,27 @@ The following diagram and table describe the recommended high-level architecture ![mbam2\-5](images/mbam2-5-cmserver.png) -Server -Features to configure on this server -Description -Database Server +### Database Server -Recovery Database +#### Recovery Database This feature is configured on a computer running Windows Server and supported SQL Server instance. The **Recovery Database** stores recovery data that is collected from MBAM Client computers. -Audit Database +#### Audit Database This feature is configured on a computer running Windows Server and supported SQL Server instance. The **Audit Database** stores audit activity data that is collected from client computers that have accessed recovery data. -Reports +#### Reports This feature is configured on a computer running Windows Server and supported SQL Server instance. The **Reports** provide recovery audit data for the client computers in your enterprise. You can view reports from the Configuration Manager console or directly from SQL Server Reporting Services. -Configuration Manager Primary Site Server +### Configuration Manager Primary Site Server System Center Configuration Manager Integration feature @@ -104,9 +101,9 @@ System Center Configuration Manager Integration feature - The **Configuration Manager console** must be installed on the same computer on which you install the MBAM Server software. -Administration and Monitoring Server +### Administration and Monitoring Server -Administration and Monitoring Website +#### Administration and Monitoring Website This feature is configured on a computer running Windows Server. @@ -116,13 +113,13 @@ The **Administration and Monitoring Website** is used to: - View the Recovery Audit Report, which shows recovery activity for client computers. Other reports are viewed from the Configuration Manager console. -Self-Service Portal +#### Self-Service Portal This feature is configured on a computer running Windows Server. The **Self-Service Portal** is a website that enables end users on client computers to independently log on to a website to get a recovery key if they lose or forget their BitLocker password. -Monitoring web services for this website +#### Monitoring web services for this website This feature is installed on a computer running Windows Server. @@ -133,9 +130,9 @@ The Monitoring Web Service is no longer available in Microsoft BitLocker Adminis   -Management Workstation +### Management Workstation -MBAM Group Policy Templates +#### MBAM Group Policy Templates - The **MBAM Group Policy Templates** are Group Policy settings that define implementation settings for MBAM, which enable you to manage BitLocker drive encryption. @@ -146,9 +143,9 @@ MBAM Group Policy Templates   -MBAM Client and Configuration Manager Client computer +### MBAM Client and Configuration Manager Client computer -MBAM Client software +#### MBAM Client software The **MBAM Client**: @@ -158,7 +155,7 @@ The **MBAM Client**: - Collects recovery information and computer information about the client computers. -Configuration Manager Client +#### Configuration Manager Client The **Configuration Manager Client** enables Configuration Manager to collect hardware compatibility data about the client computers and report compliance information. diff --git a/microsoft-365/TOC.md b/microsoft-365/TOC.md new file mode 100644 index 0000000000..06913f7aef --- /dev/null +++ b/microsoft-365/TOC.md @@ -0,0 +1 @@ +# [Index](index.md) \ No newline at end of file diff --git a/microsoft-365/docfx.json b/microsoft-365/docfx.json new file mode 100644 index 0000000000..585130e915 --- /dev/null +++ b/microsoft-365/docfx.json @@ -0,0 +1,37 @@ +{ + "build": { + "content": [ + { + "files": [ + "**/*.md" + ], + "exclude": [ + "**/obj/**", + "**/includes/**", + "README.md", + "LICENSE", + "LICENSE-CODE", + "ThirdPartyNotices" + ] + } + ], + "resource": [ + { + "files": [ + "**/*.png", + "**/*.jpg" + ], + "exclude": [ + "**/obj/**", + "**/includes/**" + ] + } + ], + "overwrite": [], + "externalReference": [], + "globalMetadata": {}, + "fileMetadata": {}, + "template": [], + "dest": "microsoft-365" + } +} \ No newline at end of file diff --git a/microsoft-365/index.md b/microsoft-365/index.md index 867e2c8492..a6053ce471 100644 --- a/microsoft-365/index.md +++ b/microsoft-365/index.md @@ -1 +1 @@ -# Placeholder \ No newline at end of file +# Placeholder! \ No newline at end of file diff --git a/windows/access-protection/hello-for-business/hello-overview.md b/windows/access-protection/hello-for-business/hello-overview.md index 1684f8f6cf..ed20e9658b 100644 --- a/windows/access-protection/hello-for-business/hello-overview.md +++ b/windows/access-protection/hello-for-business/hello-overview.md @@ -1,6 +1,6 @@ --- title: Windows Hello for Business (Windows 10) -description: An overview of Winodws Hello for Business +description: An overview of Windows Hello for Business keywords: identity, PIN, biometric, Hello, passport ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/access-protection/hello-for-business/toc.md b/windows/access-protection/hello-for-business/toc.md index d6542a7d8f..e99fabcb82 100644 --- a/windows/access-protection/hello-for-business/toc.md +++ b/windows/access-protection/hello-for-business/toc.md @@ -1,6 +1,6 @@ # [Windows Hello for Business](hello-identity-verification.md) -## [Winodws Hello for Business Overview](hello-overview.md) +## [Windows Hello for Business Overview](hello-overview.md) ## [How Windows Hello for Business works](hello-how-it-works.md) ## [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md) ## [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md) diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md index e249f70aa6..e9a60b1ed6 100644 --- a/windows/client-management/mandatory-user-profile.md +++ b/windows/client-management/mandatory-user-profile.md @@ -17,8 +17,7 @@ ms.date: 06/13/2017 - Windows 10 -> [!NOTE] -> When a mandatory profile is applied to a PC running Windows 10, version 1511, some features such as Universal Windows Platform (UWP) apps, the Start menu, Cortana, and Search, will not work correctly. This will be fixed in a future update. + A mandatory user profile is a roaming user profile that has been pre-configured by an administrator to specify settings for users. Settings commonly defined in a mandatory profile include (but are not limited to): icons that appear on the desktop, desktop backgrounds, user preferences in Control Panel, printer selections, and more. Configuration changes made during a user's session that are normally saved to a roaming user profile are not saved when a mandatory user profile is assigned. diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 9f6c24805f..b2df21acb7 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -256,7 +256,7 @@ The following diagram shows the Policy configuration service provider in tree fo AppVirtualization/PublishingAllowServer5
- AppVirtualization/StreamingAllowCertificateFilterForClient_SSL + AppVirtualization/StreamingAllowCertificateFilterForClient_SSL
AppVirtualization/StreamingAllowHighCostLaunch @@ -476,7 +476,7 @@ The following diagram shows the Policy configuration service provider in tree fo
- Cellular/ShowAppCellularAccessUI + Cellular/ShowAppCellularAccessUI
@@ -508,19 +508,19 @@ The following diagram shows the Policy configuration service provider in tree fo Connectivity/AllowVPNRoamingOverCellular
- Connectivity/DiablePrintingOverHTTP + Connectivity/DiablePrintingOverHTTP
- Connectivity/DisableDownloadingOfPrintDriversOverHTTP + Connectivity/DisableDownloadingOfPrintDriversOverHTTP
- Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards + Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards
Connectivity/HardenedUNCPaths
- Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge + Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge
@@ -982,13 +982,13 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/AllowAddOnList
- InternetExplorer/AllowAutoComplete + InternetExplorer/AllowAutoComplete
- InternetExplorer/AllowCertificateAddressMismatchWarning + InternetExplorer/AllowCertificateAddressMismatchWarning
- InternetExplorer/AllowDeletingBrowsingHistoryOnExit + InternetExplorer/AllowDeletingBrowsingHistoryOnExit
InternetExplorer/AllowEnhancedProtectedMode @@ -1000,7 +1000,7 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/AllowEnterpriseModeSiteList
- InternetExplorer/AllowFallbackToSSL3 + InternetExplorer/AllowFallbackToSSL3
InternetExplorer/AllowInternetExplorer7PolicyList @@ -1036,7 +1036,7 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/AllowSiteToZoneAssignmentList
- InternetExplorer/AllowSoftwareWhenSignatureIsInvalid + InternetExplorer/AllowSoftwareWhenSignatureIsInvalid
InternetExplorer/AllowSuggestedSites @@ -1051,19 +1051,19 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/AllowsRestrictedSitesZoneTemplate
- InternetExplorer/CheckServerCertificateRevocation + InternetExplorer/CheckServerCertificateRevocation
- InternetExplorer/CheckSignaturesOnDownloadedPrograms + InternetExplorer/CheckSignaturesOnDownloadedPrograms
- InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses + InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses
InternetExplorer/DisableAdobeFlash
- InternetExplorer/DisableBlockingOfOutdatedActiveXControls + InternetExplorer/DisableBlockingOfOutdatedActiveXControls
InternetExplorer/DisableBypassOfSmartScreenWarnings @@ -1072,16 +1072,16 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles
- InternetExplorer/DisableConfiguringHistory + InternetExplorer/DisableConfiguringHistory
- InternetExplorer/DisableCrashDetection + InternetExplorer/DisableCrashDetection
InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation
- InternetExplorer/DisableDeletingUserVisitedWebsites + InternetExplorer/DisableDeletingUserVisitedWebsites
InternetExplorer/DisableEnclosureDownloading @@ -1099,13 +1099,13 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/DisableHomePageChange
- InternetExplorer/DisableIgnoringCertificateErrors + InternetExplorer/DisableIgnoringCertificateErrors
- InternetExplorer/DisableInPrivateBrowsing + InternetExplorer/DisableInPrivateBrowsing
- InternetExplorer/DisableProcessesInEnhancedProtectedMode + InternetExplorer/DisableProcessesInEnhancedProtectedMode
InternetExplorer/DisableProxyChange @@ -1117,13 +1117,13 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/DisableSecondaryHomePageChange
- InternetExplorer/DisableSecuritySettingsCheck + InternetExplorer/DisableSecuritySettingsCheck
InternetExplorer/DisableUpdateCheck
- InternetExplorer/DoNotAllowActiveXControlsInProtectedMode + InternetExplorer/DoNotAllowActiveXControlsInProtectedMode
InternetExplorer/DoNotAllowUsersToAddSites @@ -1153,10 +1153,10 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads
- InternetExplorer/InternetZoneAllowCopyPasteViaScript + InternetExplorer/InternetZoneAllowCopyPasteViaScript
- InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles + InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles
InternetExplorer/InternetZoneAllowFontDownloads @@ -1165,22 +1165,22 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/InternetZoneAllowLessPrivilegedSites
- InternetExplorer/InternetZoneAllowLoadingOfXAMLFilesWRONG + InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles
InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents
- InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls + InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls
- InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl + InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl
- InternetExplorer/InternetZoneAllowScriptInitiatedWindows + InternetExplorer/InternetZoneAllowScriptInitiatedWindows
- InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls + InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls
InternetExplorer/InternetZoneAllowScriptlets @@ -1189,76 +1189,70 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/InternetZoneAllowSmartScreenIE
- InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript + InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript
InternetExplorer/InternetZoneAllowUserDataPersistence
- InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG1 + InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls
- InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG2 + InternetExplorer/InternetZoneDownloadSignedActiveXControls
- InternetExplorer/InternetZoneDownloadSignedActiveXControls + InternetExplorer/InternetZoneDownloadUnsignedActiveXControls
- InternetExplorer/InternetZoneDownloadUnsignedActiveXControls + InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter
- InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter + InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
- InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows + InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows
- InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows + InternetExplorer/InternetZoneEnableMIMESniffing
- InternetExplorer/InternetZoneEnableMIMESniffing + InternetExplorer/InternetZoneEnableProtectedMode
- InternetExplorer/InternetZoneEnableProtectedMode -
-
- InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer + InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer
InternetExplorer/InternetZoneInitializeAndScriptActiveXControls
- InternetExplorer/InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe + InternetExplorer/InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe
- InternetExplorer/InternetZoneJavaPermissionsWRONG1 + InternetExplorer/InternetZoneJavaPermissions
- InternetExplorer/InternetZoneJavaPermissionsWRONG2 + InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME
- InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME -
-
- InternetExplorer/InternetZoneLogonOptions + InternetExplorer/InternetZoneLogonOptions
InternetExplorer/InternetZoneNavigateWindowsAndFrames
- InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsNotSignedWithAuthenticode + InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsNotSignedWithAuthenticode
- InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode + InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
- InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles + InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles
- InternetExplorer/InternetZoneUsePopupBlocker + InternetExplorer/InternetZoneUsePopupBlocker
- InternetExplorer/InternetZoneWebsitesInLessPrivilegedZonesCanNavigateIntoThisZone + InternetExplorer/InternetZoneWebsitesInLessPrivilegedZonesCanNavigateIntoThisZone
InternetExplorer/IntranetZoneAllowAccessToDataSources @@ -1287,9 +1281,18 @@ The following diagram shows the Policy configuration service provider in tree fo
InternetExplorer/IntranetZoneAllowUserDataPersistence
+
+ InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls +
InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls
+
+ InternetExplorer/IntranetZoneInitializeAndScriptActiveXControlsNotMarkedSafe +
+
+ InternetExplorer/IntranetZoneJavaPermissions +
InternetExplorer/IntranetZoneNavigateWindowsAndFrames
@@ -1321,13 +1324,13 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/LocalMachineZoneAllowUserDataPersistence
- InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls + InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls
InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls
- InternetExplorer/LocalMachineZoneJavaPermissions + InternetExplorer/LocalMachineZoneJavaPermissions
InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames @@ -1363,7 +1366,7 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls
- InternetExplorer/LockedDownInternetZoneJavaPermissions + InternetExplorer/LockedDownInternetZoneJavaPermissions
InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames @@ -1432,7 +1435,7 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls
- InternetExplorer/LockedDownLocalMachineZoneJavaPermissions + InternetExplorer/LockedDownLocalMachineZoneJavaPermissions
InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames @@ -1468,7 +1471,7 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls
- InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions + InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions
InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames @@ -1504,43 +1507,43 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls
- InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions + InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions
InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames
- InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses + InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses
- InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses + InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses
- InternetExplorer/NotificationBarInternetExplorerProcesses + InternetExplorer/NotificationBarInternetExplorerProcesses
- InternetExplorer/PreventManagingSmartScreenFilter + InternetExplorer/PreventManagingSmartScreenFilter
- InternetExplorer/PreventPerUserInstallationOfActiveXControls + InternetExplorer/PreventPerUserInstallationOfActiveXControls
- InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses + InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses
- InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls + InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls
- InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses + InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses
- InternetExplorer/RestrictFileDownloadInternetExplorerProcesses + InternetExplorer/RestrictFileDownloadInternetExplorerProcesses
InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources
- InternetExplorer/RestrictedSitesZoneAllowActiveScripting + InternetExplorer/RestrictedSitesZoneAllowActiveScripting
InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls @@ -1549,49 +1552,43 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads
- InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors + InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors
- InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript + InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript
- InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles + InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles
- InternetExplorer/RestrictedSitesZoneAllowFileDownloads + InternetExplorer/RestrictedSitesZoneAllowFileDownloads
InternetExplorer/RestrictedSitesZoneAllowFontDownloads
-
- InternetExplorer/RestrictedSitesZoneAllowFontDownloadsWRONG1 -
-
- InternetExplorer/RestrictedSitesZoneAllowFontDownloadsWRONG2 -
InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites
- InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles + InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles
- InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH + InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH
InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents
- InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls + InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls
- InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl + InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl
- InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows + InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows
- InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls + InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls
InternetExplorer/RestrictedSitesZoneAllowScriptlets @@ -1600,85 +1597,88 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE
- InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript + InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript
InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence
- InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls + InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls
- InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls + InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls
- InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls + InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls
- InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows + InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter
- InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows + InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
- InternetExplorer/RestrictedSitesZoneEnableMIMESniffing + InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows
- InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer + InternetExplorer/RestrictedSitesZoneEnableMIMESniffing +
+
+ InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer
InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls
- InternetExplorer/RestrictedSitesZoneJavaPermissions + InternetExplorer/RestrictedSitesZoneJavaPermissions
- InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME + InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME
- InternetExplorer/RestrictedSitesZoneLogonOptions + InternetExplorer/RestrictedSitesZoneLogonOptions
InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames
- InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFramesAcrossDomains + InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFramesAcrossDomains
- InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins + InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins
- InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode + InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
- InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting + InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting
- InternetExplorer/RestrictedSitesZoneWRONG + InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets
- InternetExplorer/RestrictedSitesZoneWRONG2 + InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles
- InternetExplorer/RestrictedSitesZoneWRONG3 + InternetExplorer/RestrictedSitesZoneTurnOnCrossSiteScriptingFilter
- InternetExplorer/RestrictedSitesZoneWRONG4 + InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode
- InternetExplorer/RestrictedSitesZoneWRONG5 + InternetExplorer/RestrictedSitesZoneUsePopupBlocker
- InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses + InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses
InternetExplorer/SearchProviderList
- InternetExplorer/SecurityZonesUseOnlyMachineSettings + InternetExplorer/SecurityZonesUseOnlyMachineSettings
- InternetExplorer/SpecifyUseOfActiveXInstallerService + InternetExplorer/SpecifyUseOfActiveXInstallerService
InternetExplorer/TrustedSitesZoneAllowAccessToDataSources @@ -1707,21 +1707,27 @@ The following diagram shows the Policy configuration service provider in tree fo
InternetExplorer/TrustedSitesZoneAllowUserDataPersistence
+
+ InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls +
+
+ InternetExplorer/TrustedSitesZoneDontRunAntimalwareProgramsAgainstActiveXControls +
InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls
- InternetExplorer/TrustedSitesZoneJavaPermissions + InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControlsNotMarkedAsSafe +
+
+ InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControlsNotMarkedSafe +
+
+ InternetExplorer/TrustedSitesZoneJavaPermissions
InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames
-
- InternetExplorer/TrustedSitesZoneWRONG1 -
-
- InternetExplorer/TrustedSitesZoneWRONG2 -
### Kerberos policies @@ -1872,7 +1878,7 @@ The following diagram shows the Policy configuration service provider in tree fo Printers/PointAndPrintRestrictions
- Printers/PointAndPrintRestrictions_User + Printers/PointAndPrintRestrictions_User
Printers/PublishPrinters @@ -2153,49 +2159,49 @@ The following diagram shows the Policy configuration service provider in tree fo
- RemoteManagement/AllowBasicAuthentication_Client + RemoteManagement/AllowBasicAuthentication_Client
- RemoteManagement/AllowBasicAuthentication_Service + RemoteManagement/AllowBasicAuthentication_Service
- RemoteManagement/AllowCredSSPAuthenticationClient + RemoteManagement/AllowCredSSPAuthenticationClient
- RemoteManagement/AllowCredSSPAuthenticationService + RemoteManagement/AllowCredSSPAuthenticationService
- RemoteManagement/AllowRemoteServerManagement + RemoteManagement/AllowRemoteServerManagement
- RemoteManagement/AllowUnencryptedTraffic_Client + RemoteManagement/AllowUnencryptedTraffic_Client
- RemoteManagement/AllowUnencryptedTraffic_Service + RemoteManagement/AllowUnencryptedTraffic_Service
- RemoteManagement/DisallowDigestAuthentication + RemoteManagement/DisallowDigestAuthentication
- RemoteManagement/DisallowNegotiateAuthenticationClient + RemoteManagement/DisallowNegotiateAuthenticationClient
- RemoteManagement/DisallowNegotiateAuthenticationService + RemoteManagement/DisallowNegotiateAuthenticationService
- RemoteManagement/DisallowStoringOfRunAsCredentials + RemoteManagement/DisallowStoringOfRunAsCredentials
- RemoteManagement/SpecifyChannelBindingTokenHardeningLevel + RemoteManagement/SpecifyChannelBindingTokenHardeningLevel
- RemoteManagement/TrustedHosts + RemoteManagement/TrustedHosts
- RemoteManagement/TurnOnCompatibilityHTTPListener + RemoteManagement/TurnOnCompatibilityHTTPListener
- RemoteManagement/TurnOnCompatibilityHTTPSListener + RemoteManagement/TurnOnCompatibilityHTTPSListener
@@ -2214,25 +2220,25 @@ The following diagram shows the Policy configuration service provider in tree fo
- RemoteShell/AllowRemoteShellAccess + RemoteShell/AllowRemoteShellAccess
- RemoteShell/MaxConcurrentUsers + RemoteShell/MaxConcurrentUsers
- RemoteShell/SpecifyIdleTimeout + RemoteShell/SpecifyIdleTimeout
- RemoteShell/SpecifyMaxMemory + RemoteShell/SpecifyMaxMemory
- RemoteShell/SpecifyMaxProcesses + RemoteShell/SpecifyMaxProcesses
- RemoteShell/SpecifyMaxRemoteShells + RemoteShell/SpecifyMaxRemoteShells
- RemoteShell/SpecifyShellTimeout + RemoteShell/SpecifyShellTimeout
@@ -2635,13 +2641,13 @@ The following diagram shows the Policy configuration service provider in tree fo Update/PauseFeatureUpdates
- Update/PauseFeatureUpdatesStartTime + Update/PauseFeatureUpdatesStartTime
Update/PauseQualityUpdates
- Update/PauseQualityUpdatesStartTime + Update/PauseQualityUpdatesStartTime
Update/RequireDeferUpgrade @@ -2752,18 +2758,17 @@ The following diagram shows the Policy configuration service provider in tree fo
WindowsDefenderSecurityCenter/EnableCustomizedToasts
-
+
WindowsDefenderSecurityCenter/EnableInAppCustomization
WindowsDefenderSecurityCenter/Phone
-
+
WindowsDefenderSecurityCenter/URL
- ### WindowsInkWorkspace policies
@@ -2802,7 +2807,7 @@ The following diagram shows the Policy configuration service provider in tree fo WirelessDisplay/AllowProjectionToPC
- WirelessDisplay/AllowProjectionToPCOverInfrastructure + WirelessDisplay/AllowProjectionToPCOverInfrastructure
WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver @@ -2813,7 +2818,7 @@ The following diagram shows the Policy configuration service provider in tree fo
-## ADMX backed policies +## ADMX-backed policies - [ActiveXControls/ApprovedInstallationSites](./policy-csp-activexcontrols.md#activexcontrols-approvedinstallationsites) - [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient) @@ -2833,7 +2838,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [AppVirtualization/PublishingAllowServer3](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver3) - [AppVirtualization/PublishingAllowServer4](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver4) - [AppVirtualization/PublishingAllowServer5](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver5) -- [AppVirtualization/StreamingAllowCertificateFilterForClient_SSL](./policy-csp-appvirtualization.md#appvirtualization-streamingallowcertificatefilterforclient_ssl) +- [AppVirtualization/StreamingAllowCertificateFilterForClient_SSL](./policy-csp-appvirtualization.md#appvirtualization-streamingallowcertificatefilterforclient-ssl) - [AppVirtualization/StreamingAllowHighCostLaunch](./policy-csp-appvirtualization.md#appvirtualization-streamingallowhighcostlaunch) - [AppVirtualization/StreamingAllowLocationProvider](./policy-csp-appvirtualization.md#appvirtualization-streamingallowlocationprovider) - [AppVirtualization/StreamingAllowPackageInstallationRoot](./policy-csp-appvirtualization.md#appvirtualization-streamingallowpackageinstallationroot) @@ -2850,12 +2855,12 @@ The following diagram shows the Policy configuration service provider in tree fo - [Autoplay/DisallowAutoplayForNonVolumeDevices](./policy-csp-autoplay.md#autoplay-disallowautoplayfornonvolumedevices) - [Autoplay/SetDefaultAutoRunBehavior](./policy-csp-autoplay.md#autoplay-setdefaultautorunbehavior) - [Autoplay/TurnOffAutoPlay](./policy-csp-autoplay.md#autoplay-turnoffautoplay) -- [Cellular/ShowAppCellularAccessUI](./policy-csp-cellular.md#None) -- [Connectivity/DiablePrintingOverHTTP](./policy-csp-connectivity.md#None) -- [Connectivity/DisableDownloadingOfPrintDriversOverHTTP](./policy-csp-connectivity.md#None) -- [Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards](./policy-csp-connectivity.md#None) +- [Cellular/ShowAppCellularAccessUI](./policy-csp-cellular.md#cellular-showappcellularaccessui) +- [Connectivity/DiablePrintingOverHTTP](./policy-csp-connectivity.md#connectivity-diableprintingoverhttp) +- [Connectivity/DisableDownloadingOfPrintDriversOverHTTP](./policy-csp-connectivity.md#connectivity-disabledownloadingofprintdriversoverhttp) +- [Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards](./policy-csp-connectivity.md#connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards) - [Connectivity/HardenedUNCPaths](./policy-csp-connectivity.md#connectivity-hardeneduncpaths) -- [Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge](./policy-csp-connectivity.md#None) +- [Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge](./policy-csp-connectivity.md#connectivity-prohibitinstallationandconfigurationofnetworkbridge) - [CredentialProviders/AllowPINLogon](./policy-csp-credentialproviders.md#credentialproviders-allowpinlogon) - [CredentialProviders/BlockPicturePassword](./policy-csp-credentialproviders.md#credentialproviders-blockpicturepassword) - [CredentialsUI/DisablePasswordReveal](./policy-csp-credentialsui.md#credentialsui-disablepasswordreveal) @@ -2878,13 +2883,13 @@ The following diagram shows the Policy configuration service provider in tree fo - [InternetExplorer/AddSearchProvider](./policy-csp-internetexplorer.md#internetexplorer-addsearchprovider) - [InternetExplorer/AllowActiveXFiltering](./policy-csp-internetexplorer.md#internetexplorer-allowactivexfiltering) - [InternetExplorer/AllowAddOnList](./policy-csp-internetexplorer.md#internetexplorer-allowaddonlist) -- [InternetExplorer/AllowAutoComplete](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/AllowCertificateAddressMismatchWarning](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/AllowDeletingBrowsingHistoryOnExit](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/AllowAutoComplete](./policy-csp-internetexplorer.md#internetexplorer-allowautocomplete) +- [InternetExplorer/AllowCertificateAddressMismatchWarning](./policy-csp-internetexplorer.md#internetexplorer-allowcertificateaddressmismatchwarning) +- [InternetExplorer/AllowDeletingBrowsingHistoryOnExit](./policy-csp-internetexplorer.md#internetexplorer-allowdeletingbrowsinghistoryonexit) - [InternetExplorer/AllowEnhancedProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-allowenhancedprotectedmode) - [InternetExplorer/AllowEnterpriseModeFromToolsMenu](./policy-csp-internetexplorer.md#internetexplorer-allowenterprisemodefromtoolsmenu) - [InternetExplorer/AllowEnterpriseModeSiteList](./policy-csp-internetexplorer.md#internetexplorer-allowenterprisemodesitelist) -- [InternetExplorer/AllowFallbackToSSL3](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/AllowFallbackToSSL3](./policy-csp-internetexplorer.md#internetexplorer-allowfallbacktossl3) - [InternetExplorer/AllowInternetExplorer7PolicyList](./policy-csp-internetexplorer.md#internetexplorer-allowinternetexplorer7policylist) - [InternetExplorer/AllowInternetExplorerStandardsMode](./policy-csp-internetexplorer.md#internetexplorer-allowinternetexplorerstandardsmode) - [InternetExplorer/AllowInternetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowinternetzonetemplate) @@ -2896,36 +2901,36 @@ The following diagram shows the Policy configuration service provider in tree fo - [InternetExplorer/AllowLockedDownRestrictedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownrestrictedsiteszonetemplate) - [InternetExplorer/AllowOneWordEntry](./policy-csp-internetexplorer.md#internetexplorer-allowonewordentry) - [InternetExplorer/AllowSiteToZoneAssignmentList](./policy-csp-internetexplorer.md#internetexplorer-allowsitetozoneassignmentlist) -- [InternetExplorer/AllowSoftwareWhenSignatureIsInvalid](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/AllowSoftwareWhenSignatureIsInvalid](./policy-csp-internetexplorer.md#internetexplorer-allowsoftwarewhensignatureisinvalid) - [InternetExplorer/AllowSuggestedSites](./policy-csp-internetexplorer.md#internetexplorer-allowsuggestedsites) - [InternetExplorer/AllowTrustedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowtrustedsiteszonetemplate) - [InternetExplorer/AllowsLockedDownTrustedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowslockeddowntrustedsiteszonetemplate) - [InternetExplorer/AllowsRestrictedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowsrestrictedsiteszonetemplate) -- [InternetExplorer/CheckServerCertificateRevocation](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/CheckSignaturesOnDownloadedPrograms](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/CheckServerCertificateRevocation](./policy-csp-internetexplorer.md#internetexplorer-checkservercertificaterevocation) +- [InternetExplorer/CheckSignaturesOnDownloadedPrograms](./policy-csp-internetexplorer.md#internetexplorer-checksignaturesondownloadedprograms) +- [InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-consistentmimehandlinginternetexplorerprocesses) - [InternetExplorer/DisableAdobeFlash](./policy-csp-internetexplorer.md#internetexplorer-disableadobeflash) -- [InternetExplorer/DisableBlockingOfOutdatedActiveXControls](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/DisableBlockingOfOutdatedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-disableblockingofoutdatedactivexcontrols) - [InternetExplorer/DisableBypassOfSmartScreenWarnings](./policy-csp-internetexplorer.md#internetexplorer-disablebypassofsmartscreenwarnings) - [InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles](./policy-csp-internetexplorer.md#internetexplorer-disablebypassofsmartscreenwarningsaboutuncommonfiles) -- [InternetExplorer/DisableConfiguringHistory](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/DisableCrashDetection](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/DisableConfiguringHistory](./policy-csp-internetexplorer.md#internetexplorer-disableconfiguringhistory) +- [InternetExplorer/DisableCrashDetection](./policy-csp-internetexplorer.md#internetexplorer-disablecrashdetection) - [InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation](./policy-csp-internetexplorer.md#internetexplorer-disablecustomerexperienceimprovementprogramparticipation) -- [InternetExplorer/DisableDeletingUserVisitedWebsites](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/DisableDeletingUserVisitedWebsites](./policy-csp-internetexplorer.md#internetexplorer-disabledeletinguservisitedwebsites) - [InternetExplorer/DisableEnclosureDownloading](./policy-csp-internetexplorer.md#internetexplorer-disableenclosuredownloading) - [InternetExplorer/DisableEncryptionSupport](./policy-csp-internetexplorer.md#internetexplorer-disableencryptionsupport) - [InternetExplorer/DisableFirstRunWizard](./policy-csp-internetexplorer.md#internetexplorer-disablefirstrunwizard) - [InternetExplorer/DisableFlipAheadFeature](./policy-csp-internetexplorer.md#internetexplorer-disableflipaheadfeature) - [InternetExplorer/DisableHomePageChange](./policy-csp-internetexplorer.md#internetexplorer-disablehomepagechange) -- [InternetExplorer/DisableIgnoringCertificateErrors](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/DisableInPrivateBrowsing](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/DisableProcessesInEnhancedProtectedMode](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/DisableIgnoringCertificateErrors](./policy-csp-internetexplorer.md#internetexplorer-disableignoringcertificateerrors) +- [InternetExplorer/DisableInPrivateBrowsing](./policy-csp-internetexplorer.md#internetexplorer-disableinprivatebrowsing) +- [InternetExplorer/DisableProcessesInEnhancedProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-disableprocessesinenhancedprotectedmode) - [InternetExplorer/DisableProxyChange](./policy-csp-internetexplorer.md#internetexplorer-disableproxychange) - [InternetExplorer/DisableSearchProviderChange](./policy-csp-internetexplorer.md#internetexplorer-disablesearchproviderchange) - [InternetExplorer/DisableSecondaryHomePageChange](./policy-csp-internetexplorer.md#internetexplorer-disablesecondaryhomepagechange) -- [InternetExplorer/DisableSecuritySettingsCheck](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/DisableSecuritySettingsCheck](./policy-csp-internetexplorer.md#internetexplorer-disablesecuritysettingscheck) - [InternetExplorer/DisableUpdateCheck](./policy-csp-internetexplorer.md#internetexplorer-disableupdatecheck) -- [InternetExplorer/DoNotAllowActiveXControlsInProtectedMode](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/DoNotAllowActiveXControlsInProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-donotallowactivexcontrolsinprotectedmode) - [InternetExplorer/DoNotAllowUsersToAddSites](./policy-csp-internetexplorer.md#internetexplorer-donotallowuserstoaddsites) - [InternetExplorer/DoNotAllowUsersToChangePolicies](./policy-csp-internetexplorer.md#internetexplorer-donotallowuserstochangepolicies) - [InternetExplorer/DoNotBlockOutdatedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-donotblockoutdatedactivexcontrols) @@ -2935,42 +2940,39 @@ The following diagram shows the Policy configuration service provider in tree fo - [InternetExplorer/InternetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowaccesstodatasources) - [InternetExplorer/InternetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowautomaticpromptingforactivexcontrols) - [InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowautomaticpromptingforfiledownloads) -- [InternetExplorer/InternetZoneAllowCopyPasteViaScript](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/InternetZoneAllowCopyPasteViaScript](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowcopypasteviascript) +- [InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowdraganddropcopyandpastefiles) - [InternetExplorer/InternetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowfontdownloads) - [InternetExplorer/InternetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowlessprivilegedsites) -- [InternetExplorer/InternetZoneAllowLoadingOfXAMLFilesWRONG](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowloadingofxamlfiles) - [InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallownetframeworkreliantcomponents) -- [InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneAllowScriptInitiatedWindows](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowonlyapproveddomainstouseactivexcontrols) +- [InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowonlyapproveddomainstousetdcactivexcontrol) +- [InternetExplorer/InternetZoneAllowScriptInitiatedWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptinitiatedwindows) +- [InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptingofinternetexplorerwebbrowsercontrols) - [InternetExplorer/InternetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptlets) - [InternetExplorer/InternetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowsmartscreenie) -- [InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowupdatestostatusbarviascript) - [InternetExplorer/InternetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowuserdatapersistence) -- [InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG1](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG2](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneEnableMIMESniffing](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneEnableProtectedMode](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedonotrunantimalwareagainstactivexcontrols) +- [InternetExplorer/InternetZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedownloadsignedactivexcontrols) +- [InternetExplorer/InternetZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedownloadunsignedactivexcontrols) +- [InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenablecrosssitescriptingfilter) +- [InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenabledraggingofcontentfromdifferentdomainsacrosswindows) +- [InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenabledraggingofcontentfromdifferentdomainswithinwindows) +- [InternetExplorer/InternetZoneEnableMIMESniffing](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenablemimesniffing) +- [InternetExplorer/InternetZoneEnableProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenableprotectedmode) +- [InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer](./policy-csp-internetexplorer.md#internetexplorer-internetzoneincludelocalpathwhenuploadingfilestoserver) - [InternetExplorer/InternetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneinitializeandscriptactivexcontrols) -- [InternetExplorer/InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneJavaPermissionsWRONG1](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneJavaPermissionsWRONG2](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneLogonOptions](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/InternetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-internetzonejavapermissions) +- [InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME](./policy-csp-internetexplorer.md#internetexplorer-internetzonelaunchingapplicationsandfilesiniframe) +- [InternetExplorer/InternetZoneLogonOptions](./policy-csp-internetexplorer.md#internetexplorer-internetzonelogonoptions) - [InternetExplorer/InternetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-internetzonenavigatewindowsandframes) -- [InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsNotSignedWithAuthenticode](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneUsePopupBlocker](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneWebsitesInLessPrivilegedZonesCanNavigateIntoThisZone](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsNotSignedWithAuthenticode](./policy-csp-internetexplorer.md#internetexplorer-internetzonerunnetframeworkreliantcomponentsnotsignedwithauthenticode) +- [InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](./policy-csp-internetexplorer.md#internetexplorer-internetzonerunnetframeworkreliantcomponentssignedwithauthenticode) +- [InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneshowsecuritywarningforpotentiallyunsafefiles) +- [InternetExplorer/InternetZoneUsePopupBlocker](./policy-csp-internetexplorer.md#internetexplorer-internetzoneusepopupblocker) +- [InternetExplorer/InternetZoneWebsitesInLessPrivilegedZonesCanNavigateIntoThisZone](./policy-csp-internetexplorer.md#internetexplorer-internetzonewebsitesinlessprivilegedzonescannavigateintothiszone) - [InternetExplorer/IntranetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowaccesstodatasources) - [InternetExplorer/IntranetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowautomaticpromptingforactivexcontrols) - [InternetExplorer/IntranetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowautomaticpromptingforfiledownloads) @@ -2980,7 +2982,10 @@ The following diagram shows the Policy configuration service provider in tree fo - [InternetExplorer/IntranetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowscriptlets) - [InternetExplorer/IntranetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowsmartscreenie) - [InternetExplorer/IntranetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowuserdatapersistence) +- [InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzonedonotrunantimalwareagainstactivexcontrols) - [InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneinitializeandscriptactivexcontrols) +- [InternetExplorer/IntranetZoneInitializeAndScriptActiveXControlsNotMarkedSafe](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneinitializeandscriptactivexcontrolsnotmarkedsafe) +- [InternetExplorer/IntranetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-intranetzonejavapermissions) - [InternetExplorer/IntranetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-intranetzonenavigatewindowsandframes) - [InternetExplorer/LocalMachineZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowaccesstodatasources) - [InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowautomaticpromptingforactivexcontrols) @@ -2991,9 +2996,9 @@ The following diagram shows the Policy configuration service provider in tree fo - [InternetExplorer/LocalMachineZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowscriptlets) - [InternetExplorer/LocalMachineZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowsmartscreenie) - [InternetExplorer/LocalMachineZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowuserdatapersistence) -- [InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonedonotrunantimalwareagainstactivexcontrols) - [InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneinitializeandscriptactivexcontrols) -- [InternetExplorer/LocalMachineZoneJavaPermissions](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/LocalMachineZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonejavapermissions) - [InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonenavigatewindowsandframes) - [InternetExplorer/LockedDownInternetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowaccesstodatasources) - [InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowautomaticpromptingforactivexcontrols) @@ -3005,7 +3010,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowsmartscreenie) - [InternetExplorer/LockedDownInternetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowuserdatapersistence) - [InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneinitializeandscriptactivexcontrols) -- [InternetExplorer/LockedDownInternetZoneJavaPermissions](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/LockedDownInternetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzonejavapermissions) - [InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzonenavigatewindowsandframes) - [InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowaccesstodatasources) - [InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowautomaticpromptingforactivexcontrols) @@ -3028,7 +3033,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [InternetExplorer/LockedDownLocalMachineZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowsmartscreenie) - [InternetExplorer/LockedDownLocalMachineZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowuserdatapersistence) - [InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneinitializeandscriptactivexcontrols) -- [InternetExplorer/LockedDownLocalMachineZoneJavaPermissions](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/LockedDownLocalMachineZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezonejavapermissions) - [InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezonenavigatewindowsandframes) - [InternetExplorer/LockedDownRestrictedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowaccesstodatasources) - [InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowautomaticpromptingforactivexcontrols) @@ -3040,7 +3045,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowsmartscreenie) - [InternetExplorer/LockedDownRestrictedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowuserdatapersistence) - [InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneinitializeandscriptactivexcontrols) -- [InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszonejavapermissions) - [InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszonenavigatewindowsandframes) - [InternetExplorer/LockedDownTrustedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowaccesstodatasources) - [InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowautomaticpromptingforactivexcontrols) @@ -3052,64 +3057,64 @@ The following diagram shows the Policy configuration service provider in tree fo - [InternetExplorer/LockedDownTrustedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowsmartscreenie) - [InternetExplorer/LockedDownTrustedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowuserdatapersistence) - [InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneinitializeandscriptactivexcontrols) -- [InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszonejavapermissions) - [InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszonenavigatewindowsandframes) -- [InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/NotificationBarInternetExplorerProcesses](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/PreventManagingSmartScreenFilter](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/PreventPerUserInstallationOfActiveXControls](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictFileDownloadInternetExplorerProcesses](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-mkprotocolsecurityrestrictioninternetexplorerprocesses) +- [InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-mimesniffingsafetyfeatureinternetexplorerprocesses) +- [InternetExplorer/NotificationBarInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-notificationbarinternetexplorerprocesses) +- [InternetExplorer/PreventManagingSmartScreenFilter](./policy-csp-internetexplorer.md#internetexplorer-preventmanagingsmartscreenfilter) +- [InternetExplorer/PreventPerUserInstallationOfActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-preventperuserinstallationofactivexcontrols) +- [InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-protectionfromzoneelevationinternetexplorerprocesses) +- [InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-removerunthistimebuttonforoutdatedactivexcontrols) +- [InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-restrictactivexinstallinternetexplorerprocesses) +- [InternetExplorer/RestrictFileDownloadInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-restrictfiledownloadinternetexplorerprocesses) - [InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowaccesstodatasources) -- [InternetExplorer/RestrictedSitesZoneAllowActiveScripting](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/RestrictedSitesZoneAllowActiveScripting](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowactivescripting) - [InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowautomaticpromptingforactivexcontrols) - [InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowautomaticpromptingforfiledownloads) -- [InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneAllowFileDownloads](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneAllowFontDownloadsWRONG1](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneAllowFontDownloadsWRONG2](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowbinaryandscriptbehaviors) +- [InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowcopypasteviascript) +- [InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowdraganddropcopyandpastefiles) +- [InternetExplorer/RestrictedSitesZoneAllowFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowfiledownloads) +- [InternetExplorer/RestrictedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowfontdownloads) - [InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowlessprivilegedsites) -- [InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowloadingofxamlfiles) +- [InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowmetarefresh) - [InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallownetframeworkreliantcomponents) -- [InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowonlyapproveddomainstouseactivexcontrols) +- [InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowonlyapproveddomainstousetdcactivexcontrol) +- [InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptinitiatedwindows) +- [InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptingofinternetexplorerwebbrowsercontrols) - [InternetExplorer/RestrictedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptlets) - [InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowsmartscreenie) -- [InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowupdatestostatusbarviascript) - [InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowuserdatapersistence) -- [InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneEnableMIMESniffing](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedonotrunantimalwareagainstactivexcontrols) +- [InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedownloadsignedactivexcontrols) +- [InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedownloadunsignedactivexcontrols) +- [InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenablecrosssitescriptingfilter) +- [InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenabledraggingofcontentfromdifferentdomainsacrosswindows) +- [InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenabledraggingofcontentfromdifferentdomainswithinwindows) +- [InternetExplorer/RestrictedSitesZoneEnableMIMESniffing](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenablemimesniffing) +- [InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneincludelocalpathwhenuploadingfilestoserver) - [InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneinitializeandscriptactivexcontrols) -- [InternetExplorer/RestrictedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneLogonOptions](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/RestrictedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonejavapermissions) +- [InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonelaunchingapplicationsandfilesiniframe) +- [InternetExplorer/RestrictedSitesZoneLogonOptions](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonelogonoptions) - [InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonenavigatewindowsandframes) -- [InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFramesAcrossDomains](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneWRONG](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneWRONG2](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneWRONG3](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneWRONG4](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneWRONG5](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFramesAcrossDomains](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonenavigatewindowsandframesacrossdomains) +- [InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonerunactivexcontrolsandplugins) +- [InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonerunnetframeworkreliantcomponentssignedwithauthenticode) +- [InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonescriptactivexcontrolsmarkedsafeforscripting) +- [InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonescriptingofjavaapplets) +- [InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneshowsecuritywarningforpotentiallyunsafefiles) +- [InternetExplorer/RestrictedSitesZoneTurnOnCrossSiteScriptingFilter](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneturnoncrosssitescriptingfilter) +- [InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneturnonprotectedmode) +- [InternetExplorer/RestrictedSitesZoneUsePopupBlocker](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneusepopupblocker) +- [InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-scriptedwindowsecurityrestrictionsinternetexplorerprocesses) - [InternetExplorer/SearchProviderList](./policy-csp-internetexplorer.md#internetexplorer-searchproviderlist) -- [InternetExplorer/SecurityZonesUseOnlyMachineSettings](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/SpecifyUseOfActiveXInstallerService](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/SecurityZonesUseOnlyMachineSettings](./policy-csp-internetexplorer.md#internetexplorer-securityzonesuseonlymachinesettings) +- [InternetExplorer/SpecifyUseOfActiveXInstallerService](./policy-csp-internetexplorer.md#internetexplorer-specifyuseofactivexinstallerservice) - [InternetExplorer/TrustedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowaccesstodatasources) - [InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowautomaticpromptingforactivexcontrols) - [InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowautomaticpromptingforfiledownloads) @@ -3119,11 +3124,13 @@ The following diagram shows the Policy configuration service provider in tree fo - [InternetExplorer/TrustedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowscriptlets) - [InternetExplorer/TrustedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowsmartscreenie) - [InternetExplorer/TrustedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowuserdatapersistence) +- [InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonedonotrunantimalwareagainstactivexcontrols) +- [InternetExplorer/TrustedSitesZoneDontRunAntimalwareProgramsAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonedontrunantimalwareprogramsagainstactivexcontrols) - [InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneinitializeandscriptactivexcontrols) -- [InternetExplorer/TrustedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControlsNotMarkedAsSafe](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneinitializeandscriptactivexcontrolsnotmarkedassafe) +- [InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControlsNotMarkedSafe](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneinitializeandscriptactivexcontrolsnotmarkedsafe) +- [InternetExplorer/TrustedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonejavapermissions) - [InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonenavigatewindowsandframes) -- [InternetExplorer/TrustedSitesZoneWRONG1](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/TrustedSitesZoneWRONG2](./policy-csp-internetexplorer.md#None) - [Kerberos/AllowForestSearchOrder](./policy-csp-kerberos.md#kerberos-allowforestsearchorder) - [Kerberos/KerberosClientSupportsClaimsCompoundArmor](./policy-csp-kerberos.md#kerberos-kerberosclientsupportsclaimscompoundarmor) - [Kerberos/RequireKerberosArmoring](./policy-csp-kerberos.md#kerberos-requirekerberosarmoring) @@ -3139,7 +3146,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Power/StandbyTimeoutOnBattery](./policy-csp-power.md#power-standbytimeoutonbattery) - [Power/StandbyTimeoutPluggedIn](./policy-csp-power.md#power-standbytimeoutpluggedin) - [Printers/PointAndPrintRestrictions](./policy-csp-printers.md#printers-pointandprintrestrictions) -- [Printers/PointAndPrintRestrictions_User](./policy-csp-printers.md#printers-pointandprintrestrictions_user) +- [Printers/PointAndPrintRestrictions_User](./policy-csp-printers.md#printers-pointandprintrestrictions-user) - [Printers/PublishPrinters](./policy-csp-printers.md#printers-publishprinters) - [RemoteAssistance/CustomizeWarningMessages](./policy-csp-remoteassistance.md#remoteassistance-customizewarningmessages) - [RemoteAssistance/SessionLogging](./policy-csp-remoteassistance.md#remoteassistance-sessionlogging) @@ -3151,30 +3158,30 @@ The following diagram shows the Policy configuration service provider in tree fo - [RemoteDesktopServices/DoNotAllowPasswordSaving](./policy-csp-remotedesktopservices.md#remotedesktopservices-donotallowpasswordsaving) - [RemoteDesktopServices/PromptForPasswordUponConnection](./policy-csp-remotedesktopservices.md#remotedesktopservices-promptforpassworduponconnection) - [RemoteDesktopServices/RequireSecureRPCCommunication](./policy-csp-remotedesktopservices.md#remotedesktopservices-requiresecurerpccommunication) -- [RemoteManagement/AllowBasicAuthentication_Client](./policy-csp-remotemanagement.md#None) -- [RemoteManagement/AllowBasicAuthentication_Service](./policy-csp-remotemanagement.md#None) -- [RemoteManagement/AllowCredSSPAuthenticationClient](./policy-csp-remotemanagement.md#None) -- [RemoteManagement/AllowCredSSPAuthenticationService](./policy-csp-remotemanagement.md#None) -- [RemoteManagement/AllowRemoteServerManagement](./policy-csp-remotemanagement.md#None) -- [RemoteManagement/AllowUnencryptedTraffic_Client](./policy-csp-remotemanagement.md#None) -- [RemoteManagement/AllowUnencryptedTraffic_Service](./policy-csp-remotemanagement.md#None) -- [RemoteManagement/DisallowDigestAuthentication](./policy-csp-remotemanagement.md#None) -- [RemoteManagement/DisallowNegotiateAuthenticationClient](./policy-csp-remotemanagement.md#None) -- [RemoteManagement/DisallowNegotiateAuthenticationService](./policy-csp-remotemanagement.md#None) -- [RemoteManagement/DisallowStoringOfRunAsCredentials](./policy-csp-remotemanagement.md#None) -- [RemoteManagement/SpecifyChannelBindingTokenHardeningLevel](./policy-csp-remotemanagement.md#None) -- [RemoteManagement/TrustedHosts](./policy-csp-remotemanagement.md#None) -- [RemoteManagement/TurnOnCompatibilityHTTPListener](./policy-csp-remotemanagement.md#None) -- [RemoteManagement/TurnOnCompatibilityHTTPSListener](./policy-csp-remotemanagement.md#None) +- [RemoteManagement/AllowBasicAuthentication_Client](./policy-csp-remotemanagement.md#remotemanagement-allowbasicauthentication-client) +- [RemoteManagement/AllowBasicAuthentication_Service](./policy-csp-remotemanagement.md#remotemanagement-allowbasicauthentication-service) +- [RemoteManagement/AllowCredSSPAuthenticationClient](./policy-csp-remotemanagement.md#remotemanagement-allowcredsspauthenticationclient) +- [RemoteManagement/AllowCredSSPAuthenticationService](./policy-csp-remotemanagement.md#remotemanagement-allowcredsspauthenticationservice) +- [RemoteManagement/AllowRemoteServerManagement](./policy-csp-remotemanagement.md#remotemanagement-allowremoteservermanagement) +- [RemoteManagement/AllowUnencryptedTraffic_Client](./policy-csp-remotemanagement.md#remotemanagement-allowunencryptedtraffic-client) +- [RemoteManagement/AllowUnencryptedTraffic_Service](./policy-csp-remotemanagement.md#remotemanagement-allowunencryptedtraffic-service) +- [RemoteManagement/DisallowDigestAuthentication](./policy-csp-remotemanagement.md#remotemanagement-disallowdigestauthentication) +- [RemoteManagement/DisallowNegotiateAuthenticationClient](./policy-csp-remotemanagement.md#remotemanagement-disallownegotiateauthenticationclient) +- [RemoteManagement/DisallowNegotiateAuthenticationService](./policy-csp-remotemanagement.md#remotemanagement-disallownegotiateauthenticationservice) +- [RemoteManagement/DisallowStoringOfRunAsCredentials](./policy-csp-remotemanagement.md#remotemanagement-disallowstoringofrunascredentials) +- [RemoteManagement/SpecifyChannelBindingTokenHardeningLevel](./policy-csp-remotemanagement.md#remotemanagement-specifychannelbindingtokenhardeninglevel) +- [RemoteManagement/TrustedHosts](./policy-csp-remotemanagement.md#remotemanagement-trustedhosts) +- [RemoteManagement/TurnOnCompatibilityHTTPListener](./policy-csp-remotemanagement.md#remotemanagement-turnoncompatibilityhttplistener) +- [RemoteManagement/TurnOnCompatibilityHTTPSListener](./policy-csp-remotemanagement.md#remotemanagement-turnoncompatibilityhttpslistener) - [RemoteProcedureCall/RPCEndpointMapperClientAuthentication](./policy-csp-remoteprocedurecall.md#remoteprocedurecall-rpcendpointmapperclientauthentication) - [RemoteProcedureCall/RestrictUnauthenticatedRPCClients](./policy-csp-remoteprocedurecall.md#remoteprocedurecall-restrictunauthenticatedrpcclients) -- [RemoteShell/AllowRemoteShellAccess](./policy-csp-remoteshell.md#None) -- [RemoteShell/MaxConcurrentUsers](./policy-csp-remoteshell.md#None) -- [RemoteShell/SpecifyIdleTimeout](./policy-csp-remoteshell.md#None) -- [RemoteShell/SpecifyMaxMemory](./policy-csp-remoteshell.md#None) -- [RemoteShell/SpecifyMaxProcesses](./policy-csp-remoteshell.md#None) -- [RemoteShell/SpecifyMaxRemoteShells](./policy-csp-remoteshell.md#None) -- [RemoteShell/SpecifyShellTimeout](./policy-csp-remoteshell.md#None) +- [RemoteShell/AllowRemoteShellAccess](./policy-csp-remoteshell.md#remoteshell-allowremoteshellaccess) +- [RemoteShell/MaxConcurrentUsers](./policy-csp-remoteshell.md#remoteshell-maxconcurrentusers) +- [RemoteShell/SpecifyIdleTimeout](./policy-csp-remoteshell.md#remoteshell-specifyidletimeout) +- [RemoteShell/SpecifyMaxMemory](./policy-csp-remoteshell.md#remoteshell-specifymaxmemory) +- [RemoteShell/SpecifyMaxProcesses](./policy-csp-remoteshell.md#remoteshell-specifymaxprocesses) +- [RemoteShell/SpecifyMaxRemoteShells](./policy-csp-remoteshell.md#remoteshell-specifymaxremoteshells) +- [RemoteShell/SpecifyShellTimeout](./policy-csp-remoteshell.md#remoteshell-specifyshelltimeout) - [Storage/EnhancedStorageDevices](./policy-csp-storage.md#storage-enhancedstoragedevices) - [System/BootStartDriverInitialization](./policy-csp-system.md#system-bootstartdriverinitialization) - [System/DisableSystemRestore](./policy-csp-system.md#system-disablesystemrestore) @@ -3202,13 +3209,18 @@ The following diagram shows the Policy configuration service provider in tree fo - [Browser/EnterpriseSiteListServiceUrl](#browser-enterprisesitelistserviceurl) - [Browser/SendIntranetTraffictoInternetExplorer](#browser-sendintranettraffictointernetexplorer) - [Camera/AllowCamera](#camera-allowcamera) +- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui) - [Connectivity/AllowBluetooth](#connectivity-allowbluetooth) - [Connectivity/AllowCellularDataRoaming](#connectivity-allowcellulardataroaming) - [Connectivity/AllowNFC](#connectivity-allownfc) - [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection) - [Connectivity/AllowVPNOverCellular](#connectivity-allowvpnovercellular) - [Connectivity/AllowVPNRoamingOverCellular](#connectivity-allowvpnroamingovercellular) +- [Connectivity/DiablePrintingOverHTTP](#connectivity-diableprintingoverhttp) +- [Connectivity/DisableDownloadingOfPrintDriversOverHTTP](#connectivity-disabledownloadingofprintdriversoverhttp) +- [Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards](#connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards) - [Connectivity/HardenedUNCPaths](#connectivity-hardeneduncpaths) +- [Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge](#connectivity-prohibitinstallationandconfigurationofnetworkbridge) - [CredentialProviders/AllowPINLogon](#credentialproviders-allowpinlogon) - [CredentialProviders/BlockPicturePassword](#credentialproviders-blockpicturepassword) - [DataProtection/AllowDirectMemoryAccess](#dataprotection-allowdirectmemoryaccess) @@ -3313,7 +3325,8 @@ The following diagram shows the Policy configuration service provider in tree fo - [Browser/PreventSmartScreenPromptOverrideForFiles](#browser-preventsmartscreenpromptoverrideforfiles) - [Browser/SetDefaultSearchEngine](#browser-setdefaultsearchengine) - [Camera/AllowCamera](#camera-allowcamera) -- [ConfigOperations/ADMXInstall](#None) +- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui) +- [ConfigOperations/ADMXInstall](#configoperations-admxinstall) - [Connectivity/AllowBluetooth](#connectivity-allowbluetooth) - [Connectivity/AllowConnectedDevices](#connectivity-allowconnecteddevices) - [Cryptography/AllowFipsAlgorithmPolicy](#cryptography-allowfipsalgorithmpolicy) @@ -3361,7 +3374,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [DeliveryOptimization/DOMonthlyUploadDataCap](#deliveryoptimization-domonthlyuploaddatacap) - [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](#deliveryoptimization-dopercentagemaxdownloadbandwidth) - [Desktop/PreventUserRedirectionOfProfileFolders](#desktop-preventuserredirectionofprofilefolders) -- [DeviceGuard/AllowKernelControlFlowGuard](#None) +- [DeviceGuard/AllowKernelControlFlowGuard](#deviceguard-allowkernelcontrolflowguard) - [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo) - [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps) - [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](#privacy-letappsgetdiagnosticinfo-forcedenytheseapps) @@ -3386,9 +3399,9 @@ The following diagram shows the Policy configuration service provider in tree fo - [TextInput/ExcludeJapaneseIMEExceptJIS0208](#textinput-excludejapaneseimeexceptjis0208) - [TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC](#textinput-excludejapaneseimeexceptjis0208andeudc) - [TextInput/ExcludeJapaneseIMEExceptShiftJIS](#textinput-excludejapaneseimeexceptshiftjis) -- [TimeLanguageSettings/Set24HourClock](#None) -- [TimeLanguageSettings/SetCountry](#None) -- [TimeLanguageSettings/SetLanguage](#None) +- [TimeLanguageSettings/Set24HourClock](#timelanguagesettings-set24hourclock) +- [TimeLanguageSettings/SetCountry](#timelanguagesettings-setcountry) +- [TimeLanguageSettings/SetLanguage](#timelanguagesettings-setlanguage) - [Update/AllowAutoUpdate](#update-allowautoupdate) - [Update/AllowUpdateService](#update-allowupdateservice) - [Update/AutoRestartNotificationSchedule](#update-autorestartnotificationschedule) @@ -3412,6 +3425,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Browser/AllowBrowser](#browser-allowbrowser) - [Camera/AllowCamera](#camera-allowcamera) +- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui) - [Connectivity/AllowBluetooth](#connectivity-allowbluetooth) - [Connectivity/AllowCellularDataRoaming](#connectivity-allowcellulardataroaming) - [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection) diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md index 125546ca2b..5b1b04014f 100644 --- a/windows/client-management/mdm/policy-csp-abovelock.md +++ b/windows/client-management/mdm/policy-csp-abovelock.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - AboveLock diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md index 8e3cbf0a9f..321173c109 100644 --- a/windows/client-management/mdm/policy-csp-accounts.md +++ b/windows/client-management/mdm/policy-csp-accounts.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Accounts diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md index e2cb16c774..ecf8c1bd88 100644 --- a/windows/client-management/mdm/policy-csp-activexcontrols.md +++ b/windows/client-management/mdm/policy-csp-activexcontrols.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - ActiveXControls @@ -35,11 +36,11 @@ author: nickbrower cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -54,6 +55,13 @@ If you disable or do not configure this policy setting, ActiveX controls prompt Note: Wild card characters cannot be used when specifying the host URLs. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Approved Installation Sites for ActiveX Controls* diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index bf34e7343f..1611634651 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - ApplicationDefaults diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index 805e786817..04487cf2a4 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - ApplicationManagement diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md index 3aaaa8966e..b0b817880f 100644 --- a/windows/client-management/mdm/policy-csp-appvirtualization.md +++ b/windows/client-management/mdm/policy-csp-appvirtualization.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - AppVirtualization @@ -35,11 +36,11 @@ author: nickbrower cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -48,6 +49,13 @@ author: nickbrower This policy setting allows you to enable or disable Microsoft Application Virtualization (App-V) feature. Reboot is needed for disable to take effect. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Enable App-V Client* @@ -73,11 +81,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -86,6 +94,13 @@ ADMX Info: Enables Dynamic Virtualization of supported shell extensions, browser helper objects, and ActiveX controls. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Enable Dynamic Virtualization* @@ -111,11 +126,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -124,6 +139,13 @@ ADMX Info: Enables automatic cleanup of appv packages that were added after Windows10 anniversary release. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Enable automatic cleanup of unused appv packages* @@ -149,11 +171,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -162,6 +184,13 @@ ADMX Info: Enables scripts defined in the package manifest of configuration files that should run. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Enable Package Scripts* @@ -187,11 +216,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -200,6 +229,13 @@ ADMX Info: Enables a UX to display to the user when a publishing refresh is performed on the client. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Enable Publishing Refresh UX* @@ -225,11 +261,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -248,6 +284,13 @@ Data Cache Limit: This value specifies the maximum size in megabytes (MB) of the Data Block Size: This value specifies the maximum size in bytes to transmit to the server at once on a reporting upload, to avoid permanent transmission failures when the log has reached a significant size. The default value is 65536. When transmitting report data to the server, one block at a time of application records that is less than or equal to the block size in bytes of XML data will be removed from the cache and sent to the server. Each block will have the general Client data and global package list data prepended, and these will not factor into the block size calculations; the potential exists for an extremely large package list to result in transmission failures over low bandwidth or unreliable connections. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Reporting Server* @@ -273,11 +316,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -286,6 +329,13 @@ ADMX Info: Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /FILEEXCLUSIONLIST='desktop;my pictures'. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Roaming File Exclusions* @@ -311,11 +361,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -324,6 +374,13 @@ ADMX Info: Specifies the registry paths that do not roam with a user profile. Example usage: /REGISTRYEXCLUSIONLIST=software\classes;software\clients. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Roaming Registry Exclusions* @@ -349,11 +406,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -362,6 +419,13 @@ ADMX Info: Specifies how new packages should be loaded automatically by App-V on a specific computer. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Specify what to load in background (aka AutoLoad)* @@ -387,11 +451,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -400,6 +464,13 @@ ADMX Info: Migration mode allows the App-V client to modify shortcuts and FTA's for packages created using a previous version of App-V. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Enable Migration Mode* @@ -425,11 +496,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -438,6 +509,13 @@ ADMX Info: Specifies the location where symbolic links are created to the current version of a per-user published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %localappdata%\Microsoft\AppV\Client\Integration. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Integration Root User* @@ -463,11 +541,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -476,6 +554,13 @@ ADMX Info: Specifies the location where symbolic links are created to the current version of a globally published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %allusersprofile%\Microsoft\AppV\Client\Integration. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Integration Root Global* @@ -501,11 +586,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -532,6 +617,13 @@ User Publishing Refresh Interval: Specifies the publishing refresh interval usin User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Publishing Server 1 Settings* @@ -557,11 +649,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -588,6 +680,13 @@ User Publishing Refresh Interval: Specifies the publishing refresh interval usin User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Publishing Server 2 Settings* @@ -613,11 +712,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -644,6 +743,13 @@ User Publishing Refresh Interval: Specifies the publishing refresh interval usin User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Publishing Server 3 Settings* @@ -669,11 +775,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -700,6 +806,13 @@ User Publishing Refresh Interval: Specifies the publishing refresh interval usin User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Publishing Server 4 Settings* @@ -725,11 +838,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -756,6 +869,13 @@ User Publishing Refresh Interval: Specifies the publishing refresh interval usin User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Publishing Server 5 Settings* @@ -765,7 +885,7 @@ ADMX Info: -**AppVirtualization/StreamingAllowCertificateFilterForClient_SSL** +**AppVirtualization/StreamingAllowCertificateFilterForClient_SSL** @@ -781,11 +901,11 @@ ADMX Info: - - + +
cross mark check markcheck mark check mark check mark check markcross markcross mark
@@ -794,6 +914,13 @@ ADMX Info: Specifies the path to a valid certificate in the certificate store. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Certificate Filter For Client SSL* @@ -819,11 +946,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -832,6 +959,13 @@ ADMX Info: This setting controls whether virtualized applications are launched on Windows 8 machines connected via a metered network connection (e.g. 4G). +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection* @@ -857,11 +991,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -870,6 +1004,13 @@ ADMX Info: Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Location Provider* @@ -895,11 +1036,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -908,6 +1049,13 @@ ADMX Info: Specifies directory where all new applications and updates will be installed. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Package Installation Root* @@ -933,11 +1081,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -946,6 +1094,13 @@ ADMX Info: Overrides source location for downloading package content. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Package Source Root* @@ -971,11 +1126,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -984,6 +1139,13 @@ ADMX Info: Specifies the number of seconds between attempts to reestablish a dropped session. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Reestablishment Interval* @@ -1009,11 +1171,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -1022,6 +1184,13 @@ ADMX Info: Specifies the number of times to retry a dropped session. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Reestablishment Retries* @@ -1047,11 +1216,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -1060,6 +1229,13 @@ ADMX Info: Specifies that streamed package contents will be not be saved to the local hard disk. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Shared Content Store (SCS) mode* @@ -1085,11 +1261,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -1098,6 +1274,13 @@ ADMX Info: If enabled, the App-V client will support BrancheCache compatible HTTP streaming. If BranchCache support is not desired, this should be disabled. The client can then apply HTTP optimizations which are incompatible with BranchCache +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Enable Support for BranchCache* @@ -1123,11 +1306,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -1136,6 +1319,13 @@ ADMX Info: Verifies Server certificate revocation status before streaming using HTTPS. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Verify certificate revocation list* @@ -1161,11 +1351,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -1174,6 +1364,13 @@ ADMX Info: Specifies a list of process paths (may contain wildcards) which are candidates for using virtual components (shell extensions, browser helper objects, etc). Only processes whose full path matches one of these items can use virtual components. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Virtual Component Process Allow List* diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md index 16d1409a9a..5d23ee3459 100644 --- a/windows/client-management/mdm/policy-csp-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - AttachmentManager @@ -35,11 +36,11 @@ author: nickbrower cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -54,6 +55,13 @@ If you disable this policy setting, Windows marks file attachments with their zo If you do not configure this policy setting, Windows marks file attachments with their zone information. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Do not preserve zone information in file attachments* @@ -79,11 +87,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -98,6 +106,13 @@ If you disable this policy setting, Windows shows the check box and Unblock butt If you do not configure this policy setting, Windows hides the check box and Unblock button. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Hide mechanisms to remove zone information* @@ -123,11 +138,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -142,6 +157,13 @@ If you disable this policy setting, Windows does not call the registered antivir If you do not configure this policy setting, Windows does not call the registered antivirus programs when file attachments are opened. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Notify antivirus programs when opening attachments* diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index a3abf1e90d..d6e687ff2b 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Authentication diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md index 94426589fc..8d520d5bf1 100644 --- a/windows/client-management/mdm/policy-csp-autoplay.md +++ b/windows/client-management/mdm/policy-csp-autoplay.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Autoplay @@ -33,13 +34,13 @@ author: nickbrower Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -52,6 +53,13 @@ If you enable this policy setting, AutoPlay is not allowed for MTP devices like If you disable or do not configure this policy setting, AutoPlay is enabled for non-volume devices. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Disallow Autoplay for non-volume devices* @@ -75,13 +83,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -103,6 +111,13 @@ b) Revert back to pre-Windows Vista behavior of automatically executing the auto If you disable or not configure this policy setting, Windows Vista or later will prompt the user whether autorun command is to be run. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Set the default behavior for AutoRun* @@ -126,13 +141,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -155,6 +170,13 @@ If you disable or do not configure this policy setting, AutoPlay is enabled. Note: This policy setting appears in both the Computer Configuration and User Configuration folders. If the policy settings conflict, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off Autoplay* diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md index c4a361dbf8..d400b459dc 100644 --- a/windows/client-management/mdm/policy-csp-bitlocker.md +++ b/windows/client-management/mdm/policy-csp-bitlocker.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Bitlocker diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index c4f2efa69b..36f22b68f0 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Bluetooth diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index ac21e5988b..1f89d48fa9 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Browser diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md index 052c9a0190..827c761526 100644 --- a/windows/client-management/mdm/policy-csp-camera.md +++ b/windows/client-management/mdm/policy-csp-camera.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Camera diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md index 2eacb78000..099237a30b 100644 --- a/windows/client-management/mdm/policy-csp-cellular.md +++ b/windows/client-management/mdm/policy-csp-cellular.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Cellular @@ -19,10 +20,40 @@ author: nickbrower ## Cellular policies -**Cellular/ShowAppCellularAccessUI** +**Cellular/ShowAppCellularAccessUI** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Set Per-App Cellular Access UI Visibility* @@ -41,3 +72,21 @@ Footnote: + +## Cellular policies that can be set using Exchange Active Sync (EAS) + +- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui) + + + +## Cellular policies supported by IoT Core + +- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui) + + + +## Cellular policies supported by Microsoft Surface Hub + +- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui) + + diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index 76654d609a..4e608da6c7 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Connectivity @@ -349,10 +350,40 @@ author: nickbrower -**Connectivity/DiablePrintingOverHTTP** +**Connectivity/DiablePrintingOverHTTP** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off printing over HTTP* @@ -362,10 +393,40 @@ ADMX Info: -**Connectivity/DisableDownloadingOfPrintDriversOverHTTP** +**Connectivity/DisableDownloadingOfPrintDriversOverHTTP** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off downloading of print drivers over HTTP* @@ -375,10 +436,40 @@ ADMX Info: -**Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards** +**Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off Internet download for Web publishing and online ordering wizards* @@ -404,11 +495,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -419,6 +510,13 @@ This policy setting configures secure access to UNC paths. If you enable this policy, Windows only allows access to the specified UNC paths after fulfilling additional security requirements. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Hardened UNC Paths* @@ -428,10 +526,40 @@ ADMX Info: -**Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge** +**Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prohibit installation and configuration of Network Bridge on your DNS domain network* @@ -473,7 +601,11 @@ Footnote: - [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection) - [Connectivity/AllowVPNOverCellular](#connectivity-allowvpnovercellular) - [Connectivity/AllowVPNRoamingOverCellular](#connectivity-allowvpnroamingovercellular) +- [Connectivity/DiablePrintingOverHTTP](#connectivity-diableprintingoverhttp) +- [Connectivity/DisableDownloadingOfPrintDriversOverHTTP](#connectivity-disabledownloadingofprintdriversoverhttp) +- [Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards](#connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards) - [Connectivity/HardenedUNCPaths](#connectivity-hardeneduncpaths) +- [Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge](#connectivity-prohibitinstallationandconfigurationofnetworkbridge) diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md index cc99642fbc..66d1f6d390 100644 --- a/windows/client-management/mdm/policy-csp-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-credentialproviders.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - CredentialProviders @@ -35,11 +36,11 @@ author: nickbrower cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -56,6 +57,13 @@ Note: The user's domain password will be cached in the system vault when using t To configure Windows Hello for Business, use the Administrative Template policies under Windows Hello for Business. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on convenience PIN sign-in* @@ -81,11 +89,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -100,6 +108,13 @@ If you disable or don't configure this policy setting, a domain user can set up Note that the user's domain password will be cached in the system vault when using this feature. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off picture password sign-in* diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md index e51c7be1c8..c99d68a5fe 100644 --- a/windows/client-management/mdm/policy-csp-credentialsui.md +++ b/windows/client-management/mdm/policy-csp-credentialsui.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - CredentialsUI @@ -34,10 +35,10 @@ author: nickbrower cross mark - check mark3 - check mark3 - check mark3 - check mark3 + check mark + check mark + check mark + check mark cross mark cross mark @@ -56,6 +57,13 @@ By default, the password reveal button is displayed after a user types a passwor The policy applies to all Windows components and applications that use the Windows system controls, including Internet Explorer. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Do not display the password reveal button* @@ -80,10 +88,10 @@ ADMX Info: cross mark - check mark3 - check mark3 - check mark3 - check mark3 + check mark + check mark + check mark + check mark cross mark cross mark @@ -98,6 +106,13 @@ If you enable this policy setting, all local administrator accounts on the PC wi If you disable this policy setting, users will always be required to type a user name and password to elevate. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Enumerate administrator accounts on elevation* diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md index b010cfdbb9..28837af17c 100644 --- a/windows/client-management/mdm/policy-csp-cryptography.md +++ b/windows/client-management/mdm/policy-csp-cryptography.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Cryptography diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md index 418361ef03..e520e4612f 100644 --- a/windows/client-management/mdm/policy-csp-dataprotection.md +++ b/windows/client-management/mdm/policy-csp-dataprotection.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - DataProtection diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md index 54687bcb5c..decc54ee81 100644 --- a/windows/client-management/mdm/policy-csp-datausage.md +++ b/windows/client-management/mdm/policy-csp-datausage.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - DataUsage @@ -33,9 +34,9 @@ author: nickbrower Mobile Enterprise + cross mark check mark check mark - check mark check mark cross mark @@ -58,6 +59,13 @@ If this policy setting is enabled, a drop-down list box presenting possible cost If this policy setting is disabled or is not configured, the cost of 3G connections is Fixed by default. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Set 3G Cost* @@ -81,9 +89,9 @@ ADMX Info: Mobile Enterprise + cross mark check mark check mark - check mark check mark cross mark @@ -106,6 +114,13 @@ If this policy setting is enabled, a drop-down list box presenting possible cost If this policy setting is disabled or is not configured, the cost of 4G connections is Fixed by default. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Set 4G Cost* diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index 9fdbbe8095..d694a6c0f7 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Defender diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index bcd687b62f..830147907b 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - DeliveryOptimization diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md index 1a2b0575d1..2a09f78ddf 100644 --- a/windows/client-management/mdm/policy-csp-desktop.md +++ b/windows/client-management/mdm/policy-csp-desktop.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Desktop @@ -34,10 +35,10 @@ author: nickbrower cross mark - check mark1 - - check mark1 - check mark1 + check mark + check mark + check mark + check mark cross mark cross mark @@ -52,6 +53,13 @@ By default, a user can change the location of their individual profile folders l If you enable this setting, users are unable to type a new location in the Target box. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prohibit User from manually redirecting Profile Folders* diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md index a33fac0efa..f104ff82b3 100644 --- a/windows/client-management/mdm/policy-csp-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-deviceguard.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - DeviceGuard @@ -142,6 +143,6 @@ Footnote: ## DeviceGuard policies supported by Microsoft Surface Hub -- [DeviceGuard/AllowKernelControlFlowGuard](#None) +- [DeviceGuard/AllowKernelControlFlowGuard](#deviceguard-allowkernelcontrolflowguard) diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md index 6fe4218008..4f4b4d25d5 100644 --- a/windows/client-management/mdm/policy-csp-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - DeviceInstallation @@ -34,10 +35,10 @@ author: nickbrower cross mark - cross mark - cross mark - check mark3 - check mark3 + check mark + check mark + check mark + check mark cross mark cross mark @@ -52,6 +53,13 @@ If you enable this policy setting, Windows is prevented from installing a device If you disable or do not configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prevent installation of devices that match any of these device IDs* @@ -76,10 +84,10 @@ ADMX Info: cross mark - cross mark - cross mark - check mark3 - check mark3 + check mark + check mark + check mark + check mark cross mark cross mark @@ -94,6 +102,13 @@ If you enable this policy setting, Windows is prevented from installing or updat If you disable or do not configure this policy setting, Windows can install and update devices as allowed or prevented by other policy settings. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prevent installation of devices using drivers that match these device setup classes* diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index 6aedca4af1..8ac0f11942 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - DeviceLock @@ -738,13 +739,13 @@ The number of authentication failures allowed before the device will be wiped. A Mobile Enterprise - check mark - check mark - + cross mark check mark check mark check mark check mark + cross mark + cross mark @@ -757,6 +758,13 @@ By default, users can enable a slide show that will run after they lock the mach If you enable this setting, users will no longer be able to modify slide show settings in PC Settings, and no slide show will ever start. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prevent enabling lock screen slide show* diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md index 142be5ef59..c10d926963 100644 --- a/windows/client-management/mdm/policy-csp-display.md +++ b/windows/client-management/mdm/policy-csp-display.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Display diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md index 76c623cf52..6a10e6f365 100644 --- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md +++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - EnterpriseCloudPrint diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md index 9420ab52aa..800c8ac975 100644 --- a/windows/client-management/mdm/policy-csp-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-errorreporting.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - ErrorReporting @@ -34,12 +35,12 @@ author: nickbrower cross mark - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -62,6 +63,13 @@ If you enable this policy setting, you can add specific event types to a list by If you disable or do not configure this policy setting, then the default consent settings that are applied are those specified by the user in Control Panel, or in the Configure Default Consent policy setting. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Customize consent settings* @@ -86,12 +94,12 @@ ADMX Info: cross mark - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -104,6 +112,13 @@ If you enable this policy setting, Windows Error Reporting does not send any pro If you disable or do not configure this policy setting, the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings takes precedence. If Turn off Windows Error Reporting is also either disabled or not configured, user settings in Control Panel for Windows Error Reporting are applied. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Disable Windows Error Reporting* @@ -128,12 +143,12 @@ ADMX Info: cross mark - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -150,6 +165,13 @@ If you do not configure this policy setting, users can change this setting in Co See also the Configure Error Reporting policy setting. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Display Error Notification* @@ -174,12 +196,12 @@ ADMX Info: cross mark - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -192,6 +214,13 @@ If you enable this policy setting, any additional data requests from Microsoft i If you disable or do not configure this policy setting, then consent policy settings in Computer Configuration/Administrative Templates/Windows Components/Windows Error Reporting/Consent take precedence. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Do not send additional data* @@ -216,12 +245,12 @@ ADMX Info: cross mark - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -234,6 +263,13 @@ If you enable this policy setting, Windows Error Reporting does not display any If you disable or do not configure this policy setting, Windows Error Reporting displays the user interface for critical errors. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prevent display of the user interface for critical errors* diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md index a7d3d8bcf3..a1f5c9527e 100644 --- a/windows/client-management/mdm/policy-csp-eventlogservice.md +++ b/windows/client-management/mdm/policy-csp-eventlogservice.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - EventLogService @@ -34,12 +35,12 @@ author: nickbrower cross mark - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -54,6 +55,13 @@ If you disable or do not configure this policy setting and a log file reaches it Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Control Event Log behavior when the log file reaches its maximum size* @@ -78,12 +86,12 @@ ADMX Info: cross mark - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -96,6 +104,13 @@ If you enable this policy setting, you can configure the maximum log file size t If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Specify the maximum log file size (KB)* @@ -120,12 +135,12 @@ ADMX Info: cross mark - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -138,6 +153,13 @@ If you enable this policy setting, you can configure the maximum log file size t If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Specify the maximum log file size (KB)* @@ -162,12 +184,12 @@ ADMX Info: cross mark - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -180,6 +202,13 @@ If you enable this policy setting, you can configure the maximum log file size t If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Specify the maximum log file size (KB)* diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index d0a5edf221..80029f2e95 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Experience diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md index 65d798cab5..2ee49e217d 100644 --- a/windows/client-management/mdm/policy-csp-games.md +++ b/windows/client-management/mdm/policy-csp-games.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Games diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index 096bb1b61b..b5377f7a59 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/16/2017 --- # Policy CSP - InternetExplorer @@ -33,13 +34,13 @@ author: nickbrower Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -52,6 +53,13 @@ If you enable this policy setting, the user can add and remove search providers, If you disable or do not configure this policy setting, the user can configure their list of search providers unless another policy setting restricts such configuration. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Add a specific list of search providers to the user's list of search providers* @@ -75,13 +83,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -94,6 +102,13 @@ If you enable this policy setting, ActiveX Filtering is enabled by default for t If you disable or do not configure this policy setting, ActiveX Filtering is not enabled by default for the user. The user can turn ActiveX Filtering on or off. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on ActiveX Filtering* @@ -117,13 +132,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -142,6 +157,13 @@ Value - A number indicating whether Internet Explorer should deny or allow the a If you disable this policy setting, the list is deleted. The 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting will still determine whether add-ons not in this list are assumed to be denied. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Add-on List* @@ -151,10 +173,40 @@ ADMX Info: -**InternetExplorer/AllowAutoComplete** +**InternetExplorer/AllowAutoComplete** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on the auto-complete feature for user names and passwords on forms* @@ -164,10 +216,40 @@ ADMX Info: -**InternetExplorer/AllowCertificateAddressMismatchWarning** +**InternetExplorer/AllowCertificateAddressMismatchWarning** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on certificate address mismatch warning* @@ -177,10 +259,40 @@ ADMX Info: -**InternetExplorer/AllowDeletingBrowsingHistoryOnExit** +**InternetExplorer/AllowDeletingBrowsingHistoryOnExit** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow deleting browsing history on exit* @@ -204,13 +316,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -225,6 +337,13 @@ If you disable this policy setting, Enhanced Protected Mode will be turned off. If you do not configure this policy, users will be able to turn on or turn off Enhanced Protected Mode on the Advanced tab of the Internet Options dialog. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on Enhanced Protected Mode* @@ -248,13 +367,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -267,6 +386,13 @@ If you turn this setting on, users can see and use the Enterprise Mode option fr If you disable or don't configure this policy setting, the menu option won't appear and users won't be able to run websites in Enterprise Mode. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Let users turn on and use Enterprise Mode from the Tools menu* @@ -290,13 +416,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -309,6 +435,13 @@ If you enable this policy setting, Internet Explorer downloads the website list If you disable or don't configure this policy setting, Internet Explorer opens all websites using Standards mode. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Use the Enterprise Mode IE website list* @@ -318,10 +451,40 @@ ADMX Info: -**InternetExplorer/AllowFallbackToSSL3** +**InternetExplorer/AllowFallbackToSSL3** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow fallback to SSL 3.0 (Internet Explorer)* @@ -345,13 +508,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -364,6 +527,13 @@ If you enable this policy setting, the user can add and remove sites from the li If you disable or do not configure this policy setting, the user can add and remove sites from the list. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Use Policy List of Internet Explorer 7 sites* @@ -387,13 +557,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -408,6 +578,13 @@ If you disable this policy setting, Internet Explorer uses an Internet Explorer If you do not configure this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended) for local intranet content. Additionally, all local intranet Standards Mode pages appear in Internet Explorer 7 Standards Mode. This option results in the greatest compatibility with existing webpages, but newer content written to common Internet standards may be displayed incorrectly. This option matches the default behavior of Internet Explorer. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on Internet Explorer Standards Mode for local intranet* @@ -431,13 +608,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -456,6 +633,13 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Internet Zone Template* @@ -479,13 +663,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -504,6 +688,13 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Intranet Zone Template* @@ -527,13 +718,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -552,6 +743,13 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Local Machine Zone Template* @@ -575,13 +773,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -600,6 +798,13 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Locked-Down Internet Zone Template* @@ -623,13 +828,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -648,6 +853,13 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Locked-Down Intranet Zone Template* @@ -671,13 +883,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -696,6 +908,13 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Locked-Down Local Machine Zone Template* @@ -719,13 +938,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -744,6 +963,13 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Locked-Down Restricted Sites Zone Template* @@ -767,13 +993,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -786,6 +1012,13 @@ If you enable this policy setting, Internet Explorer goes directly to an intrane If you disable or do not configure this policy setting, Internet Explorer does not go directly to an intranet site for a one-word entry in the Address bar. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Go to an intranet site for a one-word entry in the Address bar* @@ -809,13 +1042,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -834,6 +1067,13 @@ Value - A number indicating the zone with which this site should be associated f If you disable or do not configure this policy, users may choose their own site-to-zone assignments. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Site to Zone Assignment List* @@ -843,10 +1083,40 @@ ADMX Info: -**InternetExplorer/AllowSoftwareWhenSignatureIsInvalid** +**InternetExplorer/AllowSoftwareWhenSignatureIsInvalid** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow software to run or install even if the signature is invalid* @@ -870,13 +1140,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -891,6 +1161,13 @@ If you disable this policy setting, the entry points and functionality associate If you do not configure this policy setting, the user can turn on and turn off the Suggested Sites feature. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on Suggested Sites* @@ -914,13 +1191,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -939,6 +1216,13 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Trusted Sites Zone Template* @@ -962,13 +1246,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -987,6 +1271,13 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Locked-Down Trusted Sites Zone Template* @@ -1010,13 +1301,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1035,6 +1326,13 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Restricted Sites Zone Template* @@ -1044,10 +1342,40 @@ ADMX Info: -**InternetExplorer/CheckServerCertificateRevocation** +**InternetExplorer/CheckServerCertificateRevocation** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Check for server certificate revocation* @@ -1057,10 +1385,40 @@ ADMX Info: -**InternetExplorer/CheckSignaturesOnDownloadedPrograms** +**InternetExplorer/CheckSignaturesOnDownloadedPrograms** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Check for signatures on downloaded programs* @@ -1070,10 +1428,40 @@ ADMX Info: -**InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses** +**InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Internet Explorer Processes* @@ -1097,13 +1485,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1118,6 +1506,13 @@ If you disable, or do not configure this policy setting, Flash is turned on for Note that Adobe Flash can still be disabled through the "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings, even if this policy setting is disabled, or not configured. However, if Adobe Flash is disabled through the "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings and not through this policy setting, all applications that use Internet Explorer technology to instantiate Flash object can still do so. For more information, see "Group Policy Settings in Internet Explorer 10" in the Internet Explorer TechNet library. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects* @@ -1127,10 +1522,40 @@ ADMX Info: -**InternetExplorer/DisableBlockingOfOutdatedActiveXControls** +**InternetExplorer/DisableBlockingOfOutdatedActiveXControls** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off blocking of outdated ActiveX controls for Internet Explorer* @@ -1154,13 +1579,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1173,6 +1598,13 @@ If you enable this policy setting, SmartScreen Filter warnings block the user. If you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prevent bypassing SmartScreen Filter warnings* @@ -1196,13 +1628,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1215,6 +1647,13 @@ If you enable this policy setting, SmartScreen Filter warnings block the user. If you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet* @@ -1224,10 +1663,40 @@ ADMX Info: -**InternetExplorer/DisableConfiguringHistory** +**InternetExplorer/DisableConfiguringHistory** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Disable "Configuring History"* @@ -1237,10 +1706,40 @@ ADMX Info: -**InternetExplorer/DisableCrashDetection** +**InternetExplorer/DisableCrashDetection** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off Crash Detection* @@ -1264,13 +1763,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1285,6 +1784,13 @@ If you disable this policy setting, the user must participate in the CEIP, and t If you do not configure this policy setting, the user can choose to participate in the CEIP. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prevent participation in the Customer Experience Improvement Program* @@ -1294,10 +1800,40 @@ ADMX Info: -**InternetExplorer/DisableDeletingUserVisitedWebsites** +**InternetExplorer/DisableDeletingUserVisitedWebsites** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prevent deleting websites that the user has visited* @@ -1321,13 +1857,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1340,6 +1876,13 @@ If you enable this policy setting, the user cannot set the Feed Sync Engine to d If you disable or do not configure this policy setting, the user can set the Feed Sync Engine to download an enclosure through the Feed property page. A developer can change the download setting through the Feed APIs. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prevent downloading of enclosures* @@ -1363,13 +1906,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1384,6 +1927,13 @@ If you disable or do not configure this policy setting, the user can select whic Note: SSL 2.0 is off by default and is no longer supported starting with Windows 10 Version 1607. SSL 2.0 is an outdated security protocol, and enabling SSL 2.0 impairs the performance and functionality of TLS 1.0. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off encryption support* @@ -1407,13 +1957,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1430,6 +1980,13 @@ Starting with Windows 8, the "Welcome to Internet Explorer" webpage is not avail If you disable or do not configure this policy setting, Internet Explorer may run the First Run wizard the first time the browser is started after installation. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prevent running First Run wizard* @@ -1453,13 +2010,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1476,6 +2033,13 @@ If you disable this policy setting, flip ahead with page prediction is turned on If you don't configure this setting, users can turn this behavior on or off, using the Settings charm. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off the flip ahead with page prediction feature* @@ -1499,13 +2063,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1518,6 +2082,13 @@ If you enable this policy setting, a user cannot set a custom default home page. If you disable or do not configure this policy setting, the Home page box is enabled and users can choose their own home page. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Disable changing home page settings* @@ -1527,10 +2098,40 @@ ADMX Info: -**InternetExplorer/DisableIgnoringCertificateErrors** +**InternetExplorer/DisableIgnoringCertificateErrors** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prevent ignoring certificate errors* @@ -1540,10 +2141,40 @@ ADMX Info: -**InternetExplorer/DisableInPrivateBrowsing** +**InternetExplorer/DisableInPrivateBrowsing** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off InPrivate Browsing* @@ -1553,10 +2184,40 @@ ADMX Info: -**InternetExplorer/DisableProcessesInEnhancedProtectedMode** +**InternetExplorer/DisableProcessesInEnhancedProtectedMode** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows* @@ -1580,13 +2241,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1599,6 +2260,13 @@ If you enable this policy setting, the user will not be able to configure proxy If you disable or do not configure this policy setting, the user can configure proxy settings. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prevent changing proxy settings* @@ -1622,13 +2290,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1641,6 +2309,13 @@ If you enable this policy setting, the user cannot change the default search pro If you disable or do not configure this policy setting, the user can change the default search provider. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prevent changing the default search provider* @@ -1664,13 +2339,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1685,6 +2360,13 @@ If you disable or do not configure this policy setting, the user can add seconda Note: If the Disable Changing Home Page Settings policy is enabled, the user cannot add secondary home pages. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Disable changing secondary home page settings* @@ -1694,10 +2376,40 @@ ADMX Info: -**InternetExplorer/DisableSecuritySettingsCheck** +**InternetExplorer/DisableSecuritySettingsCheck** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off the Security Settings Check feature* @@ -1721,13 +2433,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1742,6 +2454,13 @@ If you disable this policy or do not configure it, Internet Explorer checks ever This policy is intended to help the administrator maintain version control for Internet Explorer by preventing users from being notified about new versions of the browser. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Disable Periodic Check for Internet Explorer software updates* @@ -1751,10 +2470,40 @@ ADMX Info: -**InternetExplorer/DoNotAllowActiveXControlsInProtectedMode** +**InternetExplorer/DoNotAllowActiveXControlsInProtectedMode** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled* @@ -1778,13 +2527,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1803,6 +2552,13 @@ Note: The "Disable the Security page" policy (located in \User Configuration\Ad Also, see the "Security zones: Use only machine settings" policy. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Security Zones: Do not allow users to add/delete sites* @@ -1826,13 +2582,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1851,6 +2607,13 @@ Note: The "Disable the Security page" policy (located in \User Configuration\Adm Also, see the "Security zones: Use only machine settings" policy. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Security Zones: Do not allow users to change policies* @@ -1874,13 +2637,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1895,6 +2658,13 @@ If you disable or don't configure this policy setting, Internet Explorer continu For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off blocking of outdated ActiveX controls for Internet Explorer* @@ -1918,13 +2688,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1943,6 +2713,13 @@ If you disable or don't configure this policy setting, the list is deleted and I For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains* @@ -1966,13 +2743,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1987,6 +2764,13 @@ If you disable this policy setting, local sites which are not explicitly mapped If you do not configure this policy setting, users choose whether to force local sites into the Intranet Zone. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Intranet Sites: Include all local (intranet) sites not listed in other zones* @@ -2010,13 +2794,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -2031,6 +2815,13 @@ If you disable this policy setting, network paths are not necessarily mapped int If you do not configure this policy setting, users choose whether network paths are mapped into the Intranet Zone. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Intranet Sites: Include all network paths (UNCs)* @@ -2054,13 +2845,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -2075,6 +2866,13 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Access data sources across domains* @@ -2098,13 +2896,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -2119,6 +2917,13 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for ActiveX controls* @@ -2142,13 +2947,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -2161,6 +2966,13 @@ If you enable this setting, users will receive a file download dialog for automa If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for file downloads* @@ -2170,10 +2982,40 @@ ADMX Info: -**InternetExplorer/InternetZoneAllowCopyPasteViaScript** +**InternetExplorer/InternetZoneAllowCopyPasteViaScript** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow cut, copy or paste operations from the clipboard via script* @@ -2183,10 +3025,40 @@ ADMX Info: -**InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles** +**InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow drag and drop or copy and paste files* @@ -2210,13 +3082,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -2231,6 +3103,13 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow font downloads* @@ -2254,13 +3133,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -2275,6 +3154,13 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* @@ -2284,10 +3170,40 @@ ADMX Info: -**InternetExplorer/InternetZoneAllowLoadingOfXAMLFilesWRONG** +**InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow loading of XAML files* @@ -2311,13 +3227,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -2332,6 +3248,13 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will execute unsigned managed components. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* @@ -2341,49 +3264,169 @@ ADMX Info: -**InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls** +**InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow only approved domains to use ActiveX controls without prompt* -- GP name: *IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Intranet* +- GP name: *IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet* - GP ADMX file name: *inetres.admx* -**InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl** +**InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow only approved domains to use the TDC ActiveX control* -- GP name: *IZ_PolicyAllowTDCControl_Both_LocalMachine* +- GP name: *IZ_PolicyAllowTDCControl_Both_Internet* - GP ADMX file name: *inetres.admx* -**InternetExplorer/InternetZoneAllowScriptInitiatedWindows** +**InternetExplorer/InternetZoneAllowScriptInitiatedWindows** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow script-initiated windows without size or position constraints* -- GP name: *IZ_PolicyWindowsRestrictionsURLaction_6* +- GP name: *IZ_PolicyWindowsRestrictionsURLaction_1* - GP ADMX file name: *inetres.admx* -**InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls** +**InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow scripting of Internet Explorer WebBrowser controls* @@ -2407,13 +3450,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -2428,6 +3471,13 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow scriptlets* @@ -2451,13 +3501,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -2474,6 +3524,13 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on SmartScreen Filter scan* @@ -2483,10 +3540,40 @@ ADMX Info: -**InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript** +**InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow updates to status bar via script* @@ -2510,13 +3597,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -2531,6 +3618,13 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Userdata persistence* @@ -2540,10 +3634,40 @@ ADMX Info: -**InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG1** +**InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Don't run antimalware programs against ActiveX controls* @@ -2553,36 +3677,83 @@ ADMX Info: -**InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG2** +**InternetExplorer/InternetZoneDownloadSignedActiveXControls** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + - -ADMX Info: -- GP english name: *Don't run antimalware programs against ActiveX controls* -- GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_3* -- GP ADMX file name: *inetres.admx* +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - - - -**InternetExplorer/InternetZoneDownloadSignedActiveXControls** +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - ADMX Info: - GP english name: *Download signed ActiveX controls* -- GP name: *IZ_PolicyDownloadSignedActiveX_3* +- GP name: *IZ_PolicyDownloadSignedActiveX_1* - GP ADMX file name: *inetres.admx* -**InternetExplorer/InternetZoneDownloadUnsignedActiveXControls** +**InternetExplorer/InternetZoneDownloadUnsignedActiveXControls** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Download unsigned ActiveX controls* @@ -2592,23 +3763,83 @@ ADMX Info: -**InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter** +**InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on Cross-Site Scripting Filter* -- GP name: *IZ_PolicyTurnOnXSSFilter_Both_LocalMachine* +- GP name: *IZ_PolicyTurnOnXSSFilter_Both_Internet* - GP ADMX file name: *inetres.admx* -**InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows** +**InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Enable dragging of content from different domains across windows* @@ -2618,10 +3849,40 @@ ADMX Info: -**InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows** +**InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Enable dragging of content from different domains within a window* @@ -2631,10 +3892,40 @@ ADMX Info: -**InternetExplorer/InternetZoneEnableMIMESniffing** +**InternetExplorer/InternetZoneEnableMIMESniffing** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Enable MIME Sniffing* @@ -2644,23 +3935,83 @@ ADMX Info: -**InternetExplorer/InternetZoneEnableProtectedMode** +**InternetExplorer/InternetZoneEnableProtectedMode** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on Protected Mode* -- GP name: *IZ_Policy_TurnOnProtectedMode_2* +- GP name: *IZ_Policy_TurnOnProtectedMode_1* - GP ADMX file name: *inetres.admx* -**InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer** +**InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Include local path when user is uploading files to a server* @@ -2684,13 +4035,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -2707,6 +4058,13 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* @@ -2716,23 +4074,69 @@ ADMX Info: -**InternetExplorer/InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe** +**InternetExplorer/InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
check mark1check mark1check mark1check mark1check mark1check mark1
+ + - -ADMX Info: -- GP english name: *Initialize and script ActiveX controls not marked as safe* -- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_1* -- GP ADMX file name: *inetres.admx* - - -**InternetExplorer/InternetZoneJavaPermissionsWRONG1** +**InternetExplorer/InternetZoneJavaPermissions** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Java permissions* @@ -2742,23 +4146,40 @@ ADMX Info: -**InternetExplorer/InternetZoneJavaPermissionsWRONG2** +**InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + - -ADMX Info: -- GP english name: *Java permissions* -- GP name: *IZ_PolicyJavaPermissions_3* -- GP ADMX file name: *inetres.admx* +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - - - -**InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME** +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - ADMX Info: - GP english name: *Launching applications and files in an IFRAME* @@ -2768,10 +4189,40 @@ ADMX Info: -**InternetExplorer/InternetZoneLogonOptions** +**InternetExplorer/InternetZoneLogonOptions** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Logon options* @@ -2795,13 +4246,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -2816,6 +4267,13 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Navigate windows and frames across different domains* @@ -2825,10 +4283,40 @@ ADMX Info: -**InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsNotSignedWithAuthenticode** +**InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsNotSignedWithAuthenticode** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* @@ -2838,10 +4326,40 @@ ADMX Info: -**InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode** +**InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Run .NET Framework-reliant components signed with Authenticode* @@ -2851,10 +4369,40 @@ ADMX Info: -**InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles** +**InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Show security warning for potentially unsafe files* @@ -2864,10 +4412,40 @@ ADMX Info: -**InternetExplorer/InternetZoneUsePopupBlocker** +**InternetExplorer/InternetZoneUsePopupBlocker** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Use Pop-up Blocker* @@ -2877,10 +4455,40 @@ ADMX Info: -**InternetExplorer/InternetZoneWebsitesInLessPrivilegedZonesCanNavigateIntoThisZone** +**InternetExplorer/InternetZoneWebsitesInLessPrivilegedZonesCanNavigateIntoThisZone** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* @@ -2904,13 +4512,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -2925,6 +4533,13 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Access data sources across domains* @@ -2948,13 +4563,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -2969,6 +4584,13 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for ActiveX controls* @@ -2992,13 +4614,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3011,6 +4633,13 @@ If you enable this setting, users will receive a file download dialog for automa If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for file downloads* @@ -3034,13 +4663,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3055,6 +4684,13 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow font downloads* @@ -3078,13 +4714,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3099,6 +4735,13 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* @@ -3122,13 +4765,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3143,6 +4786,13 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will execute unsigned managed components. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* @@ -3166,13 +4816,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3187,6 +4837,13 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow scriptlets* @@ -3210,13 +4867,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3233,6 +4890,13 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on SmartScreen Filter scan* @@ -3256,13 +4920,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3277,12 +4941,62 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_3* - GP ADMX file name: *inetres.admx* + + + +**InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP english name: *Don't run antimalware programs against ActiveX controls* +- GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_3* +- GP ADMX file name: *inetres.admx* + @@ -3300,13 +5014,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3323,12 +5037,105 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_3* - GP ADMX file name: *inetres.admx* + + + +**InternetExplorer/IntranetZoneInitializeAndScriptActiveXControlsNotMarkedSafe** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_3* +- GP ADMX file name: *inetres.admx* + + + + +**InternetExplorer/IntranetZoneJavaPermissions** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP english name: *Java permissions* +- GP name: *IZ_PolicyJavaPermissions_3* +- GP ADMX file name: *inetres.admx* + @@ -3346,13 +5153,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3367,6 +5174,13 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Navigate windows and frames across different domains* @@ -3390,13 +5204,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3411,6 +5225,13 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Access data sources across domains* @@ -3434,13 +5255,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3455,6 +5276,13 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for ActiveX controls* @@ -3478,13 +5306,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3497,6 +5325,13 @@ If you enable this setting, users will receive a file download dialog for automa If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for file downloads* @@ -3520,13 +5355,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3541,6 +5376,13 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow font downloads* @@ -3564,13 +5406,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3585,6 +5427,13 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* @@ -3608,13 +5457,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3629,6 +5478,13 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* @@ -3652,13 +5508,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3673,6 +5529,13 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow scriptlets* @@ -3696,13 +5559,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3719,6 +5582,13 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on SmartScreen Filter scan* @@ -3742,13 +5612,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3763,6 +5633,13 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Userdata persistence* @@ -3772,10 +5649,40 @@ ADMX Info: -**InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls** +**InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Don't run antimalware programs against ActiveX controls* @@ -3799,13 +5706,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3822,6 +5729,13 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* @@ -3831,10 +5745,40 @@ ADMX Info: -**InternetExplorer/LocalMachineZoneJavaPermissions** +**InternetExplorer/LocalMachineZoneJavaPermissions** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Java permissions* @@ -3858,13 +5802,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3879,6 +5823,13 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Navigate windows and frames across different domains* @@ -3902,13 +5853,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3923,6 +5874,13 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Access data sources across domains* @@ -3946,13 +5904,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3967,6 +5925,13 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for ActiveX controls* @@ -3990,13 +5955,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4009,6 +5974,13 @@ If you enable this setting, users will receive a file download dialog for automa If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for file downloads* @@ -4032,13 +6004,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4053,6 +6025,13 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow font downloads* @@ -4076,13 +6055,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4097,6 +6076,13 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* @@ -4120,13 +6106,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4141,6 +6127,13 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* @@ -4164,13 +6157,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4185,6 +6178,13 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow scriptlets* @@ -4208,13 +6208,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4231,6 +6231,13 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on SmartScreen Filter scan* @@ -4254,13 +6261,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4275,6 +6282,13 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Userdata persistence* @@ -4298,13 +6312,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4321,6 +6335,13 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* @@ -4330,10 +6351,40 @@ ADMX Info: -**InternetExplorer/LockedDownInternetZoneJavaPermissions** +**InternetExplorer/LockedDownInternetZoneJavaPermissions** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Java permissions* @@ -4357,13 +6408,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4378,6 +6429,13 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Navigate windows and frames across different domains* @@ -4401,13 +6459,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4422,6 +6480,13 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Access data sources across domains* @@ -4445,13 +6510,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4466,6 +6531,13 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for ActiveX controls* @@ -4489,13 +6561,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4508,6 +6580,13 @@ If you enable this setting, users will receive a file download dialog for automa If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for file downloads* @@ -4531,13 +6610,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4552,6 +6631,13 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow font downloads* @@ -4575,13 +6661,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4596,6 +6682,13 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* @@ -4619,13 +6712,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4640,6 +6733,13 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* @@ -4663,13 +6763,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4684,6 +6784,13 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow scriptlets* @@ -4707,13 +6814,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4730,6 +6837,13 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on SmartScreen Filter scan* @@ -4753,13 +6867,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4774,6 +6888,13 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Userdata persistence* @@ -4797,13 +6918,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4820,6 +6941,13 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* @@ -4843,13 +6971,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4864,6 +6992,13 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Navigate windows and frames across different domains* @@ -4887,13 +7022,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4908,6 +7043,13 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Access data sources across domains* @@ -4931,13 +7073,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4952,6 +7094,13 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for ActiveX controls* @@ -4975,13 +7124,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4994,6 +7143,13 @@ If you enable this setting, users will receive a file download dialog for automa If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for file downloads* @@ -5017,13 +7173,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5038,6 +7194,13 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow font downloads* @@ -5061,13 +7224,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5082,6 +7245,13 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* @@ -5105,13 +7275,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5126,6 +7296,13 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* @@ -5149,13 +7326,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5170,6 +7347,13 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow scriptlets* @@ -5193,13 +7377,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5216,6 +7400,13 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on SmartScreen Filter scan* @@ -5239,13 +7430,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5260,6 +7451,13 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Userdata persistence* @@ -5283,13 +7481,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5306,6 +7504,13 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* @@ -5315,10 +7520,40 @@ ADMX Info: -**InternetExplorer/LockedDownLocalMachineZoneJavaPermissions** +**InternetExplorer/LockedDownLocalMachineZoneJavaPermissions** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Java permissions* @@ -5342,13 +7577,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5363,6 +7598,13 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Navigate windows and frames across different domains* @@ -5386,13 +7628,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5407,6 +7649,13 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Access data sources across domains* @@ -5430,13 +7679,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5451,6 +7700,13 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for ActiveX controls* @@ -5474,13 +7730,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5493,6 +7749,13 @@ If you enable this setting, users will receive a file download dialog for automa If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for file downloads* @@ -5516,13 +7779,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5537,6 +7800,13 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, users are queried whether to allow HTML fonts to download. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow font downloads* @@ -5560,13 +7830,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5581,6 +7851,13 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* @@ -5604,13 +7881,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5625,6 +7902,13 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* @@ -5648,13 +7932,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5669,6 +7953,13 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow scriptlets* @@ -5692,13 +7983,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5715,6 +8006,13 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on SmartScreen Filter scan* @@ -5738,13 +8036,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5759,6 +8057,13 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Userdata persistence* @@ -5782,13 +8087,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5805,6 +8110,13 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* @@ -5814,10 +8126,40 @@ ADMX Info: -**InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions** +**InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Java permissions* @@ -5841,13 +8183,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5862,6 +8204,13 @@ If you disable this policy setting, users cannot open other windows and frames f If you do not configure this policy setting, users cannot open other windows and frames from different domains or access applications from different domains. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Navigate windows and frames across different domains* @@ -5885,13 +8234,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5906,6 +8255,13 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Access data sources across domains* @@ -5929,13 +8285,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5950,6 +8306,13 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for ActiveX controls* @@ -5973,13 +8336,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5992,6 +8355,13 @@ If you enable this setting, users will receive a file download dialog for automa If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for file downloads* @@ -6015,13 +8385,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6036,6 +8406,13 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow font downloads* @@ -6059,13 +8436,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6080,6 +8457,13 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* @@ -6103,13 +8487,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6124,6 +8508,13 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* @@ -6147,13 +8538,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6168,6 +8559,13 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow scriptlets* @@ -6191,13 +8589,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6214,6 +8612,13 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on SmartScreen Filter scan* @@ -6237,13 +8642,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6258,6 +8663,13 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Userdata persistence* @@ -6281,13 +8693,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6304,6 +8716,13 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* @@ -6313,10 +8732,40 @@ ADMX Info: -**InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions** +**InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Java permissions* @@ -6340,13 +8789,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6361,6 +8810,13 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Navigate windows and frames across different domains* @@ -6370,10 +8826,40 @@ ADMX Info: -**InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses** +**InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Internet Explorer Processes* @@ -6383,10 +8869,40 @@ ADMX Info: -**InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses** +**InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Internet Explorer Processes* @@ -6396,10 +8912,40 @@ ADMX Info: -**InternetExplorer/NotificationBarInternetExplorerProcesses** +**InternetExplorer/NotificationBarInternetExplorerProcesses** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Internet Explorer Processes* @@ -6409,23 +8955,83 @@ ADMX Info: -**InternetExplorer/PreventManagingSmartScreenFilter** +**InternetExplorer/PreventManagingSmartScreenFilter** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: -- GP english name: *Download signed ActiveX controls* -- GP name: *IZ_PolicyDownloadSignedActiveX_1* +- GP english name: *Prevent managing SmartScreen Filter* +- GP name: *Disable_Managing_Safety_Filter_IE9* - GP ADMX file name: *inetres.admx* -**InternetExplorer/PreventPerUserInstallationOfActiveXControls** +**InternetExplorer/PreventPerUserInstallationOfActiveXControls** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prevent per-user installation of ActiveX controls* @@ -6435,10 +9041,40 @@ ADMX Info: -**InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses** +**InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *All Processes* @@ -6448,10 +9084,40 @@ ADMX Info: -**InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls** +**InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Remove "Run this time" button for outdated ActiveX controls in Internet Explorer * @@ -6461,10 +9127,40 @@ ADMX Info: -**InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses** +**InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *All Processes* @@ -6474,10 +9170,40 @@ ADMX Info: -**InternetExplorer/RestrictFileDownloadInternetExplorerProcesses** +**InternetExplorer/RestrictFileDownloadInternetExplorerProcesses** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *All Processes* @@ -6501,13 +9227,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6522,6 +9248,13 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Access data sources across domains* @@ -6531,14 +9264,44 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneAllowActiveScripting** +**InternetExplorer/RestrictedSitesZoneAllowActiveScripting** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow active scripting* -- GP name: *IZ_PolicyActiveScripting_1* +- GP name: *IZ_PolicyActiveScripting_7* - GP ADMX file name: *inetres.admx* @@ -6558,13 +9321,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6579,6 +9342,13 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for ActiveX controls* @@ -6602,13 +9372,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6621,6 +9391,13 @@ If you enable this setting, users will receive a file download dialog for automa If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for file downloads* @@ -6630,23 +9407,83 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors** +**InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow binary and script behaviors* -- GP name: *IZ_PolicyBinaryBehaviors_1* +- GP name: *IZ_PolicyBinaryBehaviors_7* - GP ADMX file name: *inetres.admx* -**InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript** +**InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow cut, copy or paste operations from the clipboard via script* @@ -6656,10 +9493,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles** +**InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow drag and drop or copy and paste files* @@ -6669,14 +9536,44 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneAllowFileDownloads** +**InternetExplorer/RestrictedSitesZoneAllowFileDownloads** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow file downloads* -- GP name: *IZ_PolicyFileDownload_1* +- GP name: *IZ_PolicyFileDownload_7* - GP ADMX file name: *inetres.admx* @@ -6696,13 +9593,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6717,31 +9614,19 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, users are queried whether to allow HTML fonts to download. - - -**InternetExplorer/RestrictedSitesZoneAllowFontDownloadsWRONG1** +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - ADMX Info: - GP english name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_7* - GP ADMX file name: *inetres.admx* - - - -**InternetExplorer/RestrictedSitesZoneAllowFontDownloadsWRONG2** - - - - -ADMX Info: -- GP english name: *Allow font downloads* -- GP name: *IZ_PolicyFontDownload_1* -- GP ADMX file name: *inetres.admx* - @@ -6759,13 +9644,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6780,6 +9665,13 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* @@ -6789,10 +9681,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles** +**InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow loading of XAML files* @@ -6802,14 +9724,44 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH** +**InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow META REFRESH* -- GP name: *IZ_PolicyAllowMETAREFRESH_1* +- GP name: *IZ_PolicyAllowMETAREFRESH_7* - GP ADMX file name: *inetres.admx* @@ -6829,13 +9781,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6850,6 +9802,13 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* @@ -6859,10 +9818,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls** +**InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow only approved domains to use ActiveX controls without prompt* @@ -6872,10 +9861,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl** +**InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow only approved domains to use the TDC ActiveX control* @@ -6885,10 +9904,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows** +**InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow script-initiated windows without size or position constraints* @@ -6898,10 +9947,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls** +**InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow scripting of Internet Explorer WebBrowser controls* @@ -6925,13 +10004,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6946,6 +10025,13 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow scriptlets* @@ -6969,13 +10055,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6992,6 +10078,13 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on SmartScreen Filter scan* @@ -7001,10 +10094,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript** +**InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow updates to status bar via script* @@ -7028,13 +10151,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -7049,6 +10172,13 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Userdata persistence* @@ -7058,10 +10188,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls** +**InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Don't run antimalware programs against ActiveX controls* @@ -7071,10 +10231,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls** +**InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Download signed ActiveX controls* @@ -7084,10 +10274,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls** +**InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Download unsigned ActiveX controls* @@ -7097,10 +10317,83 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows** +**InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP english name: *Turn on Cross-Site Scripting Filter* +- GP name: *IZ_PolicyTurnOnXSSFilter_Both_Restricted* +- GP ADMX file name: *inetres.admx* + + + + +**InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Enable dragging of content from different domains across windows* @@ -7110,10 +10403,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows** +**InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Enable dragging of content from different domains within a window* @@ -7123,10 +10446,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneEnableMIMESniffing** +**InternetExplorer/RestrictedSitesZoneEnableMIMESniffing** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Enable MIME Sniffing* @@ -7136,10 +10489,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer** +**InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Include local path when user is uploading files to a server* @@ -7163,13 +10546,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -7186,6 +10569,13 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* @@ -7195,10 +10585,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneJavaPermissions** +**InternetExplorer/RestrictedSitesZoneJavaPermissions** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Java permissions* @@ -7208,10 +10628,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME** +**InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Launching applications and files in an IFRAME* @@ -7221,10 +10671,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneLogonOptions** +**InternetExplorer/RestrictedSitesZoneLogonOptions** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Logon options* @@ -7248,13 +10728,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -7269,6 +10749,13 @@ If you disable this policy setting, users cannot open other windows and frames f If you do not configure this policy setting, users cannot open other windows and frames from different domains or access applications from different domains. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Navigate windows and frames across different domains* @@ -7278,36 +10765,126 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFramesAcrossDomains** +**InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFramesAcrossDomains** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Navigate windows and frames across different domains* -- GP name: *IZ_PolicyNavigateSubframesAcrossDomains_1* +- GP name: *IZ_PolicyNavigateSubframesAcrossDomains_7* - GP ADMX file name: *inetres.admx* -**InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins** +**InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Run ActiveX controls and plugins* -- GP name: *IZ_PolicyRunActiveXControls_1* +- GP name: *IZ_PolicyRunActiveXControls_7* - GP ADMX file name: *inetres.admx* -**InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode** +**InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Run .NET Framework-reliant components signed with Authenticode* @@ -7317,36 +10894,126 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting** +**InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Script ActiveX controls marked safe for scripting* -- GP name: *IZ_PolicyScriptActiveXMarkedSafe_1* +- GP name: *IZ_PolicyScriptActiveXMarkedSafe_7* - GP ADMX file name: *inetres.admx* -**InternetExplorer/RestrictedSitesZoneWRONG** +**InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Scripting of Java applets* -- GP name: *IZ_PolicyScriptingOfJavaApplets_6* +- GP name: *IZ_PolicyScriptingOfJavaApplets_7* - GP ADMX file name: *inetres.admx* -**InternetExplorer/RestrictedSitesZoneWRONG2** +**InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Show security warning for potentially unsafe files* @@ -7356,10 +11023,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneWRONG3** +**InternetExplorer/RestrictedSitesZoneTurnOnCrossSiteScriptingFilter** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on Cross-Site Scripting Filter* @@ -7369,10 +11066,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneWRONG4** +**InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on Protected Mode* @@ -7382,10 +11109,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneWRONG5** +**InternetExplorer/RestrictedSitesZoneUsePopupBlocker** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Use Pop-up Blocker* @@ -7395,10 +11152,40 @@ ADMX Info: -**InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses** +**InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *All Processes* @@ -7422,13 +11209,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -7441,6 +11228,13 @@ If you enable this policy setting, the user cannot configure the list of search If you disable or do not configure this policy setting, the user can configure his or her list of search providers. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Restrict search providers to a specific list* @@ -7450,10 +11244,40 @@ ADMX Info: -**InternetExplorer/SecurityZonesUseOnlyMachineSettings** +**InternetExplorer/SecurityZonesUseOnlyMachineSettings** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Security Zones: Use only machine settings * @@ -7463,10 +11287,40 @@ ADMX Info: -**InternetExplorer/SpecifyUseOfActiveXInstallerService** +**InternetExplorer/SpecifyUseOfActiveXInstallerService** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Specify use of ActiveX Installer Service for installation of ActiveX controls* @@ -7490,13 +11344,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -7511,6 +11365,13 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Access data sources across domains* @@ -7534,13 +11395,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -7555,6 +11416,13 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for ActiveX controls* @@ -7578,13 +11446,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -7597,6 +11465,13 @@ If you enable this setting, users will receive a file download dialog for automa If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for file downloads* @@ -7620,13 +11495,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -7641,6 +11516,13 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow font downloads* @@ -7664,13 +11546,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -7685,6 +11567,13 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, a warning is issued to the user that potentially risky navigation is about to occur. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* @@ -7708,13 +11597,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -7729,6 +11618,13 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will execute unsigned managed components. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* @@ -7752,13 +11648,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -7773,6 +11669,13 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow scriptlets* @@ -7796,13 +11699,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -7819,6 +11722,13 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on SmartScreen Filter scan* @@ -7842,13 +11752,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -7863,12 +11773,105 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_5* - GP ADMX file name: *inetres.admx* + + + +**InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP english name: *Don't run antimalware programs against ActiveX controls* +- GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_5* +- GP ADMX file name: *inetres.admx* + + + + +**InternetExplorer/TrustedSitesZoneDontRunAntimalwareProgramsAgainstActiveXControls** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP english name: *Don't run antimalware programs against ActiveX controls* +- GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_5* +- GP ADMX file name: *inetres.admx* + @@ -7886,13 +11889,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -7909,6 +11912,13 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* @@ -7918,10 +11928,126 @@ ADMX Info: -**InternetExplorer/TrustedSitesZoneJavaPermissions** +**InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControlsNotMarkedAsSafe** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_5* +- GP ADMX file name: *inetres.admx* + + + + +**InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControlsNotMarkedSafe** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_5* +- GP ADMX file name: *inetres.admx* + + + + +**InternetExplorer/TrustedSitesZoneJavaPermissions** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Java permissions* @@ -7945,13 +12071,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -7966,38 +12092,19 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_5* - GP ADMX file name: *inetres.admx* - - - -**InternetExplorer/TrustedSitesZoneWRONG1** - - - - -ADMX Info: -- GP english name: *Don't run antimalware programs against ActiveX controls* -- GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_5* -- GP ADMX file name: *inetres.admx* - - - - -**InternetExplorer/TrustedSitesZoneWRONG2** - - - - -ADMX Info: -- GP english name: *Initialize and script ActiveX controls not marked as safe* -- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_5* -- GP ADMX file name: *inetres.admx* -
diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md index a8fbdb51d5..801ebc1f70 100644 --- a/windows/client-management/mdm/policy-csp-kerberos.md +++ b/windows/client-management/mdm/policy-csp-kerberos.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Kerberos @@ -33,13 +34,13 @@ author: nickbrower Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -52,6 +53,13 @@ If you enable this policy setting, the Kerberos client searches the forests in t If you disable or do not configure this policy setting, the Kerberos client does not search the listed forests to resolve the SPN. If the Kerberos client is unable to resolve the SPN because the name is not found, NTLM authentication might be used. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Use forest search order* @@ -75,13 +83,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -93,6 +101,13 @@ If you enable this policy setting, the client computers will request claims, pro If you disable or do not configure this policy setting, the client devices will not request claims, provide information required to create compounded authentication and armor Kerberos messages. Services hosted on the device will not be able to retrieve claims for clients using Kerberos protocol transition. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Kerberos client support for claims, compound authentication and Kerberos armoring* @@ -116,13 +131,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -139,6 +154,13 @@ Note: The Kerberos Group Policy "Kerberos client support for claims, compound au If you disable or do not configure this policy setting, the client computers in the domain enforce the use of Kerberos armoring when possible as supported by the target domain. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Fail authentication requests when Kerberos armoring is not available* @@ -162,13 +184,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -181,6 +203,13 @@ If you enable this policy setting, the Kerberos client requires that the KDC's X If you disable or do not configure this policy setting, the Kerberos client requires only that the KDC certificate contain the Server Authentication purpose object identifier in the EKU extensions which can be issued to any server. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Require strict KDC validation* @@ -204,13 +233,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -227,6 +256,13 @@ If you disable or do not configure this policy setting, the Kerberos client or s Note: This policy setting configures the existing MaxTokenSize registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters, which was added in Windows XP and Windows Server 2003, with a default value of 12,000 bytes. Beginning with Windows 8 the default is 48,000 bytes. Due to HTTP's base64 encoding of authentication context tokens, it is not advised to set this value more than 48,000 bytes. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Set maximum Kerberos SSPI context token buffer size* diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md index 8c80b8d3a3..192795ada2 100644 --- a/windows/client-management/mdm/policy-csp-licensing.md +++ b/windows/client-management/mdm/policy-csp-licensing.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Licensing diff --git a/windows/client-management/mdm/policy-csp-location.md b/windows/client-management/mdm/policy-csp-location.md index f645587446..ba133e1921 100644 --- a/windows/client-management/mdm/policy-csp-location.md +++ b/windows/client-management/mdm/policy-csp-location.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Location diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md index 25dc0413fe..a98d78e52b 100644 --- a/windows/client-management/mdm/policy-csp-lockdown.md +++ b/windows/client-management/mdm/policy-csp-lockdown.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - LockDown diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md index 71023a8d83..27d44175e4 100644 --- a/windows/client-management/mdm/policy-csp-maps.md +++ b/windows/client-management/mdm/policy-csp-maps.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Maps diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md index 0cb1012fa9..e0c705d31b 100644 --- a/windows/client-management/mdm/policy-csp-messaging.md +++ b/windows/client-management/mdm/policy-csp-messaging.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Messaging diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md index 8c7f783b3c..0d59b01e1b 100644 --- a/windows/client-management/mdm/policy-csp-networkisolation.md +++ b/windows/client-management/mdm/policy-csp-networkisolation.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - NetworkIsolation diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md index 1ba72d35a8..fa41ee2efb 100644 --- a/windows/client-management/mdm/policy-csp-notifications.md +++ b/windows/client-management/mdm/policy-csp-notifications.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Notifications diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md index b0b74a08f2..f3bb408651 100644 --- a/windows/client-management/mdm/policy-csp-power.md +++ b/windows/client-management/mdm/policy-csp-power.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Power @@ -34,12 +35,12 @@ author: nickbrower cross mark - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -52,6 +53,13 @@ If you enable or do not configure this policy setting, Windows uses standby stat If you disable this policy setting, standby states (S1-S3) are not allowed. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow standby states (S1-S3) when sleeping (plugged in)* @@ -76,12 +84,12 @@ ADMX Info: cross mark - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -96,6 +104,13 @@ ADMX Info:

If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off the display (on battery)* @@ -120,12 +135,12 @@ ADMX Info: cross mark - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -140,6 +155,13 @@ ADMX Info:

If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off the display (plugged in)* @@ -164,12 +186,12 @@ ADMX Info: cross mark - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -185,6 +207,13 @@ ADMX Info:

If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Specify the system hibernate timeout (on battery)* @@ -209,12 +238,12 @@ ADMX Info: cross mark - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -229,6 +258,13 @@ ADMX Info:

If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Specify the system hibernate timeout (plugged in)* @@ -253,12 +289,12 @@ ADMX Info: cross mark - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -271,6 +307,13 @@ If you enable or do not configure this policy setting, the user is prompted for If you disable this policy setting, the user is not prompted for a password when the system resumes from sleep. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Require a password when a computer wakes (on battery)* @@ -295,12 +338,12 @@ ADMX Info: cross mark - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -313,6 +356,13 @@ If you enable or do not configure this policy setting, the user is prompted for If you disable this policy setting, the user is not prompted for a password when the system resumes from sleep. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Require a password when a computer wakes (plugged in)* @@ -337,12 +387,12 @@ ADMX Info: cross mark - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -357,6 +407,13 @@ ADMX Info:

If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Specify the system sleep timeout (on battery)* @@ -381,12 +438,12 @@ ADMX Info: cross mark - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -401,6 +458,13 @@ ADMX Info:

If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Specify the system sleep timeout (plugged in)* diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md index ac4e6f725f..2fd40ada12 100644 --- a/windows/client-management/mdm/policy-csp-printers.md +++ b/windows/client-management/mdm/policy-csp-printers.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Printers @@ -34,12 +35,12 @@ author: nickbrower cross mark - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -65,6 +66,13 @@ If you disable this policy setting: -The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs). +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Point and Print Restrictions* @@ -74,7 +82,7 @@ ADMX Info: -**Printers/PointAndPrintRestrictions_User** +**Printers/PointAndPrintRestrictions_User** @@ -89,12 +97,12 @@ ADMX Info: - - - - - - + + + + + +
cross markcheck mark1check mark1check mark1check mark1check mark1check markcheck markcheck markcheck markcross markcross mark
@@ -120,6 +128,13 @@ If you disable this policy setting: -The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs). +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Point and Print Restrictions* @@ -144,12 +159,12 @@ ADMX Info: cross mark - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -164,6 +179,13 @@ If you disable this setting, this computer's shared printers cannot be published Note: This settings takes priority over the setting "Automatically publish new printers in the Active Directory". +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow printers to be published* diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index 6436a76202..64b43c3fd9 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Privacy diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md index bae354870c..0f082798fe 100644 --- a/windows/client-management/mdm/policy-csp-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-remoteassistance.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - RemoteAssistance @@ -33,13 +34,13 @@ author: nickbrower Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -58,6 +59,13 @@ If you disable this policy setting, the user sees the default warning message. If you do not configure this policy setting, the user sees the default warning message. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Customize warning messages* @@ -81,13 +89,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -102,6 +110,13 @@ If you disable this policy setting, log files are not generated. If you do not configure this setting, application-based settings are used. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on session logging* @@ -125,13 +140,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -154,6 +169,13 @@ The "Select the method for sending email invitations" setting specifies which em If you enable this policy setting you should also enable appropriate firewall exceptions to allow Remote Assistance communications. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Configure Solicited Remote Assistance* @@ -177,13 +199,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -229,6 +251,13 @@ Port 135:TCP Allow Remote Desktop Exception +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Configure Offer Remote Assistance* diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md index c73c7a4093..57e8b93015 100644 --- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md +++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - RemoteDesktopServices @@ -33,13 +34,13 @@ author: nickbrower Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -58,6 +59,13 @@ Note: You can limit which clients are able to connect remotely by using Remote D You can limit the number of users who can connect simultaneously by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Limit number of connections, or by configuring the policy setting Maximum Connections by using the Remote Desktop Session Host WMI Provider. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow users to connect remotely by using Remote Desktop Services* @@ -81,13 +89,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -110,6 +118,13 @@ Important FIPS compliance can be configured through the System cryptography. Use FIPS compliant algorithms for encryption, hashing, and signing settings in Group Policy (under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.) The FIPS compliant setting encrypts and decrypts data sent from the client to the server and from the server to the client, with the Federal Information Processing Standard (FIPS) 140 encryption algorithms, by using Microsoft cryptographic modules. Use this encryption level when communications between clients and RD Session Host servers requires the highest level of encryption. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Set client connection encryption level* @@ -133,13 +148,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -156,6 +171,13 @@ If you disable this policy setting, client drive redirection is always allowed. If you do not configure this policy setting, client drive redirection and Clipboard file copy redirection are not specified at the Group Policy level. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Do not allow drive redirection* @@ -179,13 +201,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -198,6 +220,13 @@ If you enable this setting the password saving checkbox in Remote Desktop Connec If you disable this setting or leave it not configured, the user will be able to save passwords using Remote Desktop Connection. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Do not allow passwords to be saved* @@ -221,13 +250,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -246,6 +275,13 @@ If you disable this policy setting, users can always log on to Remote Desktop Se If you do not configure this policy setting, automatic logon is not specified at the Group Policy level. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Always prompt for password upon connection* @@ -269,13 +305,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -294,6 +330,13 @@ If the status is set to Not Configured, unsecured communication is allowed. Note: The RPC interface is used for administering and configuring Remote Desktop Services. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Require secure RPC communication* diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md index 4c0d02a0fb..2bb1892add 100644 --- a/windows/client-management/mdm/policy-csp-remotemanagement.md +++ b/windows/client-management/mdm/policy-csp-remotemanagement.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - RemoteManagement @@ -19,10 +20,40 @@ author: nickbrower ## RemoteManagement policies -**RemoteManagement/AllowBasicAuthentication_Client** +**RemoteManagement/AllowBasicAuthentication_Client** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow Basic authentication* @@ -32,10 +63,40 @@ ADMX Info: -**RemoteManagement/AllowBasicAuthentication_Service** +**RemoteManagement/AllowBasicAuthentication_Service** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow Basic authentication* @@ -45,23 +106,40 @@ ADMX Info: -**RemoteManagement/AllowCredSSPAuthenticationClient** +**RemoteManagement/AllowCredSSPAuthenticationClient** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + - -ADMX Info: -- GP english name: *Allow CredSSP authentication* -- GP name: *AllowCredSSP_1* -- GP ADMX file name: *WindowsRemoteManagement.admx* +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - - - -**RemoteManagement/AllowCredSSPAuthenticationService** +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - ADMX Info: - GP english name: *Allow CredSSP authentication* @@ -71,10 +149,83 @@ ADMX Info: -**RemoteManagement/AllowRemoteServerManagement** +**RemoteManagement/AllowCredSSPAuthenticationService** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP english name: *Allow CredSSP authentication* +- GP name: *AllowCredSSP_1* +- GP ADMX file name: *WindowsRemoteManagement.admx* + + + + +**RemoteManagement/AllowRemoteServerManagement** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow remote server management through WinRM* @@ -84,10 +235,40 @@ ADMX Info: -**RemoteManagement/AllowUnencryptedTraffic_Client** +**RemoteManagement/AllowUnencryptedTraffic_Client** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow unencrypted traffic* @@ -97,10 +278,40 @@ ADMX Info: -**RemoteManagement/AllowUnencryptedTraffic_Service** +**RemoteManagement/AllowUnencryptedTraffic_Service** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow unencrypted traffic* @@ -110,10 +321,40 @@ ADMX Info: -**RemoteManagement/DisallowDigestAuthentication** +**RemoteManagement/DisallowDigestAuthentication** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Disallow Digest authentication* @@ -123,23 +364,40 @@ ADMX Info: -**RemoteManagement/DisallowNegotiateAuthenticationClient** +**RemoteManagement/DisallowNegotiateAuthenticationClient** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + - -ADMX Info: -- GP english name: *Disallow Negotiate authentication* -- GP name: *DisallowNegotiate_1* -- GP ADMX file name: *WindowsRemoteManagement.admx* +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - - - -**RemoteManagement/DisallowNegotiateAuthenticationService** +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - ADMX Info: - GP english name: *Disallow Negotiate authentication* @@ -149,10 +407,83 @@ ADMX Info: -**RemoteManagement/DisallowStoringOfRunAsCredentials** +**RemoteManagement/DisallowNegotiateAuthenticationService** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP english name: *Disallow Negotiate authentication* +- GP name: *DisallowNegotiate_1* +- GP ADMX file name: *WindowsRemoteManagement.admx* + + + + +**RemoteManagement/DisallowStoringOfRunAsCredentials** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Disallow WinRM from storing RunAs credentials* @@ -162,10 +493,40 @@ ADMX Info: -**RemoteManagement/SpecifyChannelBindingTokenHardeningLevel** +**RemoteManagement/SpecifyChannelBindingTokenHardeningLevel** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Specify channel binding token hardening level* @@ -175,10 +536,40 @@ ADMX Info: -**RemoteManagement/TrustedHosts** +**RemoteManagement/TrustedHosts** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Trusted Hosts* @@ -188,10 +579,40 @@ ADMX Info: -**RemoteManagement/TurnOnCompatibilityHTTPListener** +**RemoteManagement/TurnOnCompatibilityHTTPListener** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn On Compatibility HTTP Listener* @@ -201,10 +622,40 @@ ADMX Info: -**RemoteManagement/TurnOnCompatibilityHTTPSListener** +**RemoteManagement/TurnOnCompatibilityHTTPSListener** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn On Compatibility HTTPS Listener* diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md index 56389b3ae7..79559fed08 100644 --- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md +++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - RemoteProcedureCall @@ -33,13 +34,13 @@ author: nickbrower Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -56,6 +57,13 @@ If you do not configure this policy setting, it remains disabled. RPC clients w Note: This policy will not be applied until the system is rebooted. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Enable RPC Endpoint Mapper Client Authentication* @@ -79,13 +87,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -110,6 +118,13 @@ If you enable this policy setting, it directs the RPC server runtime to restrict Note: This policy setting will not be applied until the system is rebooted. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Restrict Unauthenticated RPC clients* diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md index 08ec87e539..becd1b6df2 100644 --- a/windows/client-management/mdm/policy-csp-remoteshell.md +++ b/windows/client-management/mdm/policy-csp-remoteshell.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - RemoteShell @@ -19,10 +20,40 @@ author: nickbrower ## RemoteShell policies -**RemoteShell/AllowRemoteShellAccess** +**RemoteShell/AllowRemoteShellAccess** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow Remote Shell Access* @@ -32,10 +63,40 @@ ADMX Info: -**RemoteShell/MaxConcurrentUsers** +**RemoteShell/MaxConcurrentUsers** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *MaxConcurrentUsers* @@ -45,10 +106,40 @@ ADMX Info: -**RemoteShell/SpecifyIdleTimeout** +**RemoteShell/SpecifyIdleTimeout** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Specify idle Timeout* @@ -58,10 +149,40 @@ ADMX Info: -**RemoteShell/SpecifyMaxMemory** +**RemoteShell/SpecifyMaxMemory** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Specify maximum amount of memory in MB per Shell* @@ -71,10 +192,40 @@ ADMX Info: -**RemoteShell/SpecifyMaxProcesses** +**RemoteShell/SpecifyMaxProcesses** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Specify maximum number of processes per Shell* @@ -84,10 +235,40 @@ ADMX Info: -**RemoteShell/SpecifyMaxRemoteShells** +**RemoteShell/SpecifyMaxRemoteShells** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Specify maximum number of remote shells per user* @@ -97,10 +278,40 @@ ADMX Info: -**RemoteShell/SpecifyShellTimeout** +**RemoteShell/SpecifyShellTimeout** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Specify Shell Timeout* diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index 73badec791..b4338ee741 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Search diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md index b9da338ad1..da65b16788 100644 --- a/windows/client-management/mdm/policy-csp-security.md +++ b/windows/client-management/mdm/policy-csp-security.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Security diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index aac7fdd2e4..1f0609cf32 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Settings diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md index 968712f98d..f051f86853 100644 --- a/windows/client-management/mdm/policy-csp-smartscreen.md +++ b/windows/client-management/mdm/policy-csp-smartscreen.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - SmartScreen diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md index b67d1464b7..e19e02b135 100644 --- a/windows/client-management/mdm/policy-csp-speech.md +++ b/windows/client-management/mdm/policy-csp-speech.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Speech diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index 9c3c33dc73..294d709c46 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Start diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index 7d305a13d9..6e7bf5238a 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Storage @@ -34,8 +35,8 @@ author: nickbrower cross mark - cross mark - + check mark + check mark check mark check mark cross mark @@ -52,6 +53,13 @@ If you enable this policy setting, Windows will not activate unactivated Enhance If you disable or do not configure this policy setting, Windows will activate unactivated Enhanced Storage devices. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Do not allow Windows to activate Enhanced Storage devices* diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index bfc21c114d..ac2270f86c 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - System @@ -419,11 +420,11 @@ author: nickbrower cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -432,6 +433,13 @@ author: nickbrower N/A +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP name: *POL_DriverLoadPolicy_Name* @@ -505,10 +513,10 @@ ADMX Info: cross mark - check mark2 - check mark2 - check mark2 - check mark2 + check mark + check mark + check mark + check mark cross mark cross mark @@ -529,6 +537,13 @@ If you disable or do not configure this policy setting, users can perform System Also, see the "Turn off System Restore configuration" policy setting. If the "Turn off System Restore" policy setting is disabled or not configured, the "Turn off System Restore configuration" policy setting is used to determine whether the option to configure System Restore is available. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off System Restore* diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index 3baa9bb071..a301e620e4 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - TextInput diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md index c3bcd16106..5aa7ed1720 100644 --- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md +++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - TimeLanguageSettings @@ -67,8 +68,8 @@ Footnote: ## TimeLanguageSettings policies supported by Microsoft Surface Hub -- [TimeLanguageSettings/Set24HourClock](#None) -- [TimeLanguageSettings/SetCountry](#None) -- [TimeLanguageSettings/SetLanguage](#None) +- [TimeLanguageSettings/Set24HourClock](#timelanguagesettings-set24hourclock) +- [TimeLanguageSettings/SetCountry](#timelanguagesettings-setcountry) +- [TimeLanguageSettings/SetLanguage](#timelanguagesettings-setlanguage) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index eb5110a19b..3681d55d6f 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Update @@ -1110,7 +1111,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego -**Update/PauseFeatureUpdatesStartTime** +**Update/PauseFeatureUpdatesStartTime** @@ -1182,7 +1183,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego -**Update/PauseQualityUpdatesStartTime** +**Update/PauseQualityUpdatesStartTime**
diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md index 61525f5b57..14181da459 100644 --- a/windows/client-management/mdm/policy-csp-wifi.md +++ b/windows/client-management/mdm/policy-csp-wifi.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Wifi diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md index 7f6d64ab86..1562806a3e 100644 --- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md +++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/06/2017 +ms.date: 07/14/2017 --- # Policy CSP - WindowsDefenderSecurityCenter @@ -31,7 +31,7 @@ ms.date: 07/06/2017 - + @@ -64,7 +64,7 @@ ms.date: 07/06/2017 - + @@ -100,7 +100,7 @@ ms.date: 07/06/2017 - + @@ -139,7 +139,7 @@ ms.date: 07/06/2017 - + @@ -175,7 +175,7 @@ ms.date: 07/06/2017 - + @@ -211,7 +211,7 @@ ms.date: 07/06/2017 - + @@ -247,7 +247,7 @@ ms.date: 07/06/2017 - + @@ -283,7 +283,7 @@ ms.date: 07/06/2017 - + @@ -319,7 +319,7 @@ ms.date: 07/06/2017 - + @@ -355,7 +355,7 @@ ms.date: 07/06/2017 - + @@ -372,7 +372,7 @@ ms.date: 07/06/2017

Added in Windows 10, version 1709. The email address that is displayed to users.  The default mail application is used to initiate email actions. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display contact options. -

Value type is string. Supported operations are Add, Get, Replace and Delete. +

Value type is string. Supported operations are Add, Get, Replace and Delete. @@ -388,7 +388,7 @@ ms.date: 07/06/2017

- + @@ -409,7 +409,6 @@ ms.date: 07/06/2017 - 0 - (Disable) Notifications contain a default notification text. - 1 - (Enable) Notifications contain the company name and contact options. - @@ -425,7 +424,7 @@ ms.date: 07/06/2017 - + @@ -461,7 +460,7 @@ ms.date: 07/06/2017 - + @@ -494,7 +493,7 @@ ms.date: 07/06/2017 - + @@ -511,7 +510,17 @@ ms.date: 07/06/2017

Added in Windows 10, version 1709. The help portal URL this is displayed to users. The default browser is used to initiate this action. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then the device will not display contact options. -

Value type is Value type is string. Supported operations are Add, Get, Replace, and Delete. +

Value type is Value type is string. Supported operations are Add, Get, Replace, and Delete. - \ No newline at end of file + +

+ +Footnote: + +- 1 - Added in Windows 10, version 1607. +- 2 - Added in Windows 10, version 1703. +- 3 - Added in Windows 10, version 1709. + + + diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md index edce18a72e..aea0a2de88 100644 --- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md +++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - WindowsInkWorkspace diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index 29b2de31e3..c0d3fb1bdc 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - WindowsLogon @@ -34,10 +35,10 @@ author: nickbrower - - - - + + + + @@ -52,6 +53,13 @@ If you enable this policy setting, no app notifications are displayed on the loc If you disable or do not configure this policy setting, users can choose which apps display notifications on the lock screen. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off app notifications on the lock screen* @@ -76,10 +84,10 @@ ADMX Info: - - - - + + + + @@ -94,6 +102,13 @@ If you enable this policy setting, the PC's network connectivity state cannot be If you disable or don't configure this policy setting, any user can disconnect the PC from the network or can connect the PC to other available networks without signing into Windows. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Do not display network selection UI* diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index ab4b3cb9d6..535bc242b7 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - WirelessDisplay @@ -125,7 +126,7 @@ author: nickbrower -**WirelessDisplay/AllowProjectionToPCOverInfrastructure** +**WirelessDisplay/AllowProjectionToPCOverInfrastructure**
Enterprise Education MobileMobileEnterpriseMobile Enterprise
cross markEnterprise Education MobileMobileEnterpriseMobile Enterprise
cross markEnterprise Education MobileMobileEnterpriseMobile Enterprise
cross markEnterprise Education MobileMobileEnterpriseMobile Enterprise
cross markEnterprise Education MobileMobileEnterpriseMobile Enterprise
cross markEnterprise Education MobileMobileEnterpriseMobile Enterprise
cross markEnterprise Education MobileMobileEnterpriseMobile Enterprise
cross markEnterprise Education MobileMobileEnterpriseMobile Enterprise
cross markEnterprise Education MobileMobileEnterpriseMobile Enterprise
cross markEnterprise Education MobileMobileEnterpriseMobile Enterprise
cross mark Enterprise Education MobileMobileEnterpriseMobile Enterprise
cross mark Enterprise Education MobileMobileEnterpriseMobile Enterprise
cross markEnterprise Education MobileMobileEnterpriseMobile Enterprise
cross markEnterprise Education MobileMobileEnterpriseMobile Enterprise
cross mark
cross markcheck mark1check mark1check mark1check markcheck markcheck markcheck mark cross mark cross mark
cross markcheck mark1check mark1check mark1check markcheck markcheck markcheck mark cross mark cross mark
diff --git a/windows/configuration/changes-to-start-policies-in-windows-10.md b/windows/configuration/changes-to-start-policies-in-windows-10.md index 0cdcbc76fc..7495ae7d3d 100644 --- a/windows/configuration/changes-to-start-policies-in-windows-10.md +++ b/windows/configuration/changes-to-start-policies-in-windows-10.md @@ -55,7 +55,7 @@ These policy settings are available in **Administrative Templates\\Start Menu an - + diff --git a/windows/configuration/stop-employees-from-using-the-windows-store.md b/windows/configuration/stop-employees-from-using-the-windows-store.md index 43f1bbb647..9674b6bb66 100644 --- a/windows/configuration/stop-employees-from-using-the-windows-store.md +++ b/windows/configuration/stop-employees-from-using-the-windows-store.md @@ -59,10 +59,10 @@ For more information on AppLocker, see [What is AppLocker?](/windows/device-secu ## Block Microsoft Store using Group Policy -Applies to: Windows 10 Enterprise, version 1511, Windows 10 Education +Applies to: Windows 10 Enterprise, Windows 10 Education > [!Note] -> Not supported on Windows 10 Pro. +> Not supported on Windows 10 Pro, starting with version 1511. For more info, see [Knowledge Base article #3135657](https://support.microsoft.com/kb/3135657). You can also use Group Policy to manage access to Microsoft Store. diff --git a/windows/deployment/index.md b/windows/deployment/index.md index 1705124e4a..5e0c465fb2 100644 --- a/windows/deployment/index.md +++ b/windows/deployment/index.md @@ -17,8 +17,8 @@ Learn about deployment in Windows 10 for IT professionals. This includes deploy |------|------------| |[What's new in Windows 10 deployment](deploy-whats-new.md) |See this topic for a summary of new features and some recent changes related to deploying Windows 10 in your organization. | |[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) |To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the key capabilities and limitations of each, is a key task. | -|[Windows 10 Enterprise E3 in CSP overview](deploy-whats-new.md) |Windows 10 Enterprise E3 in CSP is a new offering that delivers, by subscription, exclusive features reserved for Windows 10 Enterprise edition. | -|[Resolve Windows 10 upgrade errors](windows-10-enterprise-e3-overview.md) |This topic provides a brief introduction to Windows 10 installation processes, and provides resolution procedures that IT administrators can use to resolve issues with Windows 10 upgrade. | +|[Windows 10 Enterprise E3 in CSP overview](windows-10-enterprise-e3-overview.md) |Windows 10 Enterprise E3 in CSP is a new offering that delivers, by subscription, exclusive features reserved for Windows 10 Enterprise edition. | +|[Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md) |This topic provides a brief introduction to Windows 10 installation processes, and provides resolution procedures that IT administrators can use to resolve issues with Windows 10 upgrade. | ## Deploy Windows 10 diff --git a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md index 7df51a183e..a8c40c5f20 100644 --- a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md +++ b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md @@ -686,9 +686,13 @@ The installation failed in the FIRST_BOOT phase with an error during MIGRATE_DAT
Prevent users from customizing their Start Screen

Use this policy in conjunction with [CopyProfile](https://go.microsoft.com/fwlink/p/?LinkId=623229) or other methods for configuring the layout of Start to prevent users from changing it

Use this policy in conjunction with a [customized Start layout](windows-10-start-layout-options-and-policies.md) to prevent users from changing it
Prevent users from uninstalling applications from Start
Mitigation
-[Analyze log files](#analyze-log-files) in order to determine the files that are blocking data migration. +[Analyze log files](#analyze-log-files) in order to determine the files or registry entires that are blocking data migration. -Note: This error can occur if Active Directory integrated user accounts exist on the computer, but these accounts are no longer present in Active Directory. To repair this error, delete the invalid accounts from the **Users** directory on the local computer and restart the upgrade process. +This error can be due to a problem with user profiles. It can occur due to corrupt registry entries under **HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList** or invalid files in the **\\Users** directory. + +Note: If a previous upgrade did not complete, invalid profiles might exist in the **Windows.old\\Users** directory. + +To repair this error, ensure that deleted accounts are not still present in the Windows registry and that files under the \\Users directory are valid. Delete the invalid files or user profiles that are causing this error. The specific files and profiles that are causing the error will be recorded in the Windows setup log files.
diff --git a/windows/deployment/windows-10-poc-sc-config-mgr.md b/windows/deployment/windows-10-poc-sc-config-mgr.md index 7cd077d90a..0854ab026c 100644 --- a/windows/deployment/windows-10-poc-sc-config-mgr.md +++ b/windows/deployment/windows-10-poc-sc-config-mgr.md @@ -205,6 +205,10 @@ Topics and procedures in this guide are summarized in the following table. An es ## Download MDOP and install DaRT +>[!IMPORTANT] +>This step requires an MSDN subscription or volume licence agreement. For more information, see [Ready for Windows 10: MDOP 2015 and more tools are now available](https://blogs.technet.microsoft.com/windowsitpro/2015/08/17/ready-for-windows-10-mdop-2015-and-more-tools-are-now-available/). +>If your organization qualifies and does not already have an MSDN subscription, you can obtain a [free MSDN subscription with BizSpark](https://blogs.msdn.microsoft.com/zainnab/2011/03/14/bizspark-free-msdn-subscription-for-start-up-companies/). + 1. Download the [Microsoft Desktop Optimization Pack 2015](https://msdn.microsoft.com/en-us/subscriptions/downloads/#ProductFamilyId=597) to the Hyper-V host using an MSDN subscription. Download the .ISO file (mu_microsoft_desktop_optimization_pack_2015_x86_x64_dvd_5975282.iso, 2.79 GB) to the C:\VHD directory on the Hyper-V host. 2. Type the following command at an elevated Windows PowerShell prompt on the Hyper-V host to mount the MDOP file on SRV1: diff --git a/windows/device-security/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/device-security/bitlocker/bitlocker-device-encryption-overview-windows-10.md index f08b02baf6..db72ab90ec 100644 --- a/windows/device-security/bitlocker/bitlocker-device-encryption-overview-windows-10.md +++ b/windows/device-security/bitlocker/bitlocker-device-encryption-overview-windows-10.md @@ -13,7 +13,9 @@ author: Justinha **Applies to** - Windows 10 -This topic provides an overview of the ways that BitLocker and device encryption can help protect data on devices running Windows 10. For a general overview and list of topics about BitLocker, see [BitLocker](bitlocker-overview.md). +This topic explains how BitLocker and device encryption can help protect data on devices running Windows 10. +For an architectural overview about how device encryption works with Secure Boot, see [Secure boot and device encryption overview](https://docs.microsoft.com/windows-hardware/drivers/bringup/secure-boot-and-device-encryption-overview). +For a general overview and list of topics about BitLocker, see [BitLocker](bitlocker-overview.md). When users travel, their organization’s confidential data goes with them. Wherever confidential data is stored, it must be protected against unauthorized access. Windows has a long history of providing at-rest data-protection solutions that guard against nefarious attackers, beginning with the Encrypting File System in the Windows 2000 operating system. More recently, BitLocker has provided encryption for full drives and portable drives; in Windows 10, BitLocker will even protect individual files, with data loss prevention capabilities. Windows consistently improves data protection by improving existing options and by providing new strategies. diff --git a/windows/device-security/device-guard/requirements-and-deployment-planning-guidelines-for-device-guard.md b/windows/device-security/device-guard/requirements-and-deployment-planning-guidelines-for-device-guard.md index 3a9804aa1c..0e79244bb9 100644 --- a/windows/device-security/device-guard/requirements-and-deployment-planning-guidelines-for-device-guard.md +++ b/windows/device-security/device-guard/requirements-and-deployment-planning-guidelines-for-device-guard.md @@ -14,16 +14,6 @@ author: brianlic-msft - Windows 10 - Windows Server 2016 -This article describes the following: - -- [Hardware, firmware, and software requirements for Device Guard](#hardware-firmware-and-software-requirements-for-device-guard) - - [Device Guard requirements for baseline protections](#device-guard-requirements-for-baseline-protections) - - [Device Guard requirements for improved security](#device-guard-requirements-for-improved-security) -- [Device Guard deployment in different scenarios: types of devices](#device-guard-deployment-in-different-scenarios-types-of-devices) -- [Device Guard deployment in virtual machines](#device-guard-deployment-in-virtual-machines) -- [Reviewing your applications: application signing and catalog files](#reviewing-your-applications-application-signing-and-catalog-files) -- [Code integrity policy formats and signing](#code-integrity-policy-formats-and-signing) - The information in this article is intended for IT professionals, and provides a foundation for [Planning and getting started on the Device Guard deployment process](planning-and-getting-started-on-the-device-guard-deployment-process.md). >**Note**  If you are an OEM, see the requirements information at [PC OEM requirements for Device Guard and Credential Guard](https://msdn.microsoft.com/library/windows/hardware/mt767514.aspx). @@ -45,53 +35,50 @@ The following tables provide more information about the hardware, firmware, and > • To understand the requirements in the following tables, you will need to be familiar with the main features in Device Guard: configurable code integrity policies, virtualization-based security (VBS), and Universal Extensible Firmware Interface (UEFI) Secure Boot. For information about these features, see [How Device Guard features help protect against threats](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md#how-device-guard-features-help-protect-against-threats).
> • Beginning with Windows 10, version 1607, Trusted Platform Module (TPM 2.0) must be enabled by default on new computers. -## Device Guard requirements for baseline protections +## Baseline protections -|Baseline Protections - requirement | Description | -|---------------------------------------------|----------------------------------------------------| -| Hardware: **64-bit CPU** | A 64-bit computer is required for the Windows hypervisor to provide VBS. | -| Hardware: **CPU virtualization extensions**,
plus **extended page tables** | **Requirements**: These hardware features are required for VBS:
One of the following virtualization extensions:
• VT-x (Intel) or
• AMD-V
And:
• Extended page tables, also called Second Level Address Translation (SLAT).

**Security benefits**: VBS provides isolation of the secure kernel from the normal operating system. Vulnerabilities and zero-days in the normal operating system cannot be exploited because of this isolation. | -| Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot** | **Requirements**: See the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](http://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot)

**Security benefits**: UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots. | -| Firmware: **Secure firmware update process** | **Requirements**: UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](http://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot).

**Security benefits**: UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed. | -| Software: **HVCI compatible drivers** | **Requirements**: See the Windows Hardware Compatibility Program requirements under [Filter.Driver.DeviceGuard.DriverCompatibility](https://msdn.microsoft.com/library/windows/hardware/mt589732(v=vs.85).aspx).

**Security benefits**: [HVCI Compatible](https://blogs.msdn.microsoft.com/windows_hardware_certification/2015/05/22/driver-compatibility-with-device-guard-in-windows-10/) drivers help ensure that VBS can maintain appropriate memory permissions. This increases resistance to bypassing vulnerable kernel drivers and helps ensure that malware cannot run in kernel. Only code verified through code integrity can run in kernel mode. | -| Software: Qualified **Windows operating system** | **Requirement**: Windows 10 Enterprise, Windows 10 Education, Windows Server 2016, or Windows 10 IoT Enterprise

Important:
Windows Server 2016 running as a domain controller does not support Credential Guard. Only Device Guard is supported in this configuration.


**Security benefits**: Support for VBS and for management features that simplify configuration of Device Guard. | +|Baseline Protections | Description | Security benefits | +|--------------------------------|----------------------------------------------------|-------------------| +| Hardware: **64-bit CPU** | A 64-bit computer is required for the Windows hypervisor to provide VBS. | | +| Hardware: **CPU virtualization extensions**,
plus **extended page tables** | These hardware features are required for VBS:
One of the following virtualization extensions:
• VT-x (Intel) or
• AMD-V
And:
• Extended page tables, also called Second Level Address Translation (SLAT). | VBS provides isolation of the secure kernel from the normal operating system. Vulnerabilities and zero-days in the normal operating system cannot be exploited because of this isolation. | +| Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot** | See the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](http://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot) | UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots. | +| Firmware: **Secure firmware update process** | UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](http://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot). | UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed. | +| Software: **HVCI compatible drivers** | See the Windows Hardware Compatibility Program requirements under [Filter.Driver.DeviceGuard.DriverCompatibility](https://msdn.microsoft.com/library/windows/hardware/mt589732(v=vs.85).aspx).| [HVCI Compatible](https://blogs.msdn.microsoft.com/windows_hardware_certification/2015/05/22/driver-compatibility-with-device-guard-in-windows-10/) drivers help ensure that VBS can maintain appropriate memory permissions. This increases resistance to bypassing vulnerable kernel drivers and helps ensure that malware cannot run in kernel. Only code verified through code integrity can run in kernel mode. | +| Software: Qualified **Windows operating system** | Windows 10 Enterprise, Windows 10 Education, Windows Server 2016, or Windows 10 IoT Enterprise

Important:
Windows Server 2016 running as a domain controller does not support Credential Guard. Only Device Guard is supported in this configuration.

| Support for VBS and for management features that simplify configuration of Device Guard. | -> **Important**  The preceding table lists requirements for baseline protections. The following tables list requirements for improved security. You can use Device Guard with hardware, firmware, and software that support baseline protections, even if they do not support protections for improved security. However, we strongly recommend meeting the requirements for improved security, to significantly strengthen the level of security that Device Guard can provide. +> **Important**  The following tables list additional qualifications for improved security. You can use Device Guard with hardware, firmware, and software that support baseline protections, even if they do not support protections for improved security. However, we strongly recommend meeting these additional qualifications to significantly strengthen the level of security that Device Guard can provide. -## Device Guard requirements for improved security +## Additional qualifications for improved security -The following tables describes additional hardware and firmware requirements, and the improved security that is available when those requirements are met. +The following tables describe additional hardware and firmware qualifications, and the improved security that is available when these qualifications are met. ### Additional security qualifications starting with Windows 10, version 1507, and Windows Server 2016, Technical Preview 4 - -| Protections for Improved Security - requirement | Description | -|---------------------------------------------|----------------------------------------------------| -| Firmware: **Securing Boot Configuration and Management** | **Requirements**:
• BIOS password or stronger authentication must be supported.
• In the BIOS configuration, BIOS authentication must be set.
• There must be support for protected BIOS option to configure list of permitted boot devices (for example, “Boot only from internal hard drive”) and boot device order, overriding BOOTORDER modification made by operating system.
• In the BIOS configuration, BIOS options related to security and boot options (list of permitted boot devices, boot order) must be secured to prevent other operating systems from starting and to prevent changes to the BIOS settings.

**Security benefits**:
• BIOS password or stronger authentication helps ensure that only authenticated Platform BIOS administrators can change BIOS settings. This helps protect against a physically present user with BIOS access.
• Boot order when locked provides protection against the computer being booted into WinRE or another operating system on bootable media. | +| Protections for Improved Security | Description | Security benefits | +|---------------------------------------------|----------------------------------------------------|------| +| Firmware: **Securing Boot Configuration and Management** | • BIOS password or stronger authentication must be supported.
• In the BIOS configuration, BIOS authentication must be set.
• There must be support for protected BIOS option to configure list of permitted boot devices (for example, “Boot only from internal hard drive”) and boot device order, overriding BOOTORDER modification made by operating system.
• In the BIOS configuration, BIOS options related to security and boot options (list of permitted boot devices, boot order) must be secured to prevent other operating systems from starting and to prevent changes to the BIOS settings. | • BIOS password or stronger authentication helps ensure that only authenticated Platform BIOS administrators can change BIOS settings. This helps protect against a physically present user with BIOS access.
• Boot order when locked provides protection against the computer being booted into WinRE or another operating system on bootable media. |
-### Additional Qualification Requirements starting with Windows 10, version 1607, and Windows Server 2016 +### Additional security qualifications starting with Windows 10, version 1607, and Windows Server 2016 -> **Important**  The following tables list requirements for improved security, beyond the level of protection described in the preceding tables. You can use Device Guard with hardware, firmware, and software that do not support the following protections for improved security. As your systems meet more requirements, more protections become available to them. -| Protections for Improved Security - requirement | Description | -|---------------------------------------------|----------------------------------------------------| -| Firmware: **Hardware Rooted Trust Platform Secure Boot** | **Requirements**:
Boot Integrity (Platform Secure Boot) must be supported. See the Windows Hardware Compatibility Program requirements under [System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby](https://msdn.microsoft.com/library/windows/hardware/dn932807(v=vs.85).aspx#system_fundamentals_firmware_cs_uefisecureboot_connectedstandby)
• The Hardware Security Test Interface (HSTI) 1.1.a must be implemented. See [Hardware Security Testability Specification](https://msdn.microsoft.com/en-us/library/windows/hardware/mt712332.aspx).

**Security benefits**:
• Boot Integrity (Platform Secure Boot) from Power-On provides protections against physically present attackers, and defense-in-depth against malware.
• HSTI 1.1.a provides additional security assurance for correctly secured silicon and platform. | -| Firmware: **Firmware Update through Windows Update** | **Requirements**: Firmware must support field updates through Windows Update and UEFI encapsulation update.

**Security benefits**: Helps ensure that firmware updates are fast, secure, and reliable. | -| Firmware: **Securing Boot Configuration and Management** | **Requirements**:
• Required BIOS capabilities: Ability of OEM to add ISV, OEM, or Enterprise Certificate in Secure Boot DB at manufacturing time.
• Required configurations: Microsoft UEFI CA must be removed from Secure Boot DB. Support for 3rd-party UEFI modules is permitted but should leverage ISV-provided certificates or OEM certificate for the specific UEFI software.

**Security benefits**:
• Enterprises can choose to allow proprietary EFI drivers/applications to run.
• Removing Microsoft UEFI CA from Secure Boot DB provides full control to enterprises over software that runs before the operating system boots. | +| Protections for Improved Security | Description | Security benefits | +|---------------------------------------------|----------------------------------------------------|-----| +| Firmware: **Hardware Rooted Trust Platform Secure Boot** | • Boot Integrity (Platform Secure Boot) must be supported. See the Windows Hardware Compatibility Program requirements under [System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby](https://msdn.microsoft.com/library/windows/hardware/dn932807(v=vs.85).aspx#system_fundamentals_firmware_cs_uefisecureboot_connectedstandby)
• The Hardware Security Test Interface (HSTI) 1.1.a must be implemented. See [Hardware Security Testability Specification](https://msdn.microsoft.com/en-us/library/windows/hardware/mt712332.aspx). | • Boot Integrity (Platform Secure Boot) from Power-On provides protections against physically present attackers, and defense-in-depth against malware.
• HSTI 1.1.a provides additional security assurance for correctly secured silicon and platform. | +| Firmware: **Firmware Update through Windows Update** | Firmware must support field updates through Windows Update and UEFI encapsulation update. | Helps ensure that firmware updates are fast, secure, and reliable. | +| Firmware: **Securing Boot Configuration and Management** | • Required BIOS capabilities: Ability of OEM to add ISV, OEM, or Enterprise Certificate in Secure Boot DB at manufacturing time.
• Required configurations: Microsoft UEFI CA must be removed from Secure Boot DB. Support for 3rd-party UEFI modules is permitted but should leverage ISV-provided certificates or OEM certificate for the specific UEFI software.| • Enterprises can choose to allow proprietary EFI drivers/applications to run.
• Removing Microsoft UEFI CA from Secure Boot DB provides full control to enterprises over software that runs before the operating system boots. |
-### Additional Qualification Requirements starting with Windows 10, version 1703 +### Additional security qualifications starting with Windows 10, version 1703 -The following table lists requirements for Windows 10, version 1703, which are in addition to all preceding requirements. -| Protection for Improved Security | Description | -|---------------------------------------------|----------------------------------------------------| -| Firmware: **VBS enablement of NX protection for UEFI runtime services** | **Requirements**:
• VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be exceutable.
• UEFI runtime service must meet these requirements:
    • Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table.
    • PE sections need to be page-aligned in memory (not required for in non-volitile storage).
    • The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS:
        • All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both
        • No entries may be left with neither of the above attributes, indicating memory that is both exceutable and writable. Memory must be either readable and executable or writeable and non-executable.

Notes:
• This only applies to UEFI runtime service memory, and not UEFI boot service memory.
• This protection is applied by VBS on OS page tables.


Please also note the following:
• Do not use sections that are both writeable and exceutable
• Do not attempt to directly modify executable system memory
• Do not use dynamic code

**Security benefits**:
• Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware. | -| Firmware: **Firmware support for SMM protection** | **Requirements**: The [Windows SMM Security Mitigations Table (WSMT) specification](http://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an Advanced Configuration and Power Interface (ACPI) table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features.

**Security benefits**:
• Protects against potential vulnerabilities in UEFI runtime services, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware.
• Blocks additional security attacks against SMM. | +| Protections for Improved Security | Description | Security benefits | +|---------------------------------------------|----------------------------------------------------|------| +| Firmware: **VBS enablement of NX protection for UEFI runtime services** | • VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be exceutable.
• UEFI runtime service must meet these requirements:
    • Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table.
    • PE sections need to be page-aligned in memory (not required for in non-volitile storage).
    • The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS:
        • All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both
        • No entries may be left with neither of the above attributes, indicating memory that is both exceutable and writable. Memory must be either readable and executable or writeable and non-executable.

Notes:
• This only applies to UEFI runtime service memory, and not UEFI boot service memory.
• This protection is applied by VBS on OS page tables.


Please also note the following:
• Do not use sections that are both writeable and exceutable
• Do not attempt to directly modify executable system memory
• Do not use dynamic code | • Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware. | +| Firmware: **Firmware support for SMM protection** | The [Windows SMM Security Mitigations Table (WSMT) specification](http://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an Advanced Configuration and Power Interface (ACPI) table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features.| • Protects against potential vulnerabilities in UEFI runtime services, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware.
• Blocks additional security attacks against SMM. | ## Device Guard deployment in different scenarios: types of devices diff --git a/windows/device-security/tpm/tpm-recommendations.md b/windows/device-security/tpm/tpm-recommendations.md index d0283a1020..69f5838087 100644 --- a/windows/device-security/tpm/tpm-recommendations.md +++ b/windows/device-security/tpm/tpm-recommendations.md @@ -105,10 +105,10 @@ The following table defines which Windows features require TPM support. | Passport: Domain AADJ Join | Required | Required | Supports both versions of TPM, but requires TPM with HMAC and EK certificate for key attestation support. | | Passport: MSA or Local Account | Required | Required | TPM 2.0 is required with HMAC and EK certificate for key attestation support. | | Device Encryption | Not Applicable | Required | TPM 2.0 is required for all InstantGo devices. | -| Device Guard / Configurable Code Integrity | See next column | Recommended | | +| Device Guard / Configurable Code Integrity | Not Applicable | Required | Beginning with Windows 10, version 1607, Trusted Platform Module (TPM 2.0) must be enabled by default on new computers. | | Credential Guard | Required | Required | For Windows 10, version 1511, TPM 1.2 or 2.0 is highly recommended. If you don't have a TPM installed, Credential Guard will still be enabled, but the keys used to encrypt Credential Guard will not be protected by the TPM. | | Device Health Attestation | Required | Required | | -| Windows Hello | Not Required | Recommended | | +| Windows Hello / Windows Hello for Business | Not Required | Recommended | Whenever possible, Microsoft recommends the use of TPM hardware. The TPM protects against a variety of known and potential attacks, including PIN brute-force attacks. [How keys are protected](https://docs.microsoft.com/en-us/windows/access-protection/hello-for-business/hello-how-it-works#how-keys-are-protected) | | UEFI Secure Boot | Not Required | Recommended | | | Platform Key Storage provider | Required | Required | | | Virtual Smart Card | Required | Required | | diff --git a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md index 09d1e54940..4d3d7062b7 100644 --- a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md +++ b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md @@ -201,7 +201,7 @@ Event ID 6416 has been added to track when an external device is detected throug The following sections describe the new and changed functionality in the TPM for Windows 10: - [Device health attestation](#bkmk-dha) - [Microsoft Passport](/windows/access-protection/hello-for-business/hello-identity-verification) support -- [Device Guard](/windows/access-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies) support +- [Device Guard](/windows/device-security/device-guard/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies) support - [Credential Guard](/windows/access-protection/credential-guard/credential-guard) support ### Device health attestation diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md index f819d4326c..8d54835bc3 100644 --- a/windows/whats-new/whats-new-windows-10-version-1703.md +++ b/windows/whats-new/whats-new-windows-10-version-1703.md @@ -151,7 +151,7 @@ You can read more about ransomware mitigations and detection capability in Windo ### Device Guard and Credential Guard Additional security qualifications for Device Guard and Credential Guard help protect vulnerabilities in UEFI runtime. -For more information, see [Device Guard Requirements](/windows/access-protection/device-guard/requirements-and-deployment-planning-guidelines-for-device-guard) and [Credential Guard Security Considerations](/windows/access-protection/credential-guard//credential-guard-requirements#security-considerations). +For more information, see [Device Guard Requirements](/windows/device-security/device-guard/requirements-and-deployment-planning-guidelines-for-device-guard) and [Credential Guard Security Considerations](/windows/access-protection/credential-guard/credential-guard-requirements#security-considerations). ### Group Policy Security Options @@ -171,9 +171,9 @@ For Windows desktops, users are able to reset a forgotten PIN through **Settings For more details, check out [What if I forget my PIN?](/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password#what-if-i-forget-my-pin). ### Windows Information Protection (WIP) and Azure Active Directory (Azure AD) -Microsoft Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your allowed apps, your WIP-protection level, and how to find enterprise data on the network. For more info, see [Create a Windows Information Protection (WIP) policy using Microsoft Intune](/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md) and [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Intune](/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md). +Microsoft Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your allowed apps, your WIP-protection level, and how to find enterprise data on the network. For more info, see [Create a Windows Information Protection (WIP) policy using Microsoft Intune](/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune) and [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Intune](/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune). -You can also now collect your audit event logs by using the Reporting configuration service provider (CSP) or the Windows Event Forwarding (for Windows desktop domain-joined devices). For info, see the brand-new topic, [How to collect Windows Information Protection (WIP) audit event logs](/windows/threat-protection/windows-information-protection/collect-wip-audit-event-logs.md). +You can also now collect your audit event logs by using the Reporting configuration service provider (CSP) or the Windows Event Forwarding (for Windows desktop domain-joined devices). For info, see the brand-new topic, [How to collect Windows Information Protection (WIP) audit event logs](/windows/threat-protection/windows-information-protection/collect-wip-audit-event-logs). ## Update