rpc sam scripts

windows/client-management/mdm/policy-csp-admx-rpc.md

@@ -1,199 +1,197 @@
 ---
-title: Policy CSP - ADMX_RPC
+title: ADMX_RPC Policy CSP
-description: Learn about Policy CSP - ADMX_RPC.
+description: Learn more about the ADMX_RPC Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
 ms.author: vinpa
+ms.date: 01/05/2023
 ms.localizationpriority: medium
-ms.topic: article
 ms.prod: windows-client
 ms.technology: itpro-manage
-author: vinaypamnani-msft
+ms.topic: reference
-ms.date: 12/08/2020
-ms.reviewer: 
-manager: aaroncz
 ---
 
+<!-- Auto-Generated CSP Document -->
+
+<!-- ADMX_RPC-Begin -->
 # Policy CSP - ADMX_RPC
+
 > [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 >
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
 >
 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
 
-<hr/>
+<!-- ADMX_RPC-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- ADMX_RPC-Editable-End -->
 
-<!--Policies-->
+<!-- RpcExtendedErrorInformation-Begin -->
-## ADMX_RPC policies
+## RpcExtendedErrorInformation
 
-<dl>
+<!-- RpcExtendedErrorInformation-Applicability-Begin -->
-  <dd>
+| Scope | Editions | Applicable OS |
-    <a href="#admx-rpc-rpcextendederrorinformation">ADMX_RPC/RpcExtendedErrorInformation</a>
+|:--|:--|:--|
-  </dd>
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
-  <dd>
+<!-- RpcExtendedErrorInformation-Applicability-End -->
-    <a href="#admx-rpc-rpcignoredelegationfailure">ADMX_RPC/RpcIgnoreDelegationFailure</a>
-  </dd>
-  <dd>
-    <a href="#admx-rpc-rpcminimumhttpconnectiontimeout">ADMX_RPC/RpcMinimumHttpConnectionTimeout</a>
-  </dd>
-  <dd>
-    <a href="#admx-rpc-rpcstateinformation">ADMX_RPC/RpcStateInformation</a>
-  </dd>
-</dl>
 
+<!-- RpcExtendedErrorInformation-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_RPC/RpcExtendedErrorInformation
+```
+<!-- RpcExtendedErrorInformation-OmaUri-End -->
 
-<hr/>
+<!-- RpcExtendedErrorInformation-Description-Begin -->
-
+<!-- Description-Source-ADMX -->
-<!--Policy-->
-<a href="" id="admx-rpc-rpcextendederrorinformation"></a>**ADMX_RPC/RpcExtendedErrorInformation**
-
-<!--SupportedSKUs-->
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
 This policy setting controls whether the RPC runtime generates extended error information when an error occurs.
 
 Extended error information includes the local time that the error occurred, the RPC version, and the name of the computer on which the error occurred, or from which it was propagated. Programs can retrieve the extended error information by using standard Windows application programming interfaces (APIs).
 
 If you disable this policy setting, the RPC Runtime only generates a status code to indicate an error condition.
 
-If you don't configure this policy setting, it remains disabled.  It will only generate a status code to indicate an error condition.
+If you do not configure this policy setting, it remains disabled. It will only generate a status code to indicate an error condition.
 
-If you enable this policy setting, the RPC runtime will generate extended error information.
+If you enable this policy setting, the RPC runtime will generate extended error information. You must select an error response type in the drop-down box.
 
-You must select an error response type from the folowing options in the drop-down box:
+-- "Off" disables all extended error information for all processes. RPC only generates an error code.
 
-- "Off" disables all extended error information for all processes. RPC only generates an error code.
+-- "On with Exceptions" enables extended error information, but lets you disable it for selected processes. To disable extended error information for a process while this policy setting is in effect, the command that starts the process must begin with one of the strings in the Extended Error Information Exception field.
-- "On with Exceptions" enables extended error information, but lets you disable it for selected processes. To disable extended error information for a process while this policy setting is in effect, the command that starts the process must begin with one of the strings in the Extended Error Information Exception field.
-- "Off with Exceptions" disables extended error information, but lets you enable it for selected processes. To enable extended error information for a process while this policy setting is in effect, the command that starts the process must begin with one of the strings in the Extended Error Information Exception field.
-- "On" enables extended error information for all processes.
 
-> [!NOTE]
+-- "Off with Exceptions" disables extended error information, but lets you enable it for selected processes. To enable extended error information for a process while this policy setting is in effect, the command that starts the process must begin with one of the strings in the Extended Error Information Exception field.
-> For information about the Extended Error Information Exception field, see the Windows Software Development Kit (SDK).
->
-> Extended error information is formatted to be compatible with other operating systems and older Microsoft operating systems, but only newer Microsoft operating systems can read and respond to the information.
->
-> The default policy setting, "Off," is designed for systems where extended error information is considered to be sensitive, and it should not be made available remotely.
->
-> This policy setting won't be applied until the system is rebooted.
 
-<!--/Description-->
+-- "On" enables extended error information for all processes.
 
-<!--ADMXBacked-->
+Note: For information about the Extended Error Information Exception field, see the Windows Software Development Kit (SDK).
-ADMX Info:
--   GP Friendly name: *Propagate extended error information*
--   GP name: *RpcExtendedErrorInformation*
--   GP path: *System\Remote Procedure Call*
--   GP ADMX file name: *RPC.admx*
 
-<!--/ADMXBacked-->
+Note: Extended error information is formatted to be compatible with other operating systems and older Microsoft operating systems, but only newer Microsoft operating systems can read and respond to the information.
-<!--/Policy-->
-<hr/>
 
-<!--Policy-->
+Note: The default policy setting, "Off," is designed for systems where extended error information is considered to be sensitive, and it should not be made available remotely.
-<a href="" id="admx-rpc-rpcignoredelegationfailure"></a>**ADMX_RPC/RpcIgnoreDelegationFailure**
 
-<!--SupportedSKUs-->
+Note: This policy setting will not be applied until the system is rebooted.
+<!-- RpcExtendedErrorInformation-Description-End -->
 
-|Edition|Windows 10|Windows 11|
+<!-- RpcExtendedErrorInformation-Editable-Begin -->
-|--- |--- |--- |
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-|Home|No|No|
+<!-- RpcExtendedErrorInformation-Editable-End -->
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
 
-<!--/SupportedSKUs-->
+<!-- RpcExtendedErrorInformation-DFProperties-Begin -->
-<hr/>
+**Description framework properties**:
 
-<!--Scope-->
+| Property name | Property value |
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- RpcExtendedErrorInformation-DFProperties-End -->
 
-> [!div class = "checklist"]
+<!-- RpcExtendedErrorInformation-AdmxBacked-Begin -->
-> * Device
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 
-<hr/>
+**ADMX mapping**:
 
-<!--/Scope-->
+| Name | Value |
-<!--Description-->
+|:--|:--|
+| Name | RpcExtendedErrorInformation |
+| Friendly Name | Propagate extended error information |
+| Location | Computer Configuration |
+| Path | System > Remote Procedure Call |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\Rpc |
+| ADMX File Name | RPC.admx |
+<!-- RpcExtendedErrorInformation-AdmxBacked-End -->
+
+<!-- RpcExtendedErrorInformation-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- RpcExtendedErrorInformation-Examples-End -->
+
+<!-- RpcExtendedErrorInformation-End -->
+
+<!-- RpcIgnoreDelegationFailure-Begin -->
+## RpcIgnoreDelegationFailure
+
+<!-- RpcIgnoreDelegationFailure-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- RpcIgnoreDelegationFailure-Applicability-End -->
+
+<!-- RpcIgnoreDelegationFailure-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_RPC/RpcIgnoreDelegationFailure
+```
+<!-- RpcIgnoreDelegationFailure-OmaUri-End -->
+
+<!-- RpcIgnoreDelegationFailure-Description-Begin -->
+<!-- Description-Source-ADMX -->
 This policy setting controls whether the RPC Runtime ignores delegation failures when delegation is requested.
 
-The constrained delegation model, introduced in Windows Server 2003, doesn't report that delegation was enabled on a security context when a client connects to a server. Callers of RPC and COM are encouraged to use the RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE flag, but some applications written for the traditional delegation model prior to Windows Server 2003 may not use this flag and will encounter RPC_S_SEC_PKG_ERROR when connecting to a server that uses constrained delegation.
+The constrained delegation model, introduced in Windows Server 2003, does not report that delegation was enabled on a security context when a client connects to a server. Callers of RPC and COM are encouraged to use the RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE flag, but some applications written for the traditional delegation model prior to Windows Server 2003 may not use this flag and will encounter RPC_S_SEC_PKG_ERROR when connecting to a server that uses constrained delegation.
 
 If you disable this policy setting, the RPC Runtime will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and connect to servers using constrained delegation.
 
-If you don't configure this policy setting, it remains disabled and will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and connect to servers using constrained delegation.
+If you do not configure this policy setting, it remains disabled and will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and connect to servers using constrained delegation.
 
 If you enable this policy setting, then:
 
-- "Off" directs the RPC Runtime to generate RPC_S_SEC_PKG_ERROR if the client asks for delegation, but the created security context doesn't support delegation.
+-- "Off" directs the RPC Runtime to generate RPC_S_SEC_PKG_ERROR if the client asks for delegation, but the created security context does not support delegation.
-- "On" directs the RPC Runtime to accept security contexts that don't support delegation even if delegation was asked for.
 
-> [!NOTE]
+-- "On" directs the RPC Runtime to accept security contexts that do not support delegation even if delegation was asked for.
-> This policy setting won't be applied until the system is rebooted.
 
-<!--/Description-->
+Note: This policy setting will not be applied until the system is rebooted.
+<!-- RpcIgnoreDelegationFailure-Description-End -->
 
+<!-- RpcIgnoreDelegationFailure-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- RpcIgnoreDelegationFailure-Editable-End -->
 
-<!--ADMXBacked-->
+<!-- RpcIgnoreDelegationFailure-DFProperties-Begin -->
-ADMX Info:
+**Description framework properties**:
--   GP Friendly name: *Ignore Delegation Failure*
--   GP name: *RpcIgnoreDelegationFailure*
--   GP path: *System\Remote Procedure Call*
--   GP ADMX file name: *RPC.admx*
 
-<!--/ADMXBacked-->
+| Property name | Property value |
-<!--/Policy-->
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- RpcIgnoreDelegationFailure-DFProperties-End -->
 
-<hr/>
+<!-- RpcIgnoreDelegationFailure-AdmxBacked-Begin -->
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 
-<!--Policy-->
+**ADMX mapping**:
-<a href="" id="admx-rpc-rpcminimumhttpconnectiontimeout"></a>**ADMX_RPC/RpcMinimumHttpConnectionTimeout**
 
-<!--SupportedSKUs-->
+| Name | Value |
+|:--|:--|
+| Name | RpcIgnoreDelegationFailure |
+| Friendly Name | Ignore Delegation Failure |
+| Location | Computer Configuration |
+| Path | System > Remote Procedure Call |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\Rpc |
+| ADMX File Name | RPC.admx |
+<!-- RpcIgnoreDelegationFailure-AdmxBacked-End -->
 
-|Edition|Windows 10|Windows 11|
+<!-- RpcIgnoreDelegationFailure-Examples-Begin -->
-|--- |--- |--- |
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-|Home|No|No|
+<!-- RpcIgnoreDelegationFailure-Examples-End -->
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
 
-<!--/SupportedSKUs-->
+<!-- RpcIgnoreDelegationFailure-End -->
-<hr/>
 
-<!--Scope-->
+<!-- RpcMinimumHttpConnectionTimeout-Begin -->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+## RpcMinimumHttpConnectionTimeout
 
-> [!div class = "checklist"]
+<!-- RpcMinimumHttpConnectionTimeout-Applicability-Begin -->
-> * Device
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- RpcMinimumHttpConnectionTimeout-Applicability-End -->
 
-<hr/>
+<!-- RpcMinimumHttpConnectionTimeout-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_RPC/RpcMinimumHttpConnectionTimeout
+```
+<!-- RpcMinimumHttpConnectionTimeout-OmaUri-End -->
 
-<!--/Scope-->
+<!-- RpcMinimumHttpConnectionTimeout-Description-Begin -->
-<!--Description-->
+<!-- Description-Source-ADMX -->
 This policy setting controls the idle connection timeout for RPC/HTTP connections.
 
 This policy setting is useful in cases where a network agent like an HTTP proxy or a router uses a lower idle connection timeout than the IIS server running the RPC/HTTP proxy. In such cases, RPC/HTTP clients may encounter errors because connections will be timed out faster than expected. Using this policy setting you can force the RPC Runtime and the RPC/HTTP Proxy to use a lower connection timeout.
@@ -204,89 +202,131 @@ The minimum allowed value for this policy setting is 90 seconds. The maximum is
 
 If you disable this policy setting, the idle connection timeout on the IIS server running the RPC HTTP proxy will be used.
 
-If you don't configure this policy setting, it will remain disabled.  The idle connection timeout on the IIS server running the RPC HTTP proxy will be used.
+If you do not configure this policy setting, it will remain disabled. The idle connection timeout on the IIS server running the RPC HTTP proxy will be used.
 
 If you enable this policy setting, and the IIS server running the RPC HTTP proxy is configured with a lower idle connection timeout, the timeout on the IIS server is used. Otherwise, the provided timeout value is used. The timeout is given in seconds.
 
-> [!NOTE]
+Note: This policy setting will not be applied until the system is rebooted.
-> This policy setting won't be applied until the system is rebooted.
+<!-- RpcMinimumHttpConnectionTimeout-Description-End -->
 
-<!--/Description-->
+<!-- RpcMinimumHttpConnectionTimeout-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- RpcMinimumHttpConnectionTimeout-Editable-End -->
 
+<!-- RpcMinimumHttpConnectionTimeout-DFProperties-Begin -->
+**Description framework properties**:
 
-<!--ADMXBacked-->
+| Property name | Property value |
-ADMX Info:
+|:--|:--|
--   GP Friendly name: *Set Minimum Idle Connection Timeout for RPC/HTTP connections*
+| Format | chr (string) |
--   GP name: *RpcMinimumHttpConnectionTimeout*
+| Access Type | Add, Delete, Get, Replace |
--   GP path: *System\Remote Procedure Call*
+<!-- RpcMinimumHttpConnectionTimeout-DFProperties-End -->
--   GP ADMX file name: *RPC.admx*
 
-<!--/ADMXBacked-->
+<!-- RpcMinimumHttpConnectionTimeout-AdmxBacked-Begin -->
-<!--/Policy-->
+> [!TIP]
-<hr/>
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
 
-<!--Policy-->
+**ADMX mapping**:
-<a href="" id="admx-rpc-rpcstateinformation"></a>**ADMX_RPC/RpcStateInformation**
 
-<!--SupportedSKUs-->
+| Name | Value |
+|:--|:--|
+| Name | RpcMinimumHttpConnectionTimeout |
+| Friendly Name | Set Minimum Idle Connection Timeout for RPC/HTTP connections |
+| Location | Computer Configuration |
+| Path | System > Remote Procedure Call |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\Rpc |
+| ADMX File Name | RPC.admx |
+<!-- RpcMinimumHttpConnectionTimeout-AdmxBacked-End -->
 
-|Edition|Windows 10|Windows 11|
+<!-- RpcMinimumHttpConnectionTimeout-Examples-Begin -->
-|--- |--- |--- |
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-|Home|No|No|
+<!-- RpcMinimumHttpConnectionTimeout-Examples-End -->
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
 
-<!--/SupportedSKUs-->
+<!-- RpcMinimumHttpConnectionTimeout-End -->
-<hr/>
 
-<!--Scope-->
+<!-- RpcStateInformation-Begin -->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+## RpcStateInformation
 
-> [!div class = "checklist"]
+<!-- RpcStateInformation-Applicability-Begin -->
-> * Device
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+<!-- RpcStateInformation-Applicability-End -->
 
-<hr/>
+<!-- RpcStateInformation-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/ADMX_RPC/RpcStateInformation
+```
+<!-- RpcStateInformation-OmaUri-End -->
 
-<!--/Scope-->
+<!-- RpcStateInformation-Description-Begin -->
-<!--Description-->
+<!-- Description-Source-ADMX -->
 This policy setting determines whether the RPC Runtime maintains RPC state information for the system, and how much information it maintains. Basic state information, which consists only of the most commonly needed state data, is required for troubleshooting RPC problems.
 
 If you disable this policy setting, the RPC runtime defaults to "Auto2" level.
 
-If you don't configure this policy setting, the RPC  defaults to "Auto2" level.
+If you do not configure this policy setting, the RPC defaults to "Auto2" level.
 
-If you enable this policy setting, you can use the drop-down box to determine which systems maintain RPC state information from the following:
+If you enable this policy setting, you can use the drop-down box to determine which systems maintain RPC state information.
 
-- "None" indicates that the system doesn't maintain any RPC state information. Note: Because the basic state information required for troubleshooting has a negligible effect on performance and uses only about 4K of memory, this setting isn't recommended for most installations.
+-- "None" indicates that the system does not maintain any RPC state information.
-- "Auto1" directs RPC to maintain basic state information only if the computer has at least 64 MB of memory.
-- "Auto2" directs RPC to maintain basic state information only if the computer has at least 128 MB of memory and is running Windows 2000 Server, Windows 2000 Advanced Server, or Windows 2000 Datacenter Server.
-- "Server" directs RPC to maintain basic state information on the computer, regardless of its capacity.
-- "Full" directs RPC to maintain complete RPC state information on the system, regardless of its capacity. Because this level can degrade performance, it's recommended for use only while you're investigating an RPC problem.
 
-> [!NOTE]
+**Note**:  Because the basic state information required for troubleshooting has a negligible effect on performance and uses only about 4K of memory, this setting is not recommended for most installations.
-> To retrieve the RPC state information from a system that maintains it, you must use a debugging tool.
->
-> This policy setting won't be applied until the system is rebooted.
 
-<!--/Description-->
+-- "Auto1" directs RPC to maintain basic state information only if the computer has at least 64 MB of memory.
 
-<!--ADMXBacked-->
+-- "Auto2" directs RPC to maintain basic state information only if the computer has at least 128 MB of memory and is running Windows 2000 Server, Windows 2000 Advanced Server, or Windows 2000 Datacenter Server.
-ADMX Info:
--   GP Friendly name: *Maintain RPC Troubleshooting State Information*
--   GP name: *RpcStateInformation*
--   GP path: *System\Remote Procedure Call*
--   GP ADMX file name: *RPC.admx*
 
-<!--/ADMXBacked-->
+-- "Server" directs RPC to maintain basic state information on the computer, regardless of its capacity.
-<!--/Policy-->
-<hr/>
 
+-- "Full" directs RPC to maintain complete RPC state information on the system, regardless of its capacity. Because this level can degrade performance, it is recommended for use only while you are investigating an RPC problem.
 
-<!--/Policies-->
+Note: To retrieve the RPC state information from a system that maintains it, you must use a debugging tool.
 
-## Related topics
+Note: This policy setting will not be applied until the system is rebooted.
+<!-- RpcStateInformation-Description-End -->
 
-[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
+<!-- RpcStateInformation-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- RpcStateInformation-Editable-End -->
+
+<!-- RpcStateInformation-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- RpcStateInformation-DFProperties-End -->
+
+<!-- RpcStateInformation-AdmxBacked-Begin -->
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | RpcStateInformation |
+| Friendly Name | Maintain RPC Troubleshooting State Information |
+| Location | Computer Configuration |
+| Path | System > Remote Procedure Call |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\Rpc |
+| ADMX File Name | RPC.admx |
+<!-- RpcStateInformation-AdmxBacked-End -->
+
+<!-- RpcStateInformation-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- RpcStateInformation-Examples-End -->
+
+<!-- RpcStateInformation-End -->
+
+<!-- ADMX_RPC-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- ADMX_RPC-CspMoreInfo-End -->
+
+<!-- ADMX_RPC-End -->
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)

windows/client-management/mdm/policy-csp-admx-sam.md

@@ -4,7 +4,7 @@ description: Learn more about the ADMX_sam Area in Policy CSP
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 11/29/2022
+ms.date: 01/05/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -43,13 +43,14 @@ ms.topic: reference
 <!-- SamNGCKeyROCAValidation-OmaUri-End -->
 
 <!-- SamNGCKeyROCAValidation-Description-Begin -->
+<!-- Description-Source-ADMX -->
 This policy setting allows you to configure how domain controllers handle Windows Hello for Business (WHfB) keys that are vulnerable to the "Return of Coppersmith's attack" (ROCA) vulnerability.
 
 For more information on the ROCA vulnerability, please see:
 
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15361
+<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15361>
 
-https://en.wikipedia.org/wiki/ROCA_vulnerability
+<https://en.wikipedia.org/wiki/ROCA_vulnerability>
 
 If you enable this policy setting the following options are supported:
 
@@ -67,7 +68,7 @@ A reboot is not required for changes to this setting to take effect.
 
 Note: to avoid unexpected disruptions this setting should not be set to Block until appropriate mitigations have been performed, for example patching of vulnerable TPMs.
 
-More information is available at https://go.microsoft.com/fwlink/?linkid=2116430.
+More information is available at <https://go.microsoft.com/fwlink/?linkid=2116430>.
 <!-- SamNGCKeyROCAValidation-Description-End -->
 
 <!-- SamNGCKeyROCAValidation-Editable-Begin -->
@@ -84,6 +85,9 @@ More information is available at https://go.microsoft.com/fwlink/?linkid=2116430
 <!-- SamNGCKeyROCAValidation-DFProperties-End -->
 
 <!-- SamNGCKeyROCAValidation-AdmxBacked-Begin -->
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+
 **ADMX mapping**:
 
 | Name | Value |