diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index d108e8bfc0..cee3c040d7 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/16/2018 +ms.date: 04/16/2018 --- # Policy CSP @@ -152,13 +152,13 @@ The following diagram shows the Policy configuration service provider in tree fo
- AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration + AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration
- AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold + AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold
- AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter + AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter
@@ -242,6 +242,14 @@ The following diagram shows the Policy configuration service provider in tree fo +### AppRuntime policies + +
+
+ AppRuntime/AllowMicrosoftAccountsToBeOptional +
+
+ ### AppVirtualization policies
@@ -348,7 +356,7 @@ The following diagram shows the Policy configuration service provider in tree fo ### Authentication policies
-
+
Authentication/AllowAadPasswordReset
@@ -476,10 +484,9 @@ The following diagram shows the Policy configuration service provider in tree fo
Browser/DisableLockdownOfStartPages
-
+
Browser/EnableExtendedBooksTelemetry
-
Browser/EnterpriseModeSiteList
@@ -551,13 +558,13 @@ The following diagram shows the Policy configuration service provider in tree fo Cellular/LetAppsAccessCellularData
- Cellular/LetAppsAccessCellularData_ForceAllowTheseApps + Cellular/LetAppsAccessCellularData_ForceAllowTheseApps
- Cellular/LetAppsAccessCellularData_ForceDenyTheseApps + Cellular/LetAppsAccessCellularData_ForceDenyTheseApps
- Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps + Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps
Cellular/ShowAppCellularAccessUI @@ -618,7 +625,7 @@ The following diagram shows the Policy configuration service provider in tree fo
- ControlPolicyConflict/MDMWinsOverGP + ControlPolicyConflict/MDMWinsOverGP
@@ -636,6 +643,14 @@ The following diagram shows the Policy configuration service provider in tree fo
+### CredentialsDelegation policies + +
+
+ CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials +
+
+ ### CredentialsUI policies
@@ -805,7 +820,6 @@ The following diagram shows the Policy configuration service provider in tree fo
DeliveryOptimization/DODelayForegroundDownloadFromHttp
-
DeliveryOptimization/DODownloadMode
@@ -815,7 +829,6 @@ The following diagram shows the Policy configuration service provider in tree fo
DeliveryOptimization/DOGroupIdSource
-
DeliveryOptimization/DOMaxCacheAge
@@ -950,6 +963,9 @@ The following diagram shows the Policy configuration service provider in tree fo
DeviceLock/MinimumPasswordAge
+
+ DeviceLock/PreventEnablingLockScreenCamera +
DeviceLock/PreventLockScreenSlideShow
@@ -1073,9 +1089,15 @@ The following diagram shows the Policy configuration service provider in tree fo
Experience/AllowSIMErrorDialogPromptWhenNoSIM
+
+ Experience/AllowSaveAsOfOfficeFiles +
Experience/AllowScreenCapture
+
+ Experience/AllowSharingOfOfficeFiles +
Experience/AllowSyncMySettings
@@ -1125,6 +1147,17 @@ The following diagram shows the Policy configuration service provider in tree fo
+### FileExplorer policies + +
+
+ FileExplorer/TurnOffDataExecutionPreventionForExplorer +
+
+ FileExplorer/TurnOffHeapTerminationOnCorruption +
+
+ ### Games policies
@@ -1363,6 +1396,9 @@ The following diagram shows the Policy configuration service provider in tree fo
InternetExplorer/InternetZoneAllowUserDataPersistence
+
+ InternetExplorer/InternetZoneAllowVBScriptToRunInInternetExplorer +
InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls
@@ -1531,6 +1567,9 @@ The following diagram shows the Policy configuration service provider in tree fo
InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames
+
+ InternetExplorer/LockedDownIntranetJavaPermissions +
InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources
@@ -1762,6 +1801,9 @@ The following diagram shows the Policy configuration service provider in tree fo
InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence
+
+ InternetExplorer/RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer +
InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls
@@ -1899,26 +1941,26 @@ The following diagram shows the Policy configuration service provider in tree fo
- KioskBrowser/BlockedUrlExceptions + KioskBrowser/BlockedUrlExceptions
- KioskBrowser/BlockedUrls + KioskBrowser/BlockedUrls
- KioskBrowser/DefaultURL + KioskBrowser/DefaultURL
- KioskBrowser/EnableHomeButton + KioskBrowser/EnableHomeButton
- KioskBrowser/EnableNavigationButtons + KioskBrowser/EnableNavigationButtons
- KioskBrowser/RestartOnIdleTime + KioskBrowser/RestartOnIdleTime
-### LanmanWorkstation policies +### LanmanWorkstation policies
@@ -1958,6 +2000,27 @@ The following diagram shows the Policy configuration service provider in tree fo
LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount
+
+ LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon +
+
+ LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia +
+
+ LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters +
+
+ LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly +
+
+ LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways +
+
+ LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible +
+
+ LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges +
LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked
@@ -1979,15 +2042,75 @@ The following diagram shows the Policy configuration service provider in tree fo
LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn
+
+ LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior +
+
+ LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees +
+
+ LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers +
+
+ LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession +
+
+ LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways +
+
+ LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees +
+
+ LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts +
+
+ LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares +
+
+ LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers +
+
+ LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares +
+
+ LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM +
LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests
+
+ LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange +
+
+ LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel +
+
+ LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers +
+
+ LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication +
+
+ LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic +
+
+ LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic +
+
+ LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers +
LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon
LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
+
+ LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile +
+
+ LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems +
LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation
@@ -1997,6 +2120,9 @@ The following diagram shows the Policy configuration service provider in tree fo
LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
+
+ LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation +
LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated
@@ -2009,6 +2135,9 @@ The following diagram shows the Policy configuration service provider in tree fo
LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation
+
+ LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode +
LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations
@@ -2055,6 +2184,46 @@ The following diagram shows the Policy configuration service provider in tree fo
+### MSSecurityGuide policies + +
+
+ MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon +
+
+ MSSecurityGuide/ConfigureSMBV1ClientDriver +
+
+ MSSecurityGuide/ConfigureSMBV1Server +
+
+ MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection +
+
+ MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications +
+
+ MSSecurityGuide/WDigestAuthentication +
+
+ +### MSSLegacy policies + +
+
+ MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes +
+
+ MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers +
+
+ MSSLegacy/IPSourceRoutingProtectionLevel +
+
+ MSSLegacy/IPv6SourceRoutingProtectionLevel +
+
+ ### NetworkIsolation policies
@@ -2101,6 +2270,9 @@ The following diagram shows the Policy configuration service provider in tree fo ### Power policies
+
+ Power/AllowStandbyStatesWhenSleepingOnBattery +
Power/AllowStandbyWhenSleepingPluggedIn
@@ -2509,15 +2681,16 @@ The following diagram shows the Policy configuration service provider in tree fo ### RestrictedGroups policies +
- RestrictedGroups/ConfigureGroupMembership + RestrictedGroups/ConfigureGroupMembership
- +
### Search policies
-
+
Search/AllowCloudSearch
@@ -2530,7 +2703,7 @@ The following diagram shows the Policy configuration service provider in tree fo Search/AllowSearchToUseLocation
- Search/AllowStoringImagesFromVisionSearch + Search/AllowStoringImagesFromVisionSearch
Search/AllowUsingDiacritics @@ -2550,7 +2723,6 @@ The following diagram shows the Policy configuration service provider in tree fo
Search/DoNotUseWebResults
-
Search/PreventIndexingLowDiskSpaceMB
@@ -2584,7 +2756,7 @@ The following diagram shows the Policy configuration service provider in tree fo Security/ClearTPMIfNotReady
- Security/ConfigureWindowsPasswords + Security/ConfigureWindowsPasswords
Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices @@ -2765,10 +2937,10 @@ The following diagram shows the Policy configuration service provider in tree fo
- Storage/EnhancedStorageDevices + Storage/AllowDiskHealthModelUpdates
- Storage/AllowDiskHealthModelUpdates + Storage/EnhancedStorageDevices
@@ -2826,22 +2998,22 @@ The following diagram shows the Policy configuration service provider in tree fo
- SystemServices/ConfigureHomeGroupListenerServiceStartupMode + SystemServices/ConfigureHomeGroupListenerServiceStartupMode
- SystemServices/ConfigureHomeGroupProviderServiceStartupMode + SystemServices/ConfigureHomeGroupProviderServiceStartupMode
- SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode + SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode
- SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode + SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode
- SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode + SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode
- SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode + SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode
@@ -2849,7 +3021,7 @@ The following diagram shows the Policy configuration service provider in tree fo
- TaskScheduler/EnableXboxGameSaveTask + TaskScheduler/EnableXboxGameSaveTask
@@ -2889,6 +3061,12 @@ The following diagram shows the Policy configuration service provider in tree fo
TextInput/AllowLanguageFeaturesUninstall
+
+ TextInput/AllowLinguisticDataCollection +
+
+ TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode +
TextInput/ExcludeJapaneseIMEExceptJIS0208
@@ -2902,10 +3080,10 @@ The following diagram shows the Policy configuration service provider in tree fo TextInput/ForceTouchKeyboardDockedState
- TextInput/TouchKeyboardDictationButtonAvailability + TextInput/TouchKeyboardDictationButtonAvailability
- TextInput/TouchKeyboardEmojiButtonAvailability + TextInput/TouchKeyboardEmojiButtonAvailability
TextInput/TouchKeyboardFullModeAvailability @@ -3014,7 +3192,7 @@ The following diagram shows the Policy configuration service provider in tree fo Update/IgnoreMOUpdateDownloadLimit
- Update/ManagePreviewBuilds + Update/ManagePreviewBuilds
Update/PauseDeferrals @@ -3031,6 +3209,9 @@ The following diagram shows the Policy configuration service provider in tree fo
Update/PauseQualityUpdatesStartTime
+
+ Update/PhoneUpdateRestrictions +
Update/RequireDeferUpgrade
@@ -3082,91 +3263,91 @@ The following diagram shows the Policy configuration service provider in tree fo
- UserRights/AccessCredentialManagerAsTrustedCaller + UserRights/AccessCredentialManagerAsTrustedCaller
- UserRights/AccessFromNetwork + UserRights/AccessFromNetwork
- UserRights/ActAsPartOfTheOperatingSystem + UserRights/ActAsPartOfTheOperatingSystem
- UserRights/AllowLocalLogOn + UserRights/AllowLocalLogOn
- UserRights/BackupFilesAndDirectories + UserRights/BackupFilesAndDirectories
- UserRights/ChangeSystemTime + UserRights/ChangeSystemTime
- UserRights/CreateGlobalObjects + UserRights/CreateGlobalObjects
- UserRights/CreatePageFile + UserRights/CreatePageFile
- UserRights/CreatePermanentSharedObjects + UserRights/CreatePermanentSharedObjects
- UserRights/CreateSymbolicLinks + UserRights/CreateSymbolicLinks
- UserRights/CreateToken + UserRights/CreateToken
- UserRights/DebugPrograms + UserRights/DebugPrograms
- UserRights/DenyAccessFromNetwork + UserRights/DenyAccessFromNetwork
- UserRights/DenyLocalLogOn + UserRights/DenyLocalLogOn
- UserRights/DenyRemoteDesktopServicesLogOn + UserRights/DenyRemoteDesktopServicesLogOn
- UserRights/EnableDelegation + UserRights/EnableDelegation
- UserRights/GenerateSecurityAudits + UserRights/GenerateSecurityAudits
- UserRights/ImpersonateClient + UserRights/ImpersonateClient
- UserRights/IncreaseSchedulingPriority + UserRights/IncreaseSchedulingPriority
- UserRights/LoadUnloadDeviceDrivers + UserRights/LoadUnloadDeviceDrivers
- UserRights/LockMemory + UserRights/LockMemory
- UserRights/ManageAuditingAndSecurityLog + UserRights/ManageAuditingAndSecurityLog
- UserRights/ManageVolume + UserRights/ManageVolume
- UserRights/ModifyFirmwareEnvironment + UserRights/ModifyFirmwareEnvironment
- UserRights/ModifyObjectLabel + UserRights/ModifyObjectLabel
- UserRights/ProfileSingleProcess + UserRights/ProfileSingleProcess
- UserRights/RemoteShutdown + UserRights/RemoteShutdown
- UserRights/RestoreFilesAndDirectories + UserRights/RestoreFilesAndDirectories
- UserRights/TakeOwnership + UserRights/TakeOwnership
@@ -3196,15 +3377,29 @@ The following diagram shows the Policy configuration service provider in tree fo
+### WindowsConnectionManager policies + +
+
+ WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork +
+
+ ### WindowsDefenderSecurityCenter policies
WindowsDefenderSecurityCenter/CompanyName
+
+ WindowsDefenderSecurityCenter/DisableAccountProtectionUI +
WindowsDefenderSecurityCenter/DisableAppBrowserUI
+
+ WindowsDefenderSecurityCenter/DisableDeviceSecurityUI +
WindowsDefenderSecurityCenter/DisableEnhancedNotifications
@@ -3235,6 +3430,15 @@ The following diagram shows the Policy configuration service provider in tree fo
WindowsDefenderSecurityCenter/EnableInAppCustomization
+
+ WindowsDefenderSecurityCenter/HideRansomwareDataRecovery +
+
+ WindowsDefenderSecurityCenter/HideSecureBoot +
+
+ WindowsDefenderSecurityCenter/HideTPMTroubleshooting +
WindowsDefenderSecurityCenter/Phone
@@ -3263,19 +3467,33 @@ The following diagram shows the Policy configuration service provider in tree fo
WindowsLogon/DontDisplayNetworkSelectionUI
+
+ WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers +
WindowsLogon/HideFastUserSwitching
+
+ WindowsLogon/SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart +
+
+ +### WindowsPowerShell policies + +
+
+ WindowsPowerShell/TurnOnPowerShellScriptBlockLogging +
### WirelessDisplay policies
- WirelessDisplay/AllowMdnsAdvertisement + WirelessDisplay/AllowMdnsAdvertisement
- WirelessDisplay/AllowMdnsDiscovery + WirelessDisplay/AllowMdnsDiscovery
WirelessDisplay/AllowProjectionFromPC @@ -3719,12 +3937,15 @@ The following diagram shows the Policy configuration service provider in tree fo - [AppVirtualization/StreamingVerifyCertificateRevocationList](./policy-csp-appvirtualization.md#appvirtualization-streamingverifycertificaterevocationlist) - [AppVirtualization/VirtualComponentsAllowList](./policy-csp-appvirtualization.md#appvirtualization-virtualcomponentsallowlist) - [ApplicationDefaults/DefaultAssociationsConfiguration](./policy-csp-applicationdefaults.md#applicationdefaults-defaultassociationsconfiguration) +- [ApplicationDefaults/EnableAppUriHandlers](./policy-csp-applicationdefaults.md#applicationdefaults-enableappurihandlers) - [ApplicationManagement/AllowAllTrustedApps](./policy-csp-applicationmanagement.md#applicationmanagement-allowalltrustedapps) - [ApplicationManagement/AllowAppStoreAutoUpdate](./policy-csp-applicationmanagement.md#applicationmanagement-allowappstoreautoupdate) - [ApplicationManagement/AllowDeveloperUnlock](./policy-csp-applicationmanagement.md#applicationmanagement-allowdeveloperunlock) - [ApplicationManagement/AllowGameDVR](./policy-csp-applicationmanagement.md#applicationmanagement-allowgamedvr) - [ApplicationManagement/AllowSharedUserAppData](./policy-csp-applicationmanagement.md#applicationmanagement-allowshareduserappdata) - [ApplicationManagement/DisableStoreOriginatedApps](./policy-csp-applicationmanagement.md#applicationmanagement-disablestoreoriginatedapps) +- [ApplicationManagement/MSIAllowUserControlOverInstall](./policy-csp-applicationmanagement.md#applicationmanagement-msiallowusercontroloverinstall) +- [ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges](./policy-csp-applicationmanagement.md#applicationmanagement-msialwaysinstallwithelevatedprivileges) - [ApplicationManagement/RequirePrivateStoreOnly](./policy-csp-applicationmanagement.md#applicationmanagement-requireprivatestoreonly) - [ApplicationManagement/RestrictAppDataToSystemVolume](./policy-csp-applicationmanagement.md#applicationmanagement-restrictappdatatosystemvolume) - [ApplicationManagement/RestrictAppToSystemVolume](./policy-csp-applicationmanagement.md#applicationmanagement-restrictapptosystemvolume) @@ -3763,6 +3984,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Browser/PreventLiveTileDataCollection](./policy-csp-browser.md#browser-preventlivetiledatacollection) - [Browser/PreventSmartScreenPromptOverride](./policy-csp-browser.md#browser-preventsmartscreenpromptoverride) - [Browser/PreventSmartScreenPromptOverrideForFiles](./policy-csp-browser.md#browser-preventsmartscreenpromptoverrideforfiles) +- [Browser/PreventTabPreloading](./policy-csp-browser.md#browser-preventtabpreloading) - [Browser/PreventUsingLocalHostIPAddressForWebRTC](./policy-csp-browser.md#browser-preventusinglocalhostipaddressforwebrtc) - [Browser/ProvisionFavorites](./policy-csp-browser.md#browser-provisionfavorites) - [Browser/SendIntranetTraffictoInternetExplorer](./policy-csp-browser.md#browser-sendintranettraffictointernetexplorer) @@ -3777,6 +3999,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps](./policy-csp-cellular.md#cellular-letappsaccesscellulardata-userincontroloftheseapps) - [Cellular/ShowAppCellularAccessUI](./policy-csp-cellular.md#cellular-showappcellularaccessui) - [Connectivity/AllowCellularDataRoaming](./policy-csp-connectivity.md#connectivity-allowcellulardataroaming) +- [Connectivity/AllowPhonePCLinking](./policy-csp-connectivity.md#connectivity-allowphonepclinking) - [Connectivity/DiablePrintingOverHTTP](./policy-csp-connectivity.md#connectivity-diableprintingoverhttp) - [Connectivity/DisableDownloadingOfPrintDriversOverHTTP](./policy-csp-connectivity.md#connectivity-disabledownloadingofprintdriversoverhttp) - [Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards](./policy-csp-connectivity.md#connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards) @@ -4136,6 +4359,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Kerberos/RequireKerberosArmoring](./policy-csp-kerberos.md#kerberos-requirekerberosarmoring) - [Kerberos/RequireStrictKDCValidation](./policy-csp-kerberos.md#kerberos-requirestrictkdcvalidation) - [Kerberos/SetMaximumContextTokenSize](./policy-csp-kerberos.md#kerberos-setmaximumcontexttokensize) +- [LanmanWorkstation/EnableInsecureGuestLogons](./policy-csp-lanmanworkstation.md#lanmanworkstation-enableinsecureguestlogons) - [Licensing/AllowWindowsEntitlementReactivation](./policy-csp-licensing.md#licensing-allowwindowsentitlementreactivation) - [Licensing/DisallowKMSClientOnlineAVSValidation](./policy-csp-licensing.md#licensing-disallowkmsclientonlineavsvalidation) - [LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts-blockmicrosoftaccounts) @@ -4148,6 +4372,9 @@ The following diagram shows the Policy configuration service provider in tree fo - [LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-allowedtoformatandejectremovablemedia) - [LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-preventusersfrominstallingprinterdriverswhenconnectingtosharedprinters) - [LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-devices-restrictcdromaccesstolocallyloggedonuseronly) +- [LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-digitallyencryptorsignsecurechanneldataalways) +- [LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-digitallyencryptsecurechanneldatawhenpossible) +- [LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-domainmember-disablemachineaccountpasswordchanges) - [LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked) - [LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin) - [LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-donotdisplayusernameatsignin) @@ -4169,6 +4396,10 @@ The following diagram shows the Policy configuration service provider in tree fo - [LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-donotstorelanmanagerhashvalueonnextpasswordchange) - [LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-lanmanagerauthenticationlevel) - [LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedservers) +- [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-addremoteserverexceptionsforntlmauthentication) +- [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-auditincomingntlmtraffic) +- [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-incomingntlmtraffic) +- [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-outgoingntlmtraffictoremoteservers) - [LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon) - [LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-shutdown-clearvirtualmemorypagefile) - [LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol-allowuiaccessapplicationstopromptforelevation) @@ -4202,7 +4433,9 @@ The following diagram shows the Policy configuration service provider in tree fo - [NetworkIsolation/EnterpriseProxyServers](./policy-csp-networkisolation.md#networkisolation-enterpriseproxyservers) - [NetworkIsolation/EnterpriseProxyServersAreAuthoritative](./policy-csp-networkisolation.md#networkisolation-enterpriseproxyserversareauthoritative) - [NetworkIsolation/NeutralResources](./policy-csp-networkisolation.md#networkisolation-neutralresources) +- [Notifications/DisallowCloudNotification](./policy-csp-notifications.md#notifications-disallowcloudnotification) - [Notifications/DisallowNotificationMirroring](./policy-csp-notifications.md#notifications-disallownotificationmirroring) +- [Notifications/DisallowTileNotification](./policy-csp-notifications.md#notifications-disallowtilenotification) - [Power/AllowStandbyStatesWhenSleepingOnBattery](./policy-csp-power.md#power-allowstandbystateswhensleepingonbattery) - [Power/AllowStandbyWhenSleepingPluggedIn](./policy-csp-power.md#power-allowstandbywhensleepingpluggedin) - [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery) @@ -4367,6 +4600,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxlivegamesaveservicestartupmode) - [SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode](./policy-csp-systemservices.md#systemservices-configurexboxlivenetworkingservicestartupmode) - [TextInput/AllowLanguageFeaturesUninstall](./policy-csp-textinput.md#textinput-allowlanguagefeaturesuninstall) +- [TextInput/AllowLinguisticDataCollection](./policy-csp-textinput.md#textinput-allowlinguisticdatacollection) - [Update/ActiveHoursEnd](./policy-csp-update.md#update-activehoursend) - [Update/ActiveHoursMaxRange](./policy-csp-update.md#update-activehoursmaxrange) - [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart) @@ -4498,6 +4732,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Security/RequireDeviceEncryption](#security-requiredeviceencryption) - [Settings/AllowDateTime](#settings-allowdatetime) - [Settings/AllowVPN](#settings-allowvpn) +- [System/AllowFontProviders](#system-allowfontproviders) - [System/AllowLocation](#system-allowlocation) - [System/AllowTelemetry](#system-allowtelemetry) - [Update/AllowAutoUpdate](#update-allowautoupdate) diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index 774334df19..02d3d2895e 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - ApplicationDefaults @@ -189,20 +189,14 @@ If you do not configure this policy setting, the default behavior depends on the ADMX Info: - GP English name: *Configure web-to-app linking with app URI handlers* - GP name: *EnableAppUriHandlers* +- GP path: *System/Group Policy* - GP ADMX file name: *GroupPolicy.admx* This setting supports a range of values between 0 and 1. - - - - - - -
diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index 4abd17e1d1..082ad6881d 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - ApplicationManagement @@ -597,20 +597,14 @@ This policy setting is designed for less restrictive environments. It can be use ADMX Info: - GP English name: *Allow user control over installs* - GP name: *EnableUserControl* +- GP path: *Windows Components/Windows Installer* - GP ADMX file name: *MSI.admx* This setting supports a range of values between 0 and 1. - - - - - - -
@@ -661,25 +655,20 @@ If you disable or do not configure this policy setting, the system applies the c Note: This policy setting appears both in the Computer Configuration and User Configuration folders. To make this policy setting effective, you must enable it in both folders. Caution: Skilled users can take advantage of the permissions this policy setting grants to change their privileges and gain permanent access to restricted files and folders. Note that the User Configuration version of this policy setting is not guaranteed to be secure. + ADMX Info: - GP English name: *Always install with elevated privileges* - GP name: *AlwaysInstallElevated* +- GP path: *Windows Components/Windows Installer* - GP ADMX file name: *MSI.admx* This setting supports a range of values between 0 and 1. - - - - - - -
@@ -729,7 +718,9 @@ Most restricted value is 1. ADMX Info: +- GP English name: *Only display the private store within the Microsoft Store* - GP name: *RequirePrivateStoreOnly* +- GP path: *Windows Components/Store* - GP ADMX file name: *WindowsStore.admx* diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md index 7e6fb10c8d..386d22dfe2 100644 --- a/windows/client-management/mdm/policy-csp-appruntime.md +++ b/windows/client-management/mdm/policy-csp-appruntime.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - AppRuntime @@ -32,6 +32,29 @@ ms.date: 03/12/2018 **AppRuntime/AllowMicrosoftAccountsToBeOptional** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index 76ccab305a..514ff83491 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03//2018 +ms.date: 04/16/2018 --- # Policy CSP - Browser @@ -2191,10 +2191,17 @@ The following list shows the supported values: -Added in Windows 10, version 1803. This is only a placeholder. Do not use in production code. +Added in Windows 10, version 1803. This is only a placeholder. Do not use in production code. + +ADMX Info: +- GP English name: *Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed* +- GP name: *PreventTabPreloading* +- GP path: *Windows Components/Microsoft Edge* +- GP ADMX file name: *MicrosoftEdge.admx* + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md index 431c59baa4..9c86945186 100644 --- a/windows/client-management/mdm/policy-csp-cellular.md +++ b/windows/client-management/mdm/policy-csp-cellular.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - Cellular @@ -92,8 +92,10 @@ If an app is open when this Group Policy object is applied on a device, employee ADMX Info: +- GP English name: *Let Windows apps access cellular data* - GP name: *LetAppsAccessCellularData* - GP element: *LetAppsAccessCellularData_Enum* +- GP path: *Network/WWAN Service/Cellular Data Access* - GP ADMX file name: *wwansvc.admx* @@ -150,8 +152,10 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N ADMX Info: +- GP English name: *Let Windows apps access cellular data* - GP name: *LetAppsAccessCellularData* - GP element: *LetAppsAccessCellularData_ForceAllowTheseApps_List* +- GP path: *Network/WWAN Service/Cellular Data Access* - GP ADMX file name: *wwansvc.admx* @@ -200,8 +204,10 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N ADMX Info: +- GP English name: *Let Windows apps access cellular data* - GP name: *LetAppsAccessCellularData* - GP element: *LetAppsAccessCellularData_ForceDenyTheseApps_List* +- GP path: *Network/WWAN Service/Cellular Data Access* - GP ADMX file name: *wwansvc.admx* @@ -250,8 +256,10 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N ADMX Info: +- GP English name: *Let Windows apps access cellular data* - GP name: *LetAppsAccessCellularData* - GP element: *LetAppsAccessCellularData_UserInControlOfTheseApps_List* +- GP path: *Network/WWAN Service/Cellular Data Access* - GP ADMX file name: *wwansvc.admx* diff --git a/windows/client-management/mdm/policy-csp-credentialsdelegation.md b/windows/client-management/mdm/policy-csp-credentialsdelegation.md index e347fbd029..edd5e6b205 100644 --- a/windows/client-management/mdm/policy-csp-credentialsdelegation.md +++ b/windows/client-management/mdm/policy-csp-credentialsdelegation.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - CredentialsDelegation @@ -32,6 +32,29 @@ ms.date: 03/12/2018 **CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index cf43d37c41..9b31c6322f 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - DeliveryOptimization @@ -1219,8 +1219,10 @@ Note that downloads from LAN peers will not be throttled even when this policy i ADMX Info: +- GP English name: *Maximum Background Download Bandwidth (percentage)* - GP name: *PercentageMaxBackgroundBandwidth* - GP element: *PercentageMaxBackgroundBandwidth* +- GP path: *Windows Components/Delivery Optimization* - GP ADMX file name: *DeliveryOptimization.admx* @@ -1231,6 +1233,15 @@ ADMX Info: **DeliveryOptimization/DOPercentageMaxDownloadBandwidth** + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + This policy is deprecated. Use [DOPercentageMaxForegroundBandwidth](#deliveryoptimization-dopercentagemaxforegroundbandwidth) and [DOPercentageMaxBackgroundBandwidth](#deliveryoptimization-dopercentagemaxbackgroundbandwidth) policies instead. @@ -1282,8 +1293,10 @@ Note that downloads from LAN peers will not be throttled even when this policy i ADMX Info: +- GP English name: *Maximum Foreground Download Bandwidth (percentage)* - GP name: *PercentageMaxForegroundBandwidth* - GP element: *PercentageMaxForegroundBandwidth* +- GP path: *Windows Components/Delivery Optimization* - GP ADMX file name: *DeliveryOptimization.admx* @@ -1388,7 +1401,7 @@ The following list shows the supported values: -Added in Windows 10, version 1803. Specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. +Added in Windows 10, version 1803. Specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. > [!TIP] @@ -1454,7 +1467,7 @@ This policy allows an IT Admin to define the following: -Added in Windows 10, version 1803. Specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. +Added in Windows 10, version 1803. Specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. > [!TIP] diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index 1a791a7b71..4ffde366c7 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - DeviceLock @@ -1036,6 +1036,29 @@ GP Info: **DeviceLock/PreventEnablingLockScreenCamera** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md index 89b92cd690..6c9a23cd61 100644 --- a/windows/client-management/mdm/policy-csp-eventlogservice.md +++ b/windows/client-management/mdm/policy-csp-eventlogservice.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 04/02/2018 +ms.date: 04/16/2018 --- # Policy CSP - EventLogService @@ -200,7 +200,7 @@ ADMX Info: This policy setting specifies the maximum size of the log file in kilobytes. -If you enable this policy setting, you can configure the maximum log file size to be between 20 megabytes (20480 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. +If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes. diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index 51935ec669..38e01b4868 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - Experience @@ -436,6 +436,15 @@ The following list shows the supported values: **Experience/AllowSaveAsOfOfficeFiles** + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + This policy is deprecated. @@ -503,6 +512,15 @@ The following list shows the supported values: **Experience/AllowSharingOfOfficeFiles** + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + This policy is deprecated. diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md index 9216df0e67..df185f9924 100644 --- a/windows/client-management/mdm/policy-csp-fileexplorer.md +++ b/windows/client-management/mdm/policy-csp-fileexplorer.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - FileExplorer @@ -35,6 +35,29 @@ ms.date: 03/12/2018 **FileExplorer/TurnOffDataExecutionPreventionForExplorer** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -70,6 +93,29 @@ ADMX Info: **FileExplorer/TurnOffHeapTerminationOnCorruption** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index 38156a6d35..580431a0ff 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - InternetExplorer @@ -5572,6 +5572,29 @@ ADMX Info: **InternetExplorer/InternetZoneAllowVBScriptToRunInInternetExplorer** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9266,6 +9289,29 @@ ADMX Info: **InternetExplorer/LockedDownIntranetJavaPermissions** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14337,6 +14383,29 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-lanmanworkstation.md index 5c860249fc..15c57e928a 100644 --- a/windows/client-management/mdm/policy-csp-lanmanworkstation.md +++ b/windows/client-management/mdm/policy-csp-lanmanworkstation.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/16/2018 +ms.date: 04/16/2018 --- # Policy CSP - LanmanWorkstation @@ -78,20 +78,14 @@ Insecure guest logons are used by file servers to allow unauthenticated access t ADMX Info: - GP English name: *Enable insecure guest logons* - GP name: *Pol_EnableInsecureGuestLogons* +- GP path: *Network/Lanman Workstation* - GP ADMX file name: *LanmanWorkstation.admx* This setting supports a range of values between 0 and 1. - - - - - - -
diff --git a/windows/client-management/mdm/policy-csp-mssecurityguide.md b/windows/client-management/mdm/policy-csp-mssecurityguide.md index 8759b6d49a..bed4009f6a 100644 --- a/windows/client-management/mdm/policy-csp-mssecurityguide.md +++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - MSSecurityGuide @@ -47,6 +47,29 @@ ms.date: 03/12/2018 **MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -79,6 +102,29 @@ ADMX Info: **MSSecurityGuide/ConfigureSMBV1ClientDriver** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -111,6 +157,29 @@ ADMX Info: **MSSecurityGuide/ConfigureSMBV1Server** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -143,6 +212,29 @@ ADMX Info: **MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -175,6 +267,29 @@ ADMX Info: **MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -207,6 +322,29 @@ ADMX Info: **MSSecurityGuide/WDigestAuthentication** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-msslegacy.md b/windows/client-management/mdm/policy-csp-msslegacy.md index 54107559ca..85f1361fe8 100644 --- a/windows/client-management/mdm/policy-csp-msslegacy.md +++ b/windows/client-management/mdm/policy-csp-msslegacy.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - MSSLegacy @@ -41,6 +41,29 @@ ms.date: 03/12/2018 **MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -73,6 +96,29 @@ ADMX Info: **MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -105,6 +151,29 @@ ADMX Info: **MSSLegacy/IPSourceRoutingProtectionLevel** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -137,6 +206,29 @@ ADMX Info: **MSSLegacy/IPv6SourceRoutingProtectionLevel** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md index bd162cb868..e5838dc453 100644 --- a/windows/client-management/mdm/policy-csp-notifications.md +++ b/windows/client-management/mdm/policy-csp-notifications.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/15/2018 +ms.date: 04/16/2018 --- # Policy CSP - Notifications @@ -80,29 +80,28 @@ If you enable this policy setting, notifications can still be raised by applicat If you disable or do not configure this policy setting, the client computer will connect to WNS at user login and applications will be allowed to use periodic (polling) notifications. No reboots or service restarts are required for this policy setting to take effect. + ADMX Info: - GP English name: *Turn off notifications network usage* - GP name: *NoCloudNotification* +- GP path: *Start Menu and Taskbar/Notifications* - GP ADMX file name: *WPN.admx* This setting supports a range of values between 0 and 1. - - - - - - Validation: 1. Enable policy 2. Reboot machine 3. Ensure that you can't receive a notification from Facebook app while FB app isn't running + + +
@@ -191,6 +190,7 @@ The following list shows the supported values: check mark4 + @@ -211,22 +211,20 @@ If you enable this policy setting, applications and system features will not be If you disable or do not configure this policy setting, tile and badge notifications are enabled and can be turned off by the administrator or user. No reboots or service restarts are required for this policy setting to take effect. + ADMX Info: - GP English name: *Turn off tile notifications* - GP name: *NoTileNotification* +- GP path: *Start Menu and Taskbar/Notifications* - GP ADMX file name: *WPN.admx* This setting supports a range of values between 0 and 1. - - - - Validation: 1. Enable policy diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md index fc85260394..9b6886930d 100644 --- a/windows/client-management/mdm/policy-csp-power.md +++ b/windows/client-management/mdm/policy-csp-power.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - Power @@ -57,6 +57,29 @@ ms.date: 03/12/2018 **Power/AllowStandbyStatesWhenSleepingOnBattery** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -191,7 +214,7 @@ ADMX Info: -Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows turns off the display. +Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows turns off the display. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display. @@ -255,7 +278,7 @@ ADMX Info: -Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows turns off the display. +Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows turns off the display. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display. @@ -319,7 +342,7 @@ ADMX Info: -Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate. +Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate. @@ -383,7 +406,7 @@ ADMX Info: -Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate. +Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate. @@ -571,7 +594,7 @@ ADMX Info: -Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep. +Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep. @@ -635,7 +658,7 @@ ADMX Info: -Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep. +Added in Windows 10, version 1709. This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep. diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index 07ba3d94de..5f1af3e3c0 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - TextInput @@ -680,29 +680,6 @@ The following list shows the supported values: **TextInput/AllowLinguisticDataCollection** - - - - - - - - - - - - - - - - - - - - -
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
- - [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -717,21 +694,16 @@ The following list shows the supported values: ADMX Info: +- GP English name: *Improve inking and typing recognition* - GP name: *AllowLinguisticDataCollection* +- GP path: *Windows Components/Text Input* - GP ADMX file name: *TextInput.admx* This setting supports a range of values between 0 and 1. - - - - - - -
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 70198e988d..5462333ba5 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - Update @@ -917,6 +917,15 @@ The following list shows the supported values: + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + Added in Windows 10, version 1803. Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days. @@ -2138,6 +2147,15 @@ ADMX Info: **Update/PhoneUpdateRestrictions** + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupdateapproval) instead. diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md index c5ac238f1d..4f33bd0bdf 100644 --- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md +++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - WindowsConnectionManager @@ -32,6 +32,29 @@ ms.date: 03/12/2018 **WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index 16e39d3e9c..5029554ef7 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - WindowsLogon @@ -166,6 +166,29 @@ ADMX Info: **WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -270,6 +293,29 @@ To validate on Desktop, do the following: **WindowsLogon/SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md index ee96a4746f..dca0467136 100644 --- a/windows/client-management/mdm/policy-csp-windowspowershell.md +++ b/windows/client-management/mdm/policy-csp-windowspowershell.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 03/12/2018 +ms.date: 04/16/2018 --- # Policy CSP - WindowsPowerShell @@ -32,6 +32,29 @@ ms.date: 03/12/2018 **WindowsPowerShell/TurnOnPowerShellScriptBlockLogging** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + [Scope](./policy-configuration-service-provider.md#policy-scope):