From ac586eb6ecd9b702a6130d74a9560e47bebca57e Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Fri, 26 Jan 2018 08:41:00 -0800 Subject: [PATCH 1/8] adding redirects for Microsoft 365 Business content --- .openpublishing.redirection.json | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index f3f3b9294a..2e1d5727e9 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -8444,6 +8444,21 @@ "source_path": "windows/deployment/windows-10-auto-pilot.md", "redirect_url": "/windows/deployment/windows-autopilot/windows-10-autopilot", "redirect_document_id": true -} +}, +{ +"source_path": "bcs/index.md", +"redirect_url": "/microsoft-365/business/index", +"redirect_document_id": true +}, +{ +"source_path": "bcs/support/microsoft-365-business-faqs.md", +"redirect_url": "/microsoft-365/business/microsoft-365-business-faqs", +"redirect_document_id": true +}, +{ +"source_path": "bcs/support/transition-csp-subscription.md", +"redirect_url": "/microsoft-365/business/transition-csp-subscription", +"redirect_document_id": true +}, ] } \ No newline at end of file From 54271b81801d233fb11cdcc8de1b8f8735597931 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Fri, 26 Jan 2018 08:42:07 -0800 Subject: [PATCH 2/8] typo in JSON --- .openpublishing.redirection.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 2e1d5727e9..f8fae17740 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -8459,6 +8459,6 @@ "source_path": "bcs/support/transition-csp-subscription.md", "redirect_url": "/microsoft-365/business/transition-csp-subscription", "redirect_document_id": true -}, +} ] } \ No newline at end of file From d20eb820de83eb3df9c4a01d19f6b996b60868af Mon Sep 17 00:00:00 2001 From: Nicholas Brower Date: Mon, 29 Jan 2018 19:47:45 +0000 Subject: [PATCH 3/8] Merged PR 5553: adding additional whitespace in prep for token re-ordering --- .../mdm/policy-csp-abovelock.md | 8 +- ...csp-accountpoliciesaccountlockoutpolicy.md | 35 +- .../mdm/policy-csp-accounts.md | 10 +- .../mdm/policy-csp-activexcontrols.md | 4 +- .../mdm/policy-csp-applicationdefaults.md | 5 +- .../mdm/policy-csp-applicationmanagement.md | 24 +- .../mdm/policy-csp-appvirtualization.md | 58 +- .../mdm/policy-csp-attachmentmanager.md | 8 +- .../mdm/policy-csp-authentication.md | 14 +- .../mdm/policy-csp-autoplay.md | 8 +- .../mdm/policy-csp-bitlocker.md | 4 +- .../mdm/policy-csp-bluetooth.md | 12 +- .../mdm/policy-csp-browser.md | 97 ++- .../mdm/policy-csp-camera.md | 4 +- .../mdm/policy-csp-cellular.md | 12 +- .../mdm/policy-csp-connectivity.md | 30 +- .../mdm/policy-csp-controlpolicyconflict.md | 11 +- .../mdm/policy-csp-credentialproviders.md | 8 +- .../mdm/policy-csp-credentialsui.md | 6 +- .../mdm/policy-csp-cryptography.md | 6 +- .../mdm/policy-csp-dataprotection.md | 6 +- .../mdm/policy-csp-datausage.md | 6 +- .../mdm/policy-csp-defender.md | 74 ++- .../mdm/policy-csp-deliveryoptimization.md | 115 ++-- .../mdm/policy-csp-desktop.md | 4 +- .../mdm/policy-csp-deviceguard.md | 12 +- .../mdm/policy-csp-deviceinstallation.md | 6 +- .../mdm/policy-csp-devicelock.md | 47 +- .../mdm/policy-csp-display.md | 6 +- .../mdm/policy-csp-education.md | 8 +- .../mdm/policy-csp-enterprisecloudprint.md | 14 +- .../mdm/policy-csp-errorreporting.md | 12 +- .../mdm/policy-csp-eventlogservice.md | 10 +- .../mdm/policy-csp-experience.md | 46 +- .../mdm/policy-csp-exploitguard.md | 4 +- .../client-management/mdm/policy-csp-games.md | 4 +- .../mdm/policy-csp-handwriting.md | 6 +- .../mdm/policy-csp-internetexplorer.md | 580 +++++++++++++++++- .../mdm/policy-csp-kerberos.md | 12 +- .../mdm/policy-csp-kioskbrowser.md | 68 +- .../mdm/policy-csp-licensing.md | 6 +- ...policy-csp-localpoliciessecurityoptions.md | 391 ++++-------- .../mdm/policy-csp-location.md | 4 +- .../mdm/policy-csp-lockdown.md | 4 +- .../client-management/mdm/policy-csp-maps.md | 6 +- .../mdm/policy-csp-messaging.md | 8 +- .../mdm/policy-csp-networkisolation.md | 18 +- .../mdm/policy-csp-notifications.md | 4 +- .../client-management/mdm/policy-csp-power.md | 20 +- .../mdm/policy-csp-printers.md | 8 +- .../mdm/policy-csp-privacy.md | 158 ++++- .../mdm/policy-csp-remoteassistance.md | 10 +- .../mdm/policy-csp-remotedesktopservices.md | 14 +- .../mdm/policy-csp-remotemanagement.md | 47 +- .../mdm/policy-csp-remoteprocedurecall.md | 6 +- .../mdm/policy-csp-remoteshell.md | 23 +- .../mdm/policy-csp-search.md | 43 +- .../mdm/policy-csp-security.md | 31 +- .../mdm/policy-csp-settings.md | 40 +- .../mdm/policy-csp-smartscreen.md | 8 +- .../mdm/policy-csp-speech.md | 4 +- .../client-management/mdm/policy-csp-start.md | 60 +- .../mdm/policy-csp-storage.md | 6 +- .../mdm/policy-csp-system.md | 45 +- .../mdm/policy-csp-systemservices.md | 68 +- .../mdm/policy-csp-taskscheduler.md | 13 +- .../mdm/policy-csp-textinput.md | 37 +- .../mdm/policy-csp-timelanguagesettings.md | 4 +- .../mdm/policy-csp-update.md | 114 +++- .../mdm/policy-csp-userrights.md | 323 ++-------- .../client-management/mdm/policy-csp-wifi.md | 16 +- ...olicy-csp-windowsdefendersecuritycenter.md | 91 ++- .../mdm/policy-csp-windowsinkworkspace.md | 6 +- .../mdm/policy-csp-windowslogon.md | 8 +- .../mdm/policy-csp-wirelessdisplay.md | 28 +- 75 files changed, 2103 insertions(+), 973 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md index 1c59efda74..544860e28f 100644 --- a/windows/client-management/mdm/policy-csp-abovelock.md +++ b/windows/client-management/mdm/policy-csp-abovelock.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - AboveLock @@ -30,7 +30,9 @@ ms.date: 12/14/2017 +
+ **AboveLock/AllowActionCenterNotifications** @@ -83,7 +85,9 @@ The following list shows the supported values: +
+ **AboveLock/AllowCortanaAboveLock** @@ -131,7 +135,9 @@ The following list shows the supported values: +
+ **AboveLock/AllowToasts** diff --git a/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md b/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md index dfe6305024..341cac943e 100644 --- a/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md +++ b/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/29/2017 +ms.date: 01/29/2018 --- # Policy CSP - AccountPoliciesAccountLockoutPolicy @@ -32,7 +32,9 @@ ms.date: 12/29/2017 +
+ **AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration** @@ -76,17 +78,10 @@ If an account lockout threshold is defined, the account lockout duration must be Default: None, because this policy setting only has meaning when an Account lockout threshold is specified. - - - - - - - - - +
+ **AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold** @@ -130,17 +125,10 @@ Failed password attempts against workstations or member servers that have been l Default: 0. - - - - - - - - - +
+ **AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter** @@ -184,15 +172,6 @@ If an account lockout threshold is defined, this reset time must be less than or Default: None, because this policy setting only has meaning when an Account lockout threshold is specified. - - - - - - - - -
diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md index 9098a9f6be..3eaaad3542 100644 --- a/windows/client-management/mdm/policy-csp-accounts.md +++ b/windows/client-management/mdm/policy-csp-accounts.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - Accounts @@ -33,7 +33,9 @@ ms.date: 12/14/2017 +
+ **Accounts/AllowAddingNonMicrosoftAccountsManually** @@ -86,7 +88,9 @@ The following list shows the supported values: +
+ **Accounts/AllowMicrosoftAccountConnection** @@ -136,7 +140,9 @@ The following list shows the supported values: +
+ **Accounts/AllowMicrosoftAccountSignInAssistant** @@ -184,7 +190,9 @@ The following list shows the supported values: +
+ **Accounts/DomainNamesForEmailSync** diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md index 411a6aa435..43af11e725 100644 --- a/windows/client-management/mdm/policy-csp-activexcontrols.md +++ b/windows/client-management/mdm/policy-csp-activexcontrols.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - ActiveXControls @@ -24,7 +24,9 @@ ms.date: 11/01/2017 +
+ **ActiveXControls/ApprovedInstallationSites** diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index 440136eec9..549937c7e9 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/04/2017 +ms.date: 01/29/2018 --- # Policy CSP - ApplicationDefaults @@ -24,7 +24,9 @@ ms.date: 12/04/2017 +
+ **ApplicationDefaults/DefaultAssociationsConfiguration** @@ -129,4 +131,3 @@ Footnote: - diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index 8d12310300..2cd0eb5954 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - ApplicationManagement @@ -54,7 +54,9 @@ ms.date: 12/14/2017 +
+ **ApplicationManagement/AllowAllTrustedApps** @@ -105,7 +107,9 @@ The following list shows the supported values: +
+ **ApplicationManagement/AllowAppStoreAutoUpdate** @@ -153,7 +157,9 @@ Most restricted value is 0. +
+ **ApplicationManagement/AllowDeveloperUnlock** @@ -204,7 +210,9 @@ The following list shows the supported values: +
+ **ApplicationManagement/AllowGameDVR** @@ -257,7 +265,9 @@ The following list shows the supported values: +
+ **ApplicationManagement/AllowSharedUserAppData** @@ -307,7 +317,9 @@ The following list shows the supported values: +
+ **ApplicationManagement/AllowStore** @@ -357,7 +369,9 @@ The following list shows the supported values: +
+ **ApplicationManagement/ApplicationRestrictions** @@ -420,7 +434,9 @@ Value evaluation rule - The information for PolicyManager is opaque. There is no +
+ **ApplicationManagement/DisableStoreOriginatedApps** @@ -468,7 +484,9 @@ The following list shows the supported values: +
+ **ApplicationManagement/RequirePrivateStoreOnly** @@ -516,7 +534,9 @@ Most restricted value is 1. +
+ **ApplicationManagement/RestrictAppDataToSystemVolume** @@ -566,7 +586,9 @@ The following list shows the supported values: +
+ **ApplicationManagement/RestrictAppToSystemVolume** diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md index e8d81c05b3..53bb0578e4 100644 --- a/windows/client-management/mdm/policy-csp-appvirtualization.md +++ b/windows/client-management/mdm/policy-csp-appvirtualization.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - AppVirtualization @@ -105,7 +105,9 @@ ms.date: 11/01/2017 +
+ **AppVirtualization/AllowAppVClient** @@ -161,7 +163,9 @@ ADMX Info: +
+ **AppVirtualization/AllowDynamicVirtualization** @@ -217,7 +221,9 @@ ADMX Info: +
+ **AppVirtualization/AllowPackageCleanup** @@ -273,7 +279,9 @@ ADMX Info: +
+ **AppVirtualization/AllowPackageScripts** @@ -329,7 +337,9 @@ ADMX Info: +
+ **AppVirtualization/AllowPublishingRefreshUX** @@ -385,7 +395,9 @@ ADMX Info: +
+ **AppVirtualization/AllowReportingServer** @@ -451,7 +463,9 @@ ADMX Info: +
+ **AppVirtualization/AllowRoamingFileExclusions** @@ -507,7 +521,9 @@ ADMX Info: +
+ **AppVirtualization/AllowRoamingRegistryExclusions** @@ -563,7 +579,9 @@ ADMX Info: +
+ **AppVirtualization/AllowStreamingAutoload** @@ -619,7 +637,9 @@ ADMX Info: +
+ **AppVirtualization/ClientCoexistenceAllowMigrationmode** @@ -675,7 +695,9 @@ ADMX Info: +
+ **AppVirtualization/IntegrationAllowRootGlobal** @@ -731,7 +753,9 @@ ADMX Info: +
+ **AppVirtualization/IntegrationAllowRootUser** @@ -787,7 +811,9 @@ ADMX Info: +
+ **AppVirtualization/PublishingAllowServer1** @@ -861,7 +887,9 @@ ADMX Info: +
+ **AppVirtualization/PublishingAllowServer2** @@ -935,7 +963,9 @@ ADMX Info: +
+ **AppVirtualization/PublishingAllowServer3** @@ -1009,7 +1039,9 @@ ADMX Info: +
+ **AppVirtualization/PublishingAllowServer4** @@ -1083,7 +1115,9 @@ ADMX Info: +
+ **AppVirtualization/PublishingAllowServer5** @@ -1157,7 +1191,9 @@ ADMX Info: +
+ **AppVirtualization/StreamingAllowCertificateFilterForClient_SSL** @@ -1213,7 +1249,9 @@ ADMX Info: +
+ **AppVirtualization/StreamingAllowHighCostLaunch** @@ -1269,7 +1307,9 @@ ADMX Info: +
+ **AppVirtualization/StreamingAllowLocationProvider** @@ -1325,7 +1365,9 @@ ADMX Info: +
+ **AppVirtualization/StreamingAllowPackageInstallationRoot** @@ -1381,7 +1423,9 @@ ADMX Info: +
+ **AppVirtualization/StreamingAllowPackageSourceRoot** @@ -1437,7 +1481,9 @@ ADMX Info: +
+ **AppVirtualization/StreamingAllowReestablishmentInterval** @@ -1493,7 +1539,9 @@ ADMX Info: +
+ **AppVirtualization/StreamingAllowReestablishmentRetries** @@ -1549,7 +1597,9 @@ ADMX Info: +
+ **AppVirtualization/StreamingSharedContentStoreMode** @@ -1605,7 +1655,9 @@ ADMX Info: +
+ **AppVirtualization/StreamingSupportBranchCache** @@ -1661,7 +1713,9 @@ ADMX Info: +
+ **AppVirtualization/StreamingVerifyCertificateRevocationList** @@ -1717,7 +1771,9 @@ ADMX Info: +
+ **AppVirtualization/VirtualComponentsAllowList** diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md index 71012e8237..21e12791ee 100644 --- a/windows/client-management/mdm/policy-csp-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - AttachmentManager @@ -30,7 +30,9 @@ ms.date: 11/01/2017 +
+ **AttachmentManager/DoNotPreserveZoneInformation** @@ -92,7 +94,9 @@ ADMX Info: +
+ **AttachmentManager/HideZoneInfoMechanism** @@ -154,7 +158,9 @@ ADMX Info: +
+ **AttachmentManager/NotifyAntivirusPrograms** diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index 5d6851b66b..16cef802ca 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - Authentication @@ -36,7 +36,9 @@ ms.date: 12/14/2017 +
+ **Authentication/AllowAadPasswordReset** @@ -73,7 +75,7 @@ ms.date: 12/14/2017 -Added in Windows 10, version 1709. Specifies whether password reset is enabled for Azure Active Directory accounts. This policy allows the Azure AD tenant administrators to enable self service password reset feature on the windows logon screen.  +Added in Windows 10, version 1709. Specifies whether password reset is enabled for Azure Active Directory accounts. This policy allows the Azure AD tenant administrators to enable self service password reset feature on the windows logon screen. @@ -84,7 +86,9 @@ The following list shows the supported values: +
+ **Authentication/AllowEAPCertSSO** @@ -132,7 +136,9 @@ The following list shows the supported values: +
+ **Authentication/AllowFastReconnect** @@ -182,7 +188,9 @@ The following list shows the supported values: +
+ **Authentication/AllowFidoDeviceSignon** @@ -234,7 +242,9 @@ The following list shows the supported values: +
+ **Authentication/AllowSecondaryAuthenticationDevice** diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md index 0eeac9b230..ea392f0f79 100644 --- a/windows/client-management/mdm/policy-csp-autoplay.md +++ b/windows/client-management/mdm/policy-csp-autoplay.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - Autoplay @@ -30,7 +30,9 @@ ms.date: 11/01/2017 +
+ **Autoplay/DisallowAutoplayForNonVolumeDevices** @@ -91,7 +93,9 @@ ADMX Info: +
+ **Autoplay/SetDefaultAutoRunBehavior** @@ -161,7 +165,9 @@ ADMX Info: +
+ **Autoplay/TurnOffAutoPlay** diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md index e575654a6d..5310af5a0a 100644 --- a/windows/client-management/mdm/policy-csp-bitlocker.md +++ b/windows/client-management/mdm/policy-csp-bitlocker.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - Bitlocker @@ -24,7 +24,9 @@ ms.date: 12/14/2017 +
+ **Bitlocker/EncryptionMethod** diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index a292b521f3..aebbabd6f8 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - Bluetooth @@ -36,7 +36,9 @@ ms.date: 12/14/2017 +
+ **Bluetooth/AllowAdvertising** @@ -88,7 +90,9 @@ The following list shows the supported values: +
+ **Bluetooth/AllowDiscoverableMode** @@ -140,7 +144,9 @@ The following list shows the supported values: +
+ **Bluetooth/AllowPrepairing** @@ -188,7 +194,9 @@ The following list shows the supported values: +
+ **Bluetooth/LocalDeviceName** @@ -233,7 +241,9 @@ If this policy is not set or it is deleted, the default local radio name is used +
+ **Bluetooth/ServicesAllowedList** diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index 1a799e9db8..5e4018865e 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/03/2018 +ms.date: 01/29/2018 --- # Policy CSP - Browser @@ -137,7 +137,9 @@ ms.date: 01/03/2018 +
+ **Browser/AllowAddressBarDropdown** @@ -191,7 +193,9 @@ The following list shows the supported values: +
+ **Browser/AllowAutofill** @@ -249,7 +253,9 @@ The following list shows the supported values: +
+ **Browser/AllowBrowser** @@ -306,7 +312,9 @@ The following list shows the supported values: +
+ **Browser/AllowCookies** @@ -362,7 +370,9 @@ To verify AllowCookies is set to 0 (not allowed): +
+ **Browser/AllowDeveloperTools** @@ -417,7 +427,9 @@ The following list shows the supported values: +
+ **Browser/AllowDoNotTrack** @@ -475,7 +487,9 @@ The following list shows the supported values: +
+ **Browser/AllowExtensions** @@ -524,7 +538,9 @@ The following list shows the supported values: +
+ **Browser/AllowFlash** @@ -573,7 +589,9 @@ The following list shows the supported values: +
+ **Browser/AllowFlashClickToRun** @@ -622,7 +640,9 @@ The following list shows the supported values: +
+ **Browser/AllowInPrivate** @@ -673,7 +693,9 @@ The following list shows the supported values: +
+ **Browser/AllowMicrosoftCompatibilityList** @@ -727,7 +749,9 @@ The following list shows the supported values: +
+ **Browser/AllowPasswordManager** @@ -785,7 +809,9 @@ The following list shows the supported values: +
+ **Browser/AllowPopups** @@ -843,7 +869,9 @@ The following list shows the supported values: +
+ **Browser/AllowSearchEngineCustomization** @@ -896,7 +924,9 @@ The following list shows the supported values: +
+ **Browser/AllowSearchSuggestionsinAddressBar** @@ -947,7 +977,9 @@ The following list shows the supported values: +
+ **Browser/AllowSmartScreen** @@ -1005,7 +1037,9 @@ The following list shows the supported values: +
+ **Browser/AlwaysEnableBooksLibrary** @@ -1032,7 +1066,6 @@ The following list shows the supported values: - [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1044,8 +1077,6 @@ The following list shows the supported values: - - Added in Windows 10, next majot update. Always show the Books Library in Microsoft Edge @@ -1057,7 +1088,9 @@ The following list shows the supported values: +
+ **Browser/ClearBrowsingDataOnExit** @@ -1114,7 +1147,9 @@ The following list shows the supported values: +
+ **Browser/ConfigureAdditionalSearchEngines** @@ -1171,7 +1206,9 @@ Most restricted value is 0. +
+ **Browser/DisableLockdownOfStartPages** @@ -1224,11 +1261,13 @@ Most restricted value is 0. The following list shows the supported values: - 0 (default) – Enable lockdown of the Start pages according to the settings specified in the Browser/HomePages policy. Users cannot change the Start pages.  -- 1 – Disable lockdown of the Start pages and allow users to modify them.   +- 1 – Disable lockdown of the Start pages and allow users to modify them. +
+ **Browser/EnableExtendedBooksTelemetry** @@ -1277,16 +1316,11 @@ The following list shows the supported values: - 0 (default) - Disable. No additional telemetry. - 1 - Enable. Additional telemetry for schools. - - - - - - - +
+ **Browser/EnterpriseModeSiteList** @@ -1337,7 +1371,9 @@ The following list shows the supported values: +
+ **Browser/EnterpriseSiteListServiceUrl** @@ -1380,7 +1416,9 @@ The following list shows the supported values: +
+ **Browser/FirstRunURL** @@ -1430,7 +1468,9 @@ The default value is an empty string. Otherwise, the string should contain the U +
+ **Browser/HomePages** @@ -1482,7 +1522,9 @@ Starting in Windows 10, version 1703, if you don’t want to send traffic to Mi +
+ **Browser/LockdownFavorites** @@ -1540,7 +1582,9 @@ The following list shows the supported values: +
+ **Browser/PreventAccessToAboutFlagsInMicrosoftEdge** @@ -1589,7 +1633,9 @@ The following list shows the supported values: +
+ **Browser/PreventFirstRunPage** @@ -1640,7 +1686,9 @@ The following list shows the supported values: +
+ **Browser/PreventLiveTileDataCollection** @@ -1691,7 +1739,9 @@ The following list shows the supported values: +
+ **Browser/PreventSmartScreenPromptOverride** @@ -1742,7 +1792,9 @@ The following list shows the supported values: +
+ **Browser/PreventSmartScreenPromptOverrideForFiles** @@ -1791,7 +1843,9 @@ The following list shows the supported values: +
+ **Browser/PreventUsingLocalHostIPAddressForWebRTC** @@ -1844,7 +1898,9 @@ The following list shows the supported values: +
+ **Browser/ProvisionFavorites** @@ -1899,7 +1955,9 @@ Data type is string. +
+ **Browser/SendIntranetTraffictoInternetExplorer** @@ -1954,7 +2012,9 @@ The following list shows the supported values: +
+ **Browser/SetDefaultSearchEngine** @@ -2010,7 +2070,9 @@ Most restricted value is 0. +
+ **Browser/ShowMessageWhenOpeningSitesInInternetExplorer** @@ -2065,7 +2127,9 @@ The following list shows the supported values: +
+ **Browser/SyncFavoritesBetweenIEAndMicrosoftEdge** @@ -2127,7 +2191,9 @@ The following list shows the supported values: +
+ **Browser/UseSharedFolderForBooks** @@ -2174,14 +2240,7 @@ The following list shows the supported values: - 0 - No shared folder. - 1 - Use a shared folder. - - - - - - -
diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md index 54098f70c4..6e910bd0ff 100644 --- a/windows/client-management/mdm/policy-csp-camera.md +++ b/windows/client-management/mdm/policy-csp-camera.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - Camera @@ -24,7 +24,9 @@ ms.date: 12/14/2017 +
+ **Camera/AllowCamera** diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md index 6c2905b717..c1be290991 100644 --- a/windows/client-management/mdm/policy-csp-cellular.md +++ b/windows/client-management/mdm/policy-csp-cellular.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/13/2017 +ms.date: 01/29/2018 --- # Policy CSP - Cellular @@ -36,7 +36,9 @@ ms.date: 12/13/2017 +
+ **Cellular/LetAppsAccessCellularData** @@ -97,7 +99,9 @@ The following list shows the supported values: +
+ **Cellular/LetAppsAccessCellularData_ForceAllowTheseApps** @@ -138,7 +142,9 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N +
+ **Cellular/LetAppsAccessCellularData_ForceDenyTheseApps** @@ -179,7 +185,9 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N +
+ **Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps** @@ -220,7 +228,9 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N +
+ **Cellular/ShowAppCellularAccessUI** diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index 50cf068b2e..e121d2f02c 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - Connectivity @@ -63,7 +63,9 @@ ms.date: 12/14/2017 +
+ **Connectivity/AllowBluetooth** @@ -119,7 +121,9 @@ The following list shows the supported values: +
+ **Connectivity/AllowCellularData** @@ -168,7 +172,9 @@ The following list shows the supported values: +
+ **Connectivity/AllowCellularDataRoaming** @@ -229,7 +235,9 @@ To validate on mobile devices, do the following: +
+ **Connectivity/AllowConnectedDevices** @@ -280,7 +288,9 @@ The following list shows the supported values: +
+ **Connectivity/AllowNFC** @@ -334,7 +344,9 @@ The following list shows the supported values: +
+ **Connectivity/AllowUSBConnection** @@ -390,7 +402,9 @@ The following list shows the supported values: +
+ **Connectivity/AllowVPNOverCellular** @@ -440,7 +454,9 @@ The following list shows the supported values: +
+ **Connectivity/AllowVPNRoamingOverCellular** @@ -490,7 +506,9 @@ The following list shows the supported values: +
+ **Connectivity/DiablePrintingOverHTTP** @@ -545,7 +563,9 @@ ADMX Info: +
+ **Connectivity/DisableDownloadingOfPrintDriversOverHTTP** @@ -600,7 +620,9 @@ ADMX Info: +
+ **Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards** @@ -655,7 +677,9 @@ ADMX Info: +
+ **Connectivity/DisallowNetworkConnectivityActiveTests** @@ -698,7 +722,9 @@ Value type is integer. +
+ **Connectivity/HardenedUNCPaths** @@ -756,7 +782,9 @@ ADMX Info: +
+ **Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge** diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md index c628f5e912..50f47bd8ee 100644 --- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md +++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/11/2018 +ms.date: 01/29/2018 --- # Policy CSP - ControlPolicyConflict @@ -26,7 +26,9 @@ ms.date: 01/11/2018 +
+ **ControlPolicyConflict/MDMWinsOverGP** @@ -80,14 +82,7 @@ The following list shows the supported values: - 0 (default) - 1 - The MDM policy is used and the GP policy is blocked. - - - - - - -
diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md index 8db7adb8b4..f7c8f906c5 100644 --- a/windows/client-management/mdm/policy-csp-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-credentialproviders.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - CredentialProviders @@ -30,7 +30,9 @@ ms.date: 12/14/2017 +
+ **CredentialProviders/AllowPINLogon** @@ -94,7 +96,9 @@ ADMX Info: +
+ **CredentialProviders/BlockPicturePassword** @@ -156,7 +160,9 @@ ADMX Info: +
+ **CredentialProviders/DisableAutomaticReDeploymentCredentials** diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md index 6a2a7950a3..f3cedd07cc 100644 --- a/windows/client-management/mdm/policy-csp-credentialsui.md +++ b/windows/client-management/mdm/policy-csp-credentialsui.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - CredentialsUI @@ -27,7 +27,9 @@ ms.date: 11/01/2017 +
+ **CredentialsUI/DisablePasswordReveal** @@ -92,7 +94,9 @@ ADMX Info: +
+ **CredentialsUI/EnumerateAdministrators** diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md index b8a7181d8e..921ef9f0a0 100644 --- a/windows/client-management/mdm/policy-csp-cryptography.md +++ b/windows/client-management/mdm/policy-csp-cryptography.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - Cryptography @@ -27,7 +27,9 @@ ms.date: 11/01/2017 +
+ **Cryptography/AllowFipsAlgorithmPolicy** @@ -73,7 +75,9 @@ The following list shows the supported values: +
+ **Cryptography/TLSCipherSuites** diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md index b0e270bdff..9fc7abd61d 100644 --- a/windows/client-management/mdm/policy-csp-dataprotection.md +++ b/windows/client-management/mdm/policy-csp-dataprotection.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - DataProtection @@ -27,7 +27,9 @@ ms.date: 12/14/2017 +
+ **DataProtection/AllowDirectMemoryAccess** @@ -77,7 +79,9 @@ The following list shows the supported values: +
+ **DataProtection/LegacySelectiveWipeID** diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md index b9d3a22ccc..ca2c55abb5 100644 --- a/windows/client-management/mdm/policy-csp-datausage.md +++ b/windows/client-management/mdm/policy-csp-datausage.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - DataUsage @@ -27,7 +27,9 @@ ms.date: 11/01/2017 +
+ **DataUsage/SetCost3G** @@ -93,7 +95,9 @@ ADMX Info: +
+ **DataUsage/SetCost4G** diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index bb91bd44bd..fc2c7798e6 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - Defender @@ -126,7 +126,9 @@ ms.date: 11/01/2017 +
+ **Defender/AllowArchiveScanning** @@ -176,7 +178,9 @@ The following list shows the supported values: +
+ **Defender/AllowBehaviorMonitoring** @@ -226,7 +230,9 @@ The following list shows the supported values: +
+ **Defender/AllowCloudProtection** @@ -276,7 +282,9 @@ The following list shows the supported values: +
+ **Defender/AllowEmailScanning** @@ -326,7 +334,9 @@ The following list shows the supported values: +
+ **Defender/AllowFullScanOnMappedNetworkDrives** @@ -376,7 +386,9 @@ The following list shows the supported values: +
+ **Defender/AllowFullScanRemovableDriveScanning** @@ -426,7 +438,9 @@ The following list shows the supported values: +
+ **Defender/AllowIOAVProtection** @@ -476,7 +490,9 @@ The following list shows the supported values: +
+ **Defender/AllowIntrusionPreventionSystem** @@ -526,7 +542,9 @@ The following list shows the supported values: +
+ **Defender/AllowOnAccessProtection** @@ -576,7 +594,9 @@ The following list shows the supported values: +
+ **Defender/AllowRealtimeMonitoring** @@ -626,7 +646,9 @@ The following list shows the supported values: +
+ **Defender/AllowScanningNetworkFiles** @@ -676,7 +698,9 @@ The following list shows the supported values: +
+ **Defender/AllowScriptScanning** @@ -726,7 +750,9 @@ The following list shows the supported values: +
+ **Defender/AllowUserUIAccess** @@ -776,7 +802,9 @@ The following list shows the supported values: +
+ **Defender/AttackSurfaceReductionOnlyExclusions** @@ -823,7 +851,9 @@ Value type is string. +
+ **Defender/AttackSurfaceReductionRules** @@ -872,7 +902,9 @@ Value type is string. +
+ **Defender/AvgCPULoadFactor** @@ -921,7 +953,9 @@ The default value is 50. +
+ **Defender/CloudBlockLevel** @@ -982,7 +1016,9 @@ The following list shows the supported values: +
+ **Defender/CloudExtendedTimeout** @@ -1033,7 +1069,9 @@ For example, if the desired timeout is 60 seconds, specify 50 seconds in this se +
+ **Defender/ControlledFolderAccessAllowedApplications** @@ -1077,7 +1115,9 @@ Added in Windows 10, version 1709. This policy setting allows user-specified app +
+ **Defender/ControlledFolderAccessProtectedFolders** @@ -1121,7 +1161,9 @@ Added in Windows 10, version 1709. This policy settings allows adding user-speci +
+ **Defender/DaysToRetainCleanedMalware** @@ -1170,7 +1212,9 @@ The default value is 0, which keeps items in quarantine, and does not automatica +
+ **Defender/EnableControlledFolderAccess** @@ -1210,7 +1254,7 @@ The default value is 0, which keeps items in quarantine, and does not automatica > [!NOTE] > This policy is only enforced in Windows 10 for desktop. The previous name was EnableGuardMyFolders and changed to EnableControlledFolderAccess. -Added in Windows 10, version 1709. This policy enables setting the state (On/Off/Audit) for the guard my folders feature. The guard my folders feature removes modify and delete permissions from untrusted applications to certain folders such as My Documents. Value type is integer and the range is 0 - 2. +Added in Windows 10, version 1709. This policy enables setting the state (On/Off/Audit) for the guard my folders feature. The guard my folders feature removes modify and delete permissions from untrusted applications to certain folders such as My Documents. Value type is integer and the range is 0 - 2. @@ -1222,7 +1266,9 @@ The following list shows the supported values: +
+ **Defender/EnableNetworkProtection** @@ -1280,7 +1326,9 @@ The following list shows the supported values: +
+ **Defender/ExcludedExtensions** @@ -1325,7 +1373,9 @@ Allows an administrator to specify a list of file type extensions to ignore duri +
+ **Defender/ExcludedPaths** @@ -1370,7 +1420,9 @@ Allows an administrator to specify a list of directory paths to ignore during a +
+ **Defender/ExcludedProcesses** @@ -1421,7 +1473,9 @@ Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\E +
+ **Defender/PUAProtection** @@ -1472,7 +1526,9 @@ The following list shows the supported values: +
+ **Defender/RealTimeScanDirection** @@ -1527,7 +1583,9 @@ The following list shows the supported values: +
+ **Defender/ScanParameter** @@ -1577,7 +1635,9 @@ The following list shows the supported values: +
+ **Defender/ScheduleQuickScanTime** @@ -1632,7 +1692,9 @@ The default value is 120 +
+ **Defender/ScheduleScanDay** @@ -1693,7 +1755,9 @@ The following list shows the supported values: +
+ **Defender/ScheduleScanTime** @@ -1748,7 +1812,9 @@ The default value is 120. +
+ **Defender/SignatureUpdateInterval** @@ -1799,7 +1865,9 @@ The default value is 8. +
+ **Defender/SubmitSamplesConsent** @@ -1851,7 +1919,9 @@ The following list shows the supported values: +
+ **Defender/ThreatSeverityDefaultAction** diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index 812d07ecac..2489a17f31 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/03/2018 +ms.date: 01/29/2018 --- # Policy CSP - DeliveryOptimization @@ -95,7 +95,9 @@ ms.date: 01/03/2018 +
+ **DeliveryOptimization/DOAbsoluteMaxCacheSize** @@ -142,7 +144,9 @@ The default value is 10. +
+ **DeliveryOptimization/DOAllowVPNPeerCaching** @@ -194,7 +198,9 @@ The following list shows the supported values: +
+ **DeliveryOptimization/DODelayBackgroundDownloadFromHttp** @@ -236,17 +242,10 @@ Added in Windows 10, next major update. This policy allows you to delay the use After the max delay is reached, the download will resume using HTTP, either downloading the entire payload or complementing the bytes that could not be downloaded from peers. Note that a download that is waiting for peer sources, will appear to be stuck for the end user. The recommended value is 1 hour (3600). - - - - - - - - - +
+ **DeliveryOptimization/DODelayForegroundDownloadFromHttp** @@ -298,15 +297,12 @@ The following list shows the supported values as number of seconds: - 0 to 86400 (1 day) - 0 - managed by the cloud service - Default is not configured. + - - - - - - +
+ **DeliveryOptimization/DODownloadMode** @@ -362,7 +358,9 @@ The following list shows the supported values: +
+ **DeliveryOptimization/DOGroupId** @@ -410,7 +408,9 @@ This Policy specifies an arbitrary group ID that the device belongs to. Use this +
+ **DeliveryOptimization/DOGroupIdSource** @@ -465,15 +465,12 @@ The following list shows the supported values: - 2 - Authenticated domain SID - 3 - DHCP user option - 4 - DNS suffix + - - - - - - +
+ **DeliveryOptimization/DOMaxCacheAge** @@ -520,7 +517,9 @@ The default value is 259200 seconds (3 days). +
+ **DeliveryOptimization/DOMaxCacheSize** @@ -567,7 +566,9 @@ The default value is 20. +
+ **DeliveryOptimization/DOMaxDownloadBandwidth** @@ -614,7 +615,9 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts +
+ **DeliveryOptimization/DOMaxUploadBandwidth** @@ -661,7 +664,9 @@ The default value is 0, which permits unlimited possible bandwidth (optimized fo +
+ **DeliveryOptimization/DOMinBackgroundQos** @@ -708,7 +713,9 @@ The default value is 500. +
+ **DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload** @@ -754,7 +761,9 @@ The default value is 0. The value 0 (zero) means "not limited" and the cloud ser +
+ **DeliveryOptimization/DOMinDiskSizeAllowedToPeer** @@ -804,7 +813,9 @@ The default value is 32 GB. +
+ **DeliveryOptimization/DOMinFileSizeToCache** @@ -851,7 +862,9 @@ The default value is 100 MB. +
+ **DeliveryOptimization/DOMinRAMAllowedToPeer** @@ -898,7 +911,9 @@ The default value is 4 GB. +
+ **DeliveryOptimization/DOModifyCacheDrive** @@ -945,7 +960,9 @@ By default, %SystemDrive% is used to store the cache. +
+ **DeliveryOptimization/DOMonthlyUploadDataCap** @@ -994,7 +1011,9 @@ The default value is 20. +
+ **DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth** @@ -1034,18 +1053,12 @@ The default value is 20. Added in Windows 10, next major update. Specifies the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for background downloads. Note that downloads from LAN peers will not be throttled even when this policy is set. + - - - - - - - - - +
+ **DeliveryOptimization/DOPercentageMaxDownloadBandwidth** @@ -1054,7 +1067,9 @@ This policy is deprecated. Use [DOPercentageMaxForeDownloadBandwidth](#deliveryo +
+ **DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth** @@ -1094,18 +1109,12 @@ This policy is deprecated. Use [DOPercentageMaxForeDownloadBandwidth](#deliveryo Added in Windows 10, next major update. Specifies the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for foreground downloads. Note that downloads from LAN peers will not be throttled even when this policy is set. + - - - - - - - - - +
+ **DeliveryOptimization/DORestrictPeerSelectionBy** @@ -1154,14 +1163,10 @@ The following list shows the supported values: - 1 - Subnet mask. - - - - - - +
+ **DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth** @@ -1201,6 +1206,7 @@ The following list shows the supported values: Added in Windows 10, next major update. Specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. Note that downloads from LAN peers will not be throttled even when this policy is set. + This policy allows an IT Admin to define the following: @@ -1208,15 +1214,12 @@ This policy allows an IT Admin to define the following: - Business hours range (for example 06:00 to 18:00) - % of throttle for foreground traffic during business hours - % of throttle for foreground traffic outside of business hours + - - - - - - +
+ **DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth** @@ -1256,6 +1259,7 @@ This policy allows an IT Admin to define the following: Added in Windows 10, next major update. Specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. Note that downloads from LAN peers will not be throttled even when this policy is set. + This policy allows an IT Admin to define the following: @@ -1263,13 +1267,8 @@ This policy allows an IT Admin to define the following: - Business hours range (for example 06:00 to 18:00) - % of throttle for foreground traffic during business hours - % of throttle for foreground traffic outside of business hours + - - - - - -
diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md index 048304c12e..bf93aa8e5e 100644 --- a/windows/client-management/mdm/policy-csp-desktop.md +++ b/windows/client-management/mdm/policy-csp-desktop.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - Desktop @@ -24,7 +24,9 @@ ms.date: 11/01/2017 +
+ **Desktop/PreventUserRedirectionOfProfileFolders** diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md index 4b9ab87704..7a77348d53 100644 --- a/windows/client-management/mdm/policy-csp-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-deviceguard.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - DeviceGuard @@ -30,7 +30,9 @@ ms.date: 12/14/2017 +
+ **DeviceGuard/EnableVirtualizationBasedSecurity** @@ -67,7 +69,6 @@ ms.date: 12/14/2017 -  Added in Windows 10, version 1709. Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. Value type is integer. @@ -79,7 +80,9 @@ The following list shows the supported values: +
+ **DeviceGuard/LsaCfgFlags** @@ -116,7 +119,6 @@ The following list shows the supported values: -  Added in Windows 10, version 1709. This setting lets users turn on Credential Guard with virtualization-based security to help protect credentials at next reboot. Value type is integer. @@ -129,7 +131,9 @@ The following list shows the supported values: +
+ **DeviceGuard/RequirePlatformSecurityFeatures** @@ -167,8 +171,6 @@ The following list shows the supported values: Added in Windows 10, version 1709. Specifies the platform security level at the next reboot. Value type is integer. -  - diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md index 7e7740810a..efc8a18433 100644 --- a/windows/client-management/mdm/policy-csp-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - DeviceInstallation @@ -27,7 +27,9 @@ ms.date: 11/01/2017 +
+ **DeviceInstallation/PreventInstallationOfMatchingDeviceIDs** @@ -87,7 +89,9 @@ ADMX Info: +
+ **DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses** diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index 9d4a67b93c..963e8714e8 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/12/2018 +ms.date: 01/29/2018 --- # Policy CSP - DeviceLock @@ -74,7 +74,9 @@ ms.date: 01/12/2018 +
+ **DeviceLock/AllowIdleReturnWithoutPassword** @@ -129,7 +131,9 @@ The following list shows the supported values: +
+ **DeviceLock/AllowScreenTimeoutWhileLockedUserConfig** @@ -186,7 +190,9 @@ The following list shows the supported values: +
+ **DeviceLock/AllowSimpleDevicePassword** @@ -238,7 +244,9 @@ For additional information about this policy, see [Exchange ActiveSync Policy En +
+ **DeviceLock/AlphanumericDevicePasswordRequired** @@ -294,11 +302,11 @@ The following list shows the supported values: > > If **AlphanumericDevicePasswordRequired** is set to 0, then MinDevicePasswordLength = 4 and MinDevicePasswordComplexCharacters = 2. -  - +
+ **DeviceLock/DevicePasswordEnabled** @@ -384,7 +392,9 @@ The following list shows the supported values: +
+ **DeviceLock/DevicePasswordExpiration** @@ -438,7 +448,9 @@ For additional information about this policy, see [Exchange ActiveSync Policy En +
+ **DeviceLock/DevicePasswordHistory** @@ -494,7 +506,9 @@ For additional information about this policy, see [Exchange ActiveSync Policy En +
+ **DeviceLock/EnforceLockScreenAndLogonImage** @@ -541,7 +555,9 @@ Value type is a string, which is the full image filepath and filename. +
+ **DeviceLock/EnforceLockScreenProvider** @@ -588,7 +604,9 @@ Value type is a string, which is the AppID. +
+ **DeviceLock/MaxDevicePasswordFailedAttempts** @@ -649,7 +667,9 @@ For additional information about this policy, see [Exchange ActiveSync Policy En +
+ **DeviceLock/MaxInactivityTimeDeviceLock** @@ -701,7 +721,9 @@ For additional information about this policy, see [Exchange ActiveSync Policy En +
+ **DeviceLock/MaxInactivityTimeDeviceLockWithExternalDisplay** @@ -751,7 +773,9 @@ The following list shows the supported values: +
+ **DeviceLock/MinDevicePasswordComplexCharacters** @@ -863,7 +887,9 @@ For additional information about this policy, see [Exchange ActiveSync Policy En +
+ **DeviceLock/MinDevicePasswordLength** @@ -920,7 +946,9 @@ For additional information about this policy, see [Exchange ActiveSync Policy En +
+ **DeviceLock/MinimumPasswordAge** @@ -964,17 +992,10 @@ The minimum password age must be less than the Maximum password age, unless the Configure the minimum password age to be more than 0 if you want Enforce password history to be effective. Without a minimum password age, users can cycle through passwords repeatedly until they get to an old favorite. The default setting does not follow this recommendation, so that an administrator can specify a password for a user and then require the user to change the administrator-defined password when the user logs on. If the password history is set to 0, the user does not have to choose a new password. For this reason, Enforce password history is set to 1 by default. - - - - - - - - - +
+ **DeviceLock/PreventLockScreenSlideShow** @@ -1034,7 +1055,9 @@ ADMX Info: +
+ **DeviceLock/ScreenTimeoutWhileLocked** diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md index 2f510c687c..278ae2808f 100644 --- a/windows/client-management/mdm/policy-csp-display.md +++ b/windows/client-management/mdm/policy-csp-display.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - Display @@ -27,7 +27,9 @@ ms.date: 11/01/2017 +
+ **Display/TurnOffGdiDPIScalingForApps** @@ -81,7 +83,9 @@ To validate on Desktop, do the following: +
+ **Display/TurnOnGdiDPIScalingForApps** diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md index 0b37a6b5c5..ed70c0cb02 100644 --- a/windows/client-management/mdm/policy-csp-education.md +++ b/windows/client-management/mdm/policy-csp-education.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - Education @@ -30,7 +30,9 @@ ms.date: 12/14/2017 +
+ **Education/DefaultPrinterName** @@ -73,7 +75,9 @@ The policy value is expected to be the name (network host name) of an installed +
+ **Education/PreventAddingNewPrinters** @@ -121,7 +125,9 @@ The following list shows the supported values: +
+ **Education/PrinterNames** diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md index a53e00425b..1a432f3397 100644 --- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md +++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - EnterpriseCloudPrint @@ -39,7 +39,9 @@ ms.date: 11/01/2017 +
+ **EnterpriseCloudPrint/CloudPrintOAuthAuthority** @@ -84,7 +86,9 @@ The default value is an empty string. Otherwise, the value should contain the UR +
+ **EnterpriseCloudPrint/CloudPrintOAuthClientId** @@ -129,7 +133,9 @@ The default value is an empty string. Otherwise, the value should contain a GUID +
+ **EnterpriseCloudPrint/CloudPrintResourceId** @@ -174,7 +180,9 @@ The default value is an empty string. Otherwise, the value should contain a URL. +
+ **EnterpriseCloudPrint/CloudPrinterDiscoveryEndPoint** @@ -219,7 +227,9 @@ The default value is an empty string. Otherwise, the value should contain the UR +
+ **EnterpriseCloudPrint/DiscoveryMaxPrinterLimit** @@ -264,7 +274,9 @@ For Windows Mobile, the default value is 20. +
+ **EnterpriseCloudPrint/MopriaDiscoveryResourceId** diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md index 67f7bd2d6a..71b4c992f1 100644 --- a/windows/client-management/mdm/policy-csp-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-errorreporting.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - ErrorReporting @@ -36,7 +36,9 @@ ms.date: 11/01/2017 +
+ **ErrorReporting/CustomizeConsentSettings** @@ -106,7 +108,9 @@ ADMX Info: +
+ **ErrorReporting/DisableWindowsErrorReporting** @@ -166,7 +170,9 @@ ADMX Info: +
+ **ErrorReporting/DisplayErrorNotification** @@ -230,7 +236,9 @@ ADMX Info: +
+ **ErrorReporting/DoNotSendAdditionalData** @@ -290,7 +298,9 @@ ADMX Info: +
+ **ErrorReporting/PreventCriticalErrorDisplay** diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md index ea5746021f..c98738d293 100644 --- a/windows/client-management/mdm/policy-csp-eventlogservice.md +++ b/windows/client-management/mdm/policy-csp-eventlogservice.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - EventLogService @@ -33,7 +33,9 @@ ms.date: 11/01/2017 +
+ **EventLogService/ControlEventLogBehavior** @@ -95,7 +97,9 @@ ADMX Info: +
+ **EventLogService/SpecifyMaximumFileSizeApplicationLog** @@ -155,7 +159,9 @@ ADMX Info: +
+ **EventLogService/SpecifyMaximumFileSizeSecurityLog** @@ -215,7 +221,9 @@ ADMX Info: +
+ **EventLogService/SpecifyMaximumFileSizeSystemLog** diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index cb04d76f6a..c8aaf83293 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/19/2017 +ms.date: 01/29/2018 --- # Policy CSP - Experience @@ -86,7 +86,9 @@ ms.date: 12/19/2017 +
+ **Experience/AllowCopyPaste** @@ -139,7 +141,9 @@ The following list shows the supported values: +
+ **Experience/AllowCortana** @@ -189,7 +193,9 @@ The following list shows the supported values: +
+ **Experience/AllowDeviceDiscovery** @@ -241,7 +247,9 @@ The following list shows the supported values: +
+ **Experience/AllowFindMyDevice** @@ -293,7 +301,9 @@ The following list shows the supported values: +
+ **Experience/AllowManualMDMUnenrollment** @@ -347,7 +357,9 @@ The following list shows the supported values: +
+ **Experience/AllowSIMErrorDialogPromptWhenNoSIM** @@ -399,15 +411,20 @@ The following list shows the supported values: +
+ **Experience/AllowSaveAsOfOfficeFiles** This policy is deprecated. + +
+ **Experience/AllowScreenCapture** @@ -461,15 +478,20 @@ The following list shows the supported values: +
+ **Experience/AllowSharingOfOfficeFiles** This policy is deprecated. + +
+ **Experience/AllowSyncMySettings** @@ -517,7 +539,9 @@ The following list shows the supported values: +
+ **Experience/AllowTailoredExperiencesWithDiagnosticData** @@ -574,7 +598,9 @@ The following list shows the supported values: +
+ **Experience/AllowTaskSwitcher** @@ -626,7 +652,9 @@ The following list shows the supported values: +
+ **Experience/AllowThirdPartySuggestionsInWindowsSpotlight** @@ -678,7 +706,9 @@ The following list shows the supported values: +
+ **Experience/AllowVoiceRecording** @@ -732,7 +762,9 @@ The following list shows the supported values: +
+ **Experience/AllowWindowsConsumerFeatures** @@ -786,7 +818,9 @@ The following list shows the supported values: +
+ **Experience/AllowWindowsSpotlight** @@ -840,7 +874,9 @@ The following list shows the supported values: +
+ **Experience/AllowWindowsSpotlightOnActionCenter** @@ -893,7 +929,9 @@ The following list shows the supported values: +
+ **Experience/AllowWindowsSpotlightWindowsWelcomeExperience** @@ -947,7 +985,9 @@ The following list shows the supported values: +
+ **Experience/AllowWindowsTips** @@ -995,7 +1035,9 @@ The following list shows the supported values: +
+ **Experience/ConfigureWindowsSpotlightOnLockScreen** @@ -1046,7 +1088,9 @@ The following list shows the supported values: +
+ **Experience/DoNotShowFeedbackNotifications** diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md index 7c42eba692..c5da5ddb2d 100644 --- a/windows/client-management/mdm/policy-csp-exploitguard.md +++ b/windows/client-management/mdm/policy-csp-exploitguard.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - ExploitGuard @@ -24,7 +24,9 @@ ms.date: 11/01/2017 +
+ **ExploitGuard/ExploitProtectionSettings** diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md index 86a2dccbac..d0db2bf70f 100644 --- a/windows/client-management/mdm/policy-csp-games.md +++ b/windows/client-management/mdm/policy-csp-games.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - Games @@ -24,7 +24,9 @@ ms.date: 12/14/2017 +
+ **Games/AllowAdvancedGamingServices** diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md index 6806de6ebf..98cb777d45 100644 --- a/windows/client-management/mdm/policy-csp-handwriting.md +++ b/windows/client-management/mdm/policy-csp-handwriting.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - Handwriting @@ -24,7 +24,9 @@ ms.date: 12/14/2017 +
+ **Handwriting/PanelDefaultModeDocked** @@ -67,7 +69,7 @@ The handwriting panel has 2 modes - floats near the text box, or docked to the b In floating mode, the content is hidden behind a flying-in panel and results in end-user dissatisfaction. The end-user will need to drag the flying-in panel to see the rest of the content. In the fixed mode, the flying-in panel is fixed to the bottom of the screen and does not require any user interaction. -The docked mode is especially useful in Kiosk mode where you do not expect the end-user to drag the flying-in panel out of the way. +The docked mode is especially useful in Kiosk mode where you do not expect the end-user to drag the flying-in panel out of the way. diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index 88e6a352f7..8eb6808dbe 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - InternetExplorer @@ -750,7 +750,9 @@ ms.date: 11/01/2017 +
+ **InternetExplorer/AddSearchProvider** @@ -811,7 +813,9 @@ ADMX Info: +
+ **InternetExplorer/AllowActiveXFiltering** @@ -872,7 +876,9 @@ ADMX Info: +
+ **InternetExplorer/AllowAddOnList** @@ -939,7 +945,9 @@ ADMX Info: +
+ **InternetExplorer/AllowAutoComplete** @@ -976,6 +984,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -993,7 +1002,9 @@ ADMX Info: +
+ **InternetExplorer/AllowCertificateAddressMismatchWarning** @@ -1031,6 +1042,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1048,7 +1060,9 @@ ADMX Info: +
+ **InternetExplorer/AllowDeletingBrowsingHistoryOnExit** @@ -1086,6 +1100,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1103,7 +1118,9 @@ ADMX Info: +
+ **InternetExplorer/AllowEnhancedProtectedMode** @@ -1166,7 +1183,9 @@ ADMX Info: +
+ **InternetExplorer/AllowEnterpriseModeFromToolsMenu** @@ -1227,7 +1246,9 @@ ADMX Info: +
+ **InternetExplorer/AllowEnterpriseModeSiteList** @@ -1288,7 +1309,9 @@ ADMX Info: +
+ **InternetExplorer/AllowFallbackToSSL3** @@ -1325,6 +1348,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1342,7 +1366,9 @@ ADMX Info: +
+ **InternetExplorer/AllowInternetExplorer7PolicyList** @@ -1403,7 +1429,9 @@ ADMX Info: +
+ **InternetExplorer/AllowInternetExplorerStandardsMode** @@ -1466,7 +1494,9 @@ ADMX Info: +
+ **InternetExplorer/AllowInternetZoneTemplate** @@ -1533,7 +1563,9 @@ ADMX Info: +
+ **InternetExplorer/AllowIntranetZoneTemplate** @@ -1600,7 +1632,9 @@ ADMX Info: +
+ **InternetExplorer/AllowLocalMachineZoneTemplate** @@ -1667,7 +1701,9 @@ ADMX Info: +
+ **InternetExplorer/AllowLockedDownInternetZoneTemplate** @@ -1734,7 +1770,9 @@ ADMX Info: +
+ **InternetExplorer/AllowLockedDownIntranetZoneTemplate** @@ -1801,7 +1839,9 @@ ADMX Info: +
+ **InternetExplorer/AllowLockedDownLocalMachineZoneTemplate** @@ -1868,7 +1908,9 @@ ADMX Info: +
+ **InternetExplorer/AllowLockedDownRestrictedSitesZoneTemplate** @@ -1935,7 +1977,9 @@ ADMX Info: +
+ **InternetExplorer/AllowOneWordEntry** @@ -1996,7 +2040,9 @@ ADMX Info: +
+ **InternetExplorer/AllowSiteToZoneAssignmentList** @@ -2063,7 +2109,9 @@ ADMX Info: +
+ **InternetExplorer/AllowSoftwareWhenSignatureIsInvalid** @@ -2101,6 +2149,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2118,7 +2167,9 @@ ADMX Info: +
+ **InternetExplorer/AllowSuggestedSites** @@ -2181,7 +2232,9 @@ ADMX Info: +
+ **InternetExplorer/AllowTrustedSitesZoneTemplate** @@ -2248,7 +2301,9 @@ ADMX Info: +
+ **InternetExplorer/AllowsLockedDownTrustedSitesZoneTemplate** @@ -2315,7 +2370,9 @@ ADMX Info: +
+ **InternetExplorer/AllowsRestrictedSitesZoneTemplate** @@ -2382,7 +2439,9 @@ ADMX Info: +
+ **InternetExplorer/CheckServerCertificateRevocation** @@ -2420,6 +2479,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2437,7 +2497,9 @@ ADMX Info: +
+ **InternetExplorer/CheckSignaturesOnDownloadedPrograms** @@ -2475,6 +2537,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2492,7 +2555,9 @@ ADMX Info: +
+ **InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses** @@ -2530,6 +2595,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2547,7 +2613,9 @@ ADMX Info: +
+ **InternetExplorer/DisableAdobeFlash** @@ -2610,7 +2678,9 @@ ADMX Info: +
+ **InternetExplorer/DisableBypassOfSmartScreenWarnings** @@ -2671,7 +2741,9 @@ ADMX Info: +
+ **InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles** @@ -2732,7 +2804,9 @@ ADMX Info: +
+ **InternetExplorer/DisableConfiguringHistory** @@ -2770,6 +2844,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2787,7 +2862,9 @@ ADMX Info: +
+ **InternetExplorer/DisableCrashDetection** @@ -2825,6 +2902,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2842,7 +2920,9 @@ ADMX Info: +
+ **InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation** @@ -2905,7 +2985,9 @@ ADMX Info: +
+ **InternetExplorer/DisableDeletingUserVisitedWebsites** @@ -2943,6 +3025,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2960,7 +3043,9 @@ ADMX Info: +
+ **InternetExplorer/DisableEnclosureDownloading** @@ -3021,7 +3106,9 @@ ADMX Info: +
+ **InternetExplorer/DisableEncryptionSupport** @@ -3084,7 +3171,9 @@ ADMX Info: +
+ **InternetExplorer/DisableFirstRunWizard** @@ -3149,7 +3238,9 @@ ADMX Info: +
+ **InternetExplorer/DisableFlipAheadFeature** @@ -3214,7 +3305,9 @@ ADMX Info: +
+ **InternetExplorer/DisableHomePageChange** @@ -3274,7 +3367,9 @@ ADMX Info: +
+ **InternetExplorer/DisableIgnoringCertificateErrors** @@ -3312,6 +3407,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3329,7 +3425,9 @@ ADMX Info: +
+ **InternetExplorer/DisableInPrivateBrowsing** @@ -3367,6 +3465,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3384,7 +3483,9 @@ ADMX Info: +
+ **InternetExplorer/DisableProcessesInEnhancedProtectedMode** @@ -3422,6 +3523,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3439,7 +3541,9 @@ ADMX Info: +
+ **InternetExplorer/DisableProxyChange** @@ -3500,7 +3604,9 @@ ADMX Info: +
+ **InternetExplorer/DisableSearchProviderChange** @@ -3561,7 +3667,9 @@ ADMX Info: +
+ **InternetExplorer/DisableSecondaryHomePageChange** @@ -3624,7 +3732,9 @@ ADMX Info: +
+ **InternetExplorer/DisableSecuritySettingsCheck** @@ -3662,6 +3772,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3679,7 +3790,9 @@ ADMX Info: +
+ **InternetExplorer/DisableUpdateCheck** @@ -3741,7 +3854,9 @@ ADMX Info: +
+ **InternetExplorer/DoNotAllowActiveXControlsInProtectedMode** @@ -3779,6 +3894,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3796,7 +3912,9 @@ ADMX Info: +
+ **InternetExplorer/DoNotAllowUsersToAddSites** @@ -3862,7 +3980,9 @@ ADMX Info: +
+ **InternetExplorer/DoNotAllowUsersToChangePolicies** @@ -3928,7 +4048,9 @@ ADMX Info: +
+ **InternetExplorer/DoNotBlockOutdatedActiveXControls** @@ -3991,7 +4113,9 @@ ADMX Info: +
+ **InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomains** @@ -4058,7 +4182,9 @@ ADMX Info: +
+ **InternetExplorer/IncludeAllLocalSites** @@ -4121,7 +4247,9 @@ ADMX Info: +
+ **InternetExplorer/IncludeAllNetworkPaths** @@ -4184,7 +4312,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowAccessToDataSources** @@ -4247,7 +4377,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowAutomaticPromptingForActiveXControls** @@ -4310,7 +4442,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads** @@ -4371,7 +4505,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowCopyPasteViaScript** @@ -4409,6 +4545,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4426,7 +4563,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles** @@ -4464,6 +4603,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4481,7 +4621,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowFontDownloads** @@ -4544,7 +4686,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowLessPrivilegedSites** @@ -4607,7 +4751,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles** @@ -4645,6 +4791,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4662,7 +4809,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents** @@ -4725,7 +4874,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls** @@ -4763,6 +4914,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4780,7 +4932,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl** @@ -4818,6 +4972,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4835,7 +4990,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowScriptInitiatedWindows** @@ -4873,6 +5030,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4890,7 +5048,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls** @@ -4928,6 +5088,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4945,7 +5106,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowScriptlets** @@ -5008,7 +5171,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowSmartScreenIE** @@ -5073,7 +5238,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript** @@ -5111,6 +5278,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5128,7 +5296,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneAllowUserDataPersistence** @@ -5191,7 +5361,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls** @@ -5229,6 +5401,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5246,7 +5419,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneDownloadSignedActiveXControls** @@ -5284,6 +5459,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5301,7 +5477,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneDownloadUnsignedActiveXControls** @@ -5339,6 +5517,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5356,7 +5535,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter** @@ -5394,6 +5575,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5411,7 +5593,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows** @@ -5449,6 +5633,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5466,7 +5651,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows** @@ -5504,6 +5691,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5521,7 +5709,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneEnableMIMESniffing** @@ -5559,6 +5749,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5576,7 +5767,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneEnableProtectedMode** @@ -5614,6 +5807,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5631,7 +5825,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer** @@ -5669,6 +5865,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5686,7 +5883,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneInitializeAndScriptActiveXControls** @@ -5751,7 +5950,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe** @@ -5779,9 +5980,12 @@ ADMX Info: + +
+ **InternetExplorer/InternetZoneJavaPermissions** @@ -5819,6 +6023,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5836,7 +6041,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME** @@ -5874,6 +6081,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5891,7 +6099,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneLogonOptions** @@ -5929,6 +6139,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5946,7 +6157,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneNavigateWindowsAndFrames** @@ -6009,7 +6222,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode** @@ -6047,6 +6262,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6064,7 +6280,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles** @@ -6102,6 +6320,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6119,7 +6338,9 @@ ADMX Info: +
+ **InternetExplorer/InternetZoneUsePopupBlocker** @@ -6157,6 +6378,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6174,7 +6396,9 @@ ADMX Info: +
+ **InternetExplorer/IntranetZoneAllowAccessToDataSources** @@ -6237,7 +6461,9 @@ ADMX Info: +
+ **InternetExplorer/IntranetZoneAllowAutomaticPromptingForActiveXControls** @@ -6300,7 +6526,9 @@ ADMX Info: +
+ **InternetExplorer/IntranetZoneAllowAutomaticPromptingForFileDownloads** @@ -6361,7 +6589,9 @@ ADMX Info: +
+ **InternetExplorer/IntranetZoneAllowFontDownloads** @@ -6424,7 +6654,9 @@ ADMX Info: +
+ **InternetExplorer/IntranetZoneAllowLessPrivilegedSites** @@ -6487,7 +6719,9 @@ ADMX Info: +
+ **InternetExplorer/IntranetZoneAllowNETFrameworkReliantComponents** @@ -6550,7 +6784,9 @@ ADMX Info: +
+ **InternetExplorer/IntranetZoneAllowScriptlets** @@ -6613,7 +6849,9 @@ ADMX Info: +
+ **InternetExplorer/IntranetZoneAllowSmartScreenIE** @@ -6678,7 +6916,9 @@ ADMX Info: +
+ **InternetExplorer/IntranetZoneAllowUserDataPersistence** @@ -6741,7 +6981,9 @@ ADMX Info: +
+ **InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls** @@ -6779,6 +7021,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6796,7 +7039,9 @@ ADMX Info: +
+ **InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls** @@ -6861,7 +7106,9 @@ ADMX Info: +
+ **InternetExplorer/IntranetZoneJavaPermissions** @@ -6899,6 +7146,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6916,7 +7164,9 @@ ADMX Info: +
+ **InternetExplorer/IntranetZoneNavigateWindowsAndFrames** @@ -6979,7 +7229,9 @@ ADMX Info: +
+ **InternetExplorer/LocalMachineZoneAllowAccessToDataSources** @@ -7042,7 +7294,9 @@ ADMX Info: +
+ **InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForActiveXControls** @@ -7105,7 +7359,9 @@ ADMX Info: +
+ **InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForFileDownloads** @@ -7166,7 +7422,9 @@ ADMX Info: +
+ **InternetExplorer/LocalMachineZoneAllowFontDownloads** @@ -7229,7 +7487,9 @@ ADMX Info: +
+ **InternetExplorer/LocalMachineZoneAllowLessPrivilegedSites** @@ -7292,7 +7552,9 @@ ADMX Info: +
+ **InternetExplorer/LocalMachineZoneAllowNETFrameworkReliantComponents** @@ -7355,7 +7617,9 @@ ADMX Info: +
+ **InternetExplorer/LocalMachineZoneAllowScriptlets** @@ -7418,7 +7682,9 @@ ADMX Info: +
+ **InternetExplorer/LocalMachineZoneAllowSmartScreenIE** @@ -7483,7 +7749,9 @@ ADMX Info: +
+ **InternetExplorer/LocalMachineZoneAllowUserDataPersistence** @@ -7546,7 +7814,9 @@ ADMX Info: +
+ **InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls** @@ -7584,6 +7854,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7601,7 +7872,9 @@ ADMX Info: +
+ **InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls** @@ -7666,7 +7939,9 @@ ADMX Info: +
+ **InternetExplorer/LocalMachineZoneJavaPermissions** @@ -7704,6 +7979,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7721,7 +7997,9 @@ ADMX Info: +
+ **InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames** @@ -7784,7 +8062,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownInternetZoneAllowAccessToDataSources** @@ -7847,7 +8127,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls** @@ -7910,7 +8192,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads** @@ -7971,7 +8255,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownInternetZoneAllowFontDownloads** @@ -8034,7 +8320,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownInternetZoneAllowLessPrivilegedSites** @@ -8097,7 +8385,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownInternetZoneAllowNETFrameworkReliantComponents** @@ -8160,7 +8450,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownInternetZoneAllowScriptlets** @@ -8223,7 +8515,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE** @@ -8288,7 +8582,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownInternetZoneAllowUserDataPersistence** @@ -8351,7 +8647,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls** @@ -8416,7 +8714,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownInternetZoneJavaPermissions** @@ -8454,6 +8754,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8471,7 +8772,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames** @@ -8534,7 +8837,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources** @@ -8597,7 +8902,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls** @@ -8660,7 +8967,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads** @@ -8721,7 +9030,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownIntranetZoneAllowFontDownloads** @@ -8784,7 +9095,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownIntranetZoneAllowLessPrivilegedSites** @@ -8847,7 +9160,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownIntranetZoneAllowNETFrameworkReliantComponents** @@ -8910,7 +9225,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownIntranetZoneAllowScriptlets** @@ -8973,7 +9290,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownIntranetZoneAllowSmartScreenIE** @@ -9038,7 +9357,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownIntranetZoneAllowUserDataPersistence** @@ -9101,7 +9422,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownIntranetZoneInitializeAndScriptActiveXControls** @@ -9166,7 +9489,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownIntranetZoneNavigateWindowsAndFrames** @@ -9229,7 +9554,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownLocalMachineZoneAllowAccessToDataSources** @@ -9292,7 +9619,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls** @@ -9355,7 +9684,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads** @@ -9416,7 +9747,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownLocalMachineZoneAllowFontDownloads** @@ -9479,7 +9812,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownLocalMachineZoneAllowLessPrivilegedSites** @@ -9542,7 +9877,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents** @@ -9605,7 +9942,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownLocalMachineZoneAllowScriptlets** @@ -9668,7 +10007,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownLocalMachineZoneAllowSmartScreenIE** @@ -9733,7 +10074,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownLocalMachineZoneAllowUserDataPersistence** @@ -9796,7 +10139,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls** @@ -9861,7 +10206,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownLocalMachineZoneJavaPermissions** @@ -9899,6 +10246,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9916,7 +10264,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames** @@ -9979,7 +10329,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownRestrictedSitesZoneAllowAccessToDataSources** @@ -10042,7 +10394,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls** @@ -10105,7 +10459,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads** @@ -10166,7 +10522,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownRestrictedSitesZoneAllowFontDownloads** @@ -10229,7 +10587,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownRestrictedSitesZoneAllowLessPrivilegedSites** @@ -10292,7 +10652,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents** @@ -10355,7 +10717,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownRestrictedSitesZoneAllowScriptlets** @@ -10418,7 +10782,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE** @@ -10483,7 +10849,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownRestrictedSitesZoneAllowUserDataPersistence** @@ -10546,7 +10914,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls** @@ -10611,7 +10981,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions** @@ -10649,6 +11021,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10666,7 +11039,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames** @@ -10729,7 +11104,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownTrustedSitesZoneAllowAccessToDataSources** @@ -10792,7 +11169,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls** @@ -10855,7 +11234,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads** @@ -10916,7 +11297,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownTrustedSitesZoneAllowFontDownloads** @@ -10979,7 +11362,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownTrustedSitesZoneAllowLessPrivilegedSites** @@ -11042,7 +11427,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents** @@ -11105,7 +11492,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownTrustedSitesZoneAllowScriptlets** @@ -11168,7 +11557,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownTrustedSitesZoneAllowSmartScreenIE** @@ -11233,7 +11624,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownTrustedSitesZoneAllowUserDataPersistence** @@ -11296,7 +11689,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls** @@ -11361,7 +11756,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions** @@ -11399,6 +11796,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11416,7 +11814,9 @@ ADMX Info: +
+ **InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames** @@ -11479,7 +11879,9 @@ ADMX Info: +
+ **InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses** @@ -11517,6 +11919,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11534,7 +11937,9 @@ ADMX Info: +
+ **InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses** @@ -11572,6 +11977,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11589,7 +11995,9 @@ ADMX Info: +
+ **InternetExplorer/NotificationBarInternetExplorerProcesses** @@ -11627,6 +12035,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11644,7 +12053,9 @@ ADMX Info: +
+ **InternetExplorer/PreventManagingSmartScreenFilter** @@ -11682,6 +12093,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11699,7 +12111,9 @@ ADMX Info: +
+ **InternetExplorer/PreventPerUserInstallationOfActiveXControls** @@ -11737,6 +12151,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11754,7 +12169,9 @@ ADMX Info: +
+ **InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses** @@ -11792,6 +12209,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11809,7 +12227,9 @@ ADMX Info: +
+ **InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls** @@ -11847,6 +12267,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11864,7 +12285,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses** @@ -11902,6 +12325,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11919,7 +12343,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictFileDownloadInternetExplorerProcesses** @@ -11957,6 +12383,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11974,7 +12401,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources** @@ -12037,7 +12466,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowActiveScripting** @@ -12075,6 +12506,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12092,7 +12524,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls** @@ -12155,7 +12589,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads** @@ -12216,7 +12652,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors** @@ -12254,6 +12692,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12271,7 +12710,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript** @@ -12309,6 +12750,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12326,7 +12768,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles** @@ -12364,6 +12808,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12381,7 +12826,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowFileDownloads** @@ -12419,6 +12866,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12436,7 +12884,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowFontDownloads** @@ -12499,7 +12949,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites** @@ -12562,7 +13014,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles** @@ -12600,6 +13054,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12617,7 +13072,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH** @@ -12655,6 +13112,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12672,7 +13130,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents** @@ -12735,7 +13195,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls** @@ -12773,6 +13235,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12790,7 +13253,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl** @@ -12828,6 +13293,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12845,7 +13311,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows** @@ -12883,6 +13351,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12900,7 +13369,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls** @@ -12938,6 +13409,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12955,7 +13427,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowScriptlets** @@ -13018,7 +13492,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE** @@ -13083,7 +13559,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript** @@ -13121,6 +13599,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13138,7 +13617,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence** @@ -13201,7 +13682,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls** @@ -13239,6 +13722,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13256,7 +13740,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls** @@ -13294,6 +13780,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13311,7 +13798,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls** @@ -13349,6 +13838,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13366,7 +13856,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter** @@ -13404,6 +13896,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13421,7 +13914,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows** @@ -13459,6 +13954,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13476,7 +13972,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows** @@ -13514,6 +14012,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13531,7 +14030,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneEnableMIMESniffing** @@ -13569,6 +14070,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13586,7 +14088,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer** @@ -13624,6 +14128,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13641,7 +14146,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls** @@ -13706,7 +14213,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneJavaPermissions** @@ -13744,6 +14253,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13761,7 +14271,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME** @@ -13799,6 +14311,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13816,7 +14329,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneLogonOptions** @@ -13854,6 +14369,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13871,7 +14387,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames** @@ -13934,7 +14452,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins** @@ -13972,6 +14492,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13989,7 +14510,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode** @@ -14027,6 +14550,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14044,7 +14568,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting** @@ -14082,6 +14608,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14099,7 +14626,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets** @@ -14137,6 +14666,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14154,7 +14684,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles** @@ -14192,6 +14724,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14209,7 +14742,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode** @@ -14247,6 +14782,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14264,7 +14800,9 @@ ADMX Info: +
+ **InternetExplorer/RestrictedSitesZoneUsePopupBlocker** @@ -14302,6 +14840,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14319,7 +14858,9 @@ ADMX Info: +
+ **InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses** @@ -14357,6 +14898,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14374,7 +14916,9 @@ ADMX Info: +
+ **InternetExplorer/SearchProviderList** @@ -14435,7 +14979,9 @@ ADMX Info: +
+ **InternetExplorer/SecurityZonesUseOnlyMachineSettings** @@ -14472,6 +15018,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14489,7 +15036,9 @@ ADMX Info: +
+ **InternetExplorer/SpecifyUseOfActiveXInstallerService** @@ -14527,6 +15076,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14544,7 +15094,9 @@ ADMX Info: +
+ **InternetExplorer/TrustedSitesZoneAllowAccessToDataSources** @@ -14607,7 +15159,9 @@ ADMX Info: +
+ **InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForActiveXControls** @@ -14670,7 +15224,9 @@ ADMX Info: +
+ **InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForFileDownloads** @@ -14731,7 +15287,9 @@ ADMX Info: +
+ **InternetExplorer/TrustedSitesZoneAllowFontDownloads** @@ -14794,7 +15352,9 @@ ADMX Info: +
+ **InternetExplorer/TrustedSitesZoneAllowLessPrivilegedSites** @@ -14857,7 +15417,9 @@ ADMX Info: +
+ **InternetExplorer/TrustedSitesZoneAllowNETFrameworkReliantComponents** @@ -14920,7 +15482,9 @@ ADMX Info: +
+ **InternetExplorer/TrustedSitesZoneAllowScriptlets** @@ -14983,7 +15547,9 @@ ADMX Info: +
+ **InternetExplorer/TrustedSitesZoneAllowSmartScreenIE** @@ -15048,7 +15614,9 @@ ADMX Info: +
+ **InternetExplorer/TrustedSitesZoneAllowUserDataPersistence** @@ -15111,7 +15679,9 @@ ADMX Info: +
+ **InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls** @@ -15149,6 +15719,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15166,7 +15737,9 @@ ADMX Info: +
+ **InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls** @@ -15231,7 +15804,9 @@ ADMX Info: +
+ **InternetExplorer/TrustedSitesZoneJavaPermissions** @@ -15269,6 +15844,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15286,7 +15862,9 @@ ADMX Info: +
+ **InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames** diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md index 43b40603af..322d3801c4 100644 --- a/windows/client-management/mdm/policy-csp-kerberos.md +++ b/windows/client-management/mdm/policy-csp-kerberos.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - Kerberos @@ -36,7 +36,9 @@ ms.date: 11/01/2017 +
+ **Kerberos/AllowForestSearchOrder** @@ -96,7 +98,9 @@ ADMX Info: +
+ **Kerberos/KerberosClientSupportsClaimsCompoundArmor** @@ -155,7 +159,9 @@ ADMX Info: +
+ **Kerberos/RequireKerberosArmoring** @@ -219,7 +225,9 @@ ADMX Info: +
+ **Kerberos/RequireStrictKDCValidation** @@ -279,7 +287,9 @@ ADMX Info: +
+ **Kerberos/SetMaximumContextTokenSize** diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md index ab4e33bba0..3384e28b77 100644 --- a/windows/client-management/mdm/policy-csp-kioskbrowser.md +++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/03/2018 +ms.date: 01/29/2018 --- # Policy CSP - KioskBrowser @@ -41,7 +41,9 @@ ms.date: 01/03/2018 +
+ **KioskBrowser/BlockedUrlExceptions** @@ -82,17 +84,10 @@ ms.date: 01/03/2018 Added in Windows 10, next major update. List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. - - - - - - - - - +
+ **KioskBrowser/BlockedUrls** @@ -133,17 +128,10 @@ Added in Windows 10, next major update. List of exceptions to the blocked websit Added in Windows 10, next major update. List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to. - - - - - - - - - +
+ **KioskBrowser/DefaultURL** @@ -184,17 +172,10 @@ Added in Windows 10, next major update. List of blocked website URLs (with wildc Added in Windows 10, next major update. Configures the default URL kiosk browsers to navigate on launch and restart. - - - - - - - - - +
+ **KioskBrowser/EnableHomeButton** @@ -235,17 +216,10 @@ Added in Windows 10, next major update. Configures the default URL kiosk browser Added in Windows 10, next major update. Enable/disable kiosk browser's home button. - - - - - - - - - +
+ **KioskBrowser/EnableNavigationButtons** @@ -286,17 +260,10 @@ Added in Windows 10, next major update. Enable/disable kiosk browser's home butt Added in Windows 10, next major update. Enable/disable kiosk browser's navigation buttons (forward/back). - - - - - - - - - +
+ **KioskBrowser/RestartOnIdleTime** @@ -339,15 +306,6 @@ Added in Windows 10, next major update. Amount of time in minutes the session is The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser. - - - - - - - - -
diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md index 58a2418bf7..6d5197aac8 100644 --- a/windows/client-management/mdm/policy-csp-licensing.md +++ b/windows/client-management/mdm/policy-csp-licensing.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - Licensing @@ -27,7 +27,9 @@ ms.date: 12/14/2017 +
+ **Licensing/AllowWindowsEntitlementReactivation** @@ -75,7 +77,9 @@ The following list shows the supported values: +
+ **Licensing/DisallowKMSClientOnlineAVSValidation** diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index 5ef2395ae6..5bd76c04ea 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/29/2017 +ms.date: 01/29/2018 --- # Policy CSP - LocalPoliciesSecurityOptions @@ -188,7 +188,9 @@ ms.date: 12/29/2017 +
+ **LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts** @@ -244,7 +246,9 @@ The following list shows the supported values: +
+ **LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus** @@ -297,7 +301,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus** @@ -347,7 +353,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly** @@ -405,7 +413,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount** @@ -452,7 +462,9 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount** @@ -499,7 +511,9 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon** @@ -546,17 +560,10 @@ Caution: Disabling this policy may tempt users to try and physically remove the laptop from its docking station using methods other than the external hardware eject button. Since this may cause damage to the hardware, this setting, in general, should only be disabled on laptop configurations that are physically securable. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia** @@ -603,17 +610,10 @@ This security setting determines who is allowed to format and eject removable NT Default: This policy is not defined and only Administrators have this ability. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters** @@ -662,17 +662,10 @@ Note This setting does not affect the ability to add a local printer. This setting does not affect Administrators. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly** @@ -718,17 +711,10 @@ If this policy is enabled, it allows only the interactively logged-on user to ac Default: This policy is not defined and CD-ROM access is not restricted to the locally logged-on user. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways** @@ -785,17 +771,10 @@ If this policy is enabled, the policy Domain member: Digitally sign secure chann Logon information transmitted over the secure channel is always encrypted regardless of whether encryption of ALL other secure channel traffic is negotiated or not. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible** @@ -849,17 +828,10 @@ There is no known reason for disabling this setting. Besides unnecessarily reduc Note: Domain controllers are also domain members and establish secure channels with other domain controllers in the same domain as well as domain controllers in trusted domains. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/DomainMember_DigitallySignSecureChannelDataWhenPossible** @@ -907,17 +879,10 @@ This setting determines whether or not the domain member attempts to negotiate s Default: Enabled. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges** @@ -966,17 +931,10 @@ This security setting should not be enabled. Computer account passwords are used This setting should not be used in an attempt to support dual-boot scenarios that use the same computer account. If you want to dual-boot two installations that are joined to the same domain, give the two installations different computer names. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/DomainMember_MaximumMachineAccountPasswordAge** @@ -1024,17 +982,10 @@ Important This setting applies to Windows 2000 computers, but it is not available through the Security Configuration Manager tools on these computers. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/DomainMember_RequireStrongSessionKey** @@ -1093,17 +1044,10 @@ In order to take advantage of this policy on member workstations and servers, al In order to take advantage of this policy on domain controllers, all domain controllers in the same domain as well as all trusted domains must run Windows 2000 or later. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked** @@ -1151,7 +1095,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn** @@ -1204,7 +1150,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn** @@ -1258,7 +1206,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/InteractiveLogon_DoNotRequireCTRLALTDEL** @@ -1313,7 +1263,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit** @@ -1363,7 +1315,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn** @@ -1412,7 +1366,9 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn** @@ -1459,7 +1415,9 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior** @@ -1520,17 +1478,10 @@ Default: This policy is not defined, which means that the system treats it as No On Windows Vista and above: For this setting to work, the Smart Card Removal Policy service must be started. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways** @@ -1592,17 +1543,10 @@ SMB packet signing can significantly degrade SMB performance, depending on diale For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees** @@ -1661,17 +1605,10 @@ SMB packet signing can significantly degrade SMB performance, depending on diale For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers** @@ -1717,17 +1654,10 @@ Sending unencrypted passwords is a security risk. Default: Disabled. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession** @@ -1775,17 +1705,10 @@ For this policy setting, a value of 0 means to disconnect an idle session as qui Default:This policy is not defined, which means that the system treats it as 15 minutes for servers and undefined for workstations. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways** @@ -1856,17 +1779,10 @@ HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\enableW9xsecurity For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees** @@ -1929,17 +1845,10 @@ SMB packet signing can significantly degrade SMB performance, depending on diale For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts** @@ -1995,17 +1904,10 @@ Important This policy has no impact on domain controllers. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares** @@ -2051,17 +1953,10 @@ Windows allows anonymous users to perform certain activities, such as enumeratin Default: Disabled. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers** @@ -2109,17 +2004,10 @@ If this policy is enabled, the Everyone SID is added to the token that is create Default: Disabled. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares** @@ -2165,17 +2053,10 @@ Network access: Shares that can be accessed anonymously Default: Enabled. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM** @@ -2221,17 +2102,10 @@ If not selected, the default security descriptor will be used. This policy is supported on at least Windows Server 2016. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM** @@ -2285,17 +2159,10 @@ This policy is supported on at least Windows Vista or Windows Server 2008. Note: Windows Vista or Windows Server 2008 do not expose this setting in Group Policy. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests** @@ -2344,7 +2211,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange** @@ -2395,17 +2264,10 @@ Windows 2000 Service Pack 2 (SP2) and above offer compatibility with authenticat This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP, and the Windows Server 2003 family to communicate with computers running Windows 95 and Windows 98. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel** @@ -2471,17 +2333,10 @@ Windows Server 2003: Send NTLM response only Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send NTLMv2 response only - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients** @@ -2532,17 +2387,10 @@ Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Windows 7 and Windows Server 2008 R2: Require 128-bit encryption - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers** @@ -2593,17 +2441,10 @@ Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Windows 7 and Windows Server 2008 R2: Require 128-bit encryption - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon** @@ -2644,7 +2485,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn** @@ -2699,7 +2542,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile** @@ -2747,17 +2592,10 @@ When this policy is enabled, it causes the system pagefile to be cleared upon cl Default: Disabled. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems** @@ -2803,17 +2641,10 @@ If this setting is enabled, case insensitivity is enforced for all directory obj Default: Enabled. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation** @@ -2867,7 +2698,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators** @@ -2926,7 +2759,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers** @@ -2978,7 +2813,9 @@ The following list shows the supported values: +
+ **LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation** @@ -3026,17 +2863,10 @@ Enabled: (Default) When an application installation package is detected that req Disabled: Application installation packages are not detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated** @@ -3085,7 +2915,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations** @@ -3140,7 +2972,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode** @@ -3190,7 +3024,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation** @@ -3239,7 +3075,9 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. +
+ **LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode** @@ -3287,17 +3125,10 @@ The options are: • Disabled: (Default) The built-in Administrator account runs all applications with full administrative privilege. - - - - - - - - - +
+ **LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations** diff --git a/windows/client-management/mdm/policy-csp-location.md b/windows/client-management/mdm/policy-csp-location.md index bc22abef7f..3863b5f6b1 100644 --- a/windows/client-management/mdm/policy-csp-location.md +++ b/windows/client-management/mdm/policy-csp-location.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - Location @@ -24,7 +24,9 @@ ms.date: 11/01/2017 +
+ **Location/EnableLocation** diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md index af9df333ee..e5f5ea3c9f 100644 --- a/windows/client-management/mdm/policy-csp-lockdown.md +++ b/windows/client-management/mdm/policy-csp-lockdown.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - LockDown @@ -24,7 +24,9 @@ ms.date: 12/14/2017 +
+ **LockDown/AllowEdgeSwipe** diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md index 06b6844b22..31f6725776 100644 --- a/windows/client-management/mdm/policy-csp-maps.md +++ b/windows/client-management/mdm/policy-csp-maps.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - Maps @@ -27,7 +27,9 @@ ms.date: 12/14/2017 +
+ **Maps/AllowOfflineMapsDownloadOverMeteredConnection** @@ -78,7 +80,9 @@ The following list shows the supported values: +
+ **Maps/EnableOfflineMapsAutoUpdate** diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md index aa1c3698b6..9d52633f18 100644 --- a/windows/client-management/mdm/policy-csp-messaging.md +++ b/windows/client-management/mdm/policy-csp-messaging.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - Messaging @@ -30,7 +30,9 @@ ms.date: 11/01/2017 +
+ **Messaging/AllowMMS** @@ -79,7 +81,9 @@ The following list shows the supported values: +
+ **Messaging/AllowMessageSync** @@ -125,7 +129,9 @@ The following list shows the supported values: +
+ **Messaging/AllowRCS** diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md index 341511e93c..63b61350a9 100644 --- a/windows/client-management/mdm/policy-csp-networkisolation.md +++ b/windows/client-management/mdm/policy-csp-networkisolation.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - NetworkIsolation @@ -45,7 +45,9 @@ ms.date: 11/01/2017 +
+ **NetworkIsolation/EnterpriseCloudResources** @@ -86,7 +88,9 @@ Contains a list of Enterprise resource domains hosted in the cloud that need to +
+ **NetworkIsolation/EnterpriseIPRange** @@ -140,7 +144,9 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff +
+ **NetworkIsolation/EnterpriseIPRangesAreAuthoritative** @@ -181,7 +187,9 @@ Boolean value that tells the client to accept the configured list and not to use +
+ **NetworkIsolation/EnterpriseInternalProxyServers** @@ -222,7 +230,9 @@ This is the comma-separated list of internal proxy servers. For example "157.54. +
+ **NetworkIsolation/EnterpriseNetworkDomainNames** @@ -273,7 +283,9 @@ Here are the steps to create canonical domain names: +
+ **NetworkIsolation/EnterpriseProxyServers** @@ -314,7 +326,9 @@ This is a comma-separated list of proxy servers. Any server on this list is cons +
+ **NetworkIsolation/EnterpriseProxyServersAreAuthoritative** @@ -355,7 +369,9 @@ Boolean value that tells the client to accept the configured list of proxies and +
+ **NetworkIsolation/NeutralResources** diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md index f5d74704a5..3086806c49 100644 --- a/windows/client-management/mdm/policy-csp-notifications.md +++ b/windows/client-management/mdm/policy-csp-notifications.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - Notifications @@ -24,7 +24,9 @@ ms.date: 12/14/2017 +
+ **Notifications/DisallowNotificationMirroring** diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md index e4ff5000c9..ac601b4c93 100644 --- a/windows/client-management/mdm/policy-csp-power.md +++ b/windows/client-management/mdm/policy-csp-power.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - Power @@ -48,7 +48,9 @@ ms.date: 11/01/2017 +
+ **Power/AllowStandbyWhenSleepingPluggedIn** @@ -108,7 +110,9 @@ ADMX Info: +
+ **Power/DisplayOffTimeoutOnBattery** @@ -170,7 +174,9 @@ ADMX Info: +
+ **Power/DisplayOffTimeoutPluggedIn** @@ -232,7 +238,9 @@ ADMX Info: +
+ **Power/HibernateTimeoutOnBattery** @@ -295,7 +303,9 @@ ADMX Info: +
+ **Power/HibernateTimeoutPluggedIn** @@ -357,7 +367,9 @@ ADMX Info: +
+ **Power/RequirePasswordWhenComputerWakesOnBattery** @@ -417,7 +429,9 @@ ADMX Info: +
+ **Power/RequirePasswordWhenComputerWakesPluggedIn** @@ -477,7 +491,9 @@ ADMX Info: +
+ **Power/StandbyTimeoutOnBattery** @@ -539,7 +555,9 @@ ADMX Info: +
+ **Power/StandbyTimeoutPluggedIn** diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md index 8718ad65f0..dc79350f3f 100644 --- a/windows/client-management/mdm/policy-csp-printers.md +++ b/windows/client-management/mdm/policy-csp-printers.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - Printers @@ -30,7 +30,9 @@ ms.date: 11/01/2017 +
+ **Printers/PointAndPrintRestrictions** @@ -103,7 +105,9 @@ ADMX Info: +
+ **Printers/PointAndPrintRestrictions_User** @@ -176,7 +180,9 @@ ADMX Info: +
+ **Printers/PublishPrinters** diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index 804f7611af..8cc054a89b 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - Privacy @@ -252,7 +252,9 @@ ms.date: 12/14/2017 +
+ **Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts** @@ -306,7 +308,9 @@ The following list shows the supported values: +
+ **Privacy/AllowInputPersonalization** @@ -346,7 +350,6 @@ The following list shows the supported values: Updated in Windows 10, version 1709. Allows the usage of cloud based speech services for Cortana, dictation, or Store applications. Setting this policy to 1, lets Microsoft use the user's voice data to improve cloud speech services for all users. Most restricted value is 0. -  @@ -355,10 +358,11 @@ The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
+ **Privacy/DisableAdvertisingId** @@ -409,7 +413,9 @@ The following list shows the supported values: +
+ **Privacy/EnableActivityFeed** @@ -457,7 +463,9 @@ The following list shows the supported values: +
+ **Privacy/LetAppsAccessAccountInfo** @@ -506,7 +514,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps** @@ -547,7 +557,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps** @@ -588,7 +600,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps** @@ -629,7 +643,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessCalendar** @@ -678,7 +694,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsAccessCalendar_ForceAllowTheseApps** @@ -719,7 +737,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessCalendar_ForceDenyTheseApps** @@ -760,7 +780,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessCalendar_UserInControlOfTheseApps** @@ -801,7 +823,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessCallHistory** @@ -850,7 +874,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsAccessCallHistory_ForceAllowTheseApps** @@ -891,7 +917,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessCallHistory_ForceDenyTheseApps** @@ -932,7 +960,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessCallHistory_UserInControlOfTheseApps** @@ -973,7 +1003,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessCamera** @@ -1022,7 +1054,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsAccessCamera_ForceAllowTheseApps** @@ -1063,7 +1097,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessCamera_ForceDenyTheseApps** @@ -1104,7 +1140,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessCamera_UserInControlOfTheseApps** @@ -1145,7 +1183,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessContacts** @@ -1194,7 +1234,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsAccessContacts_ForceAllowTheseApps** @@ -1235,7 +1277,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessContacts_ForceDenyTheseApps** @@ -1276,7 +1320,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessContacts_UserInControlOfTheseApps** @@ -1317,7 +1363,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessEmail** @@ -1366,7 +1414,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsAccessEmail_ForceAllowTheseApps** @@ -1407,7 +1457,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessEmail_ForceDenyTheseApps** @@ -1448,7 +1500,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessEmail_UserInControlOfTheseApps** @@ -1489,7 +1543,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessLocation** @@ -1538,7 +1594,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsAccessLocation_ForceAllowTheseApps** @@ -1579,7 +1637,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessLocation_ForceDenyTheseApps** @@ -1620,7 +1680,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessLocation_UserInControlOfTheseApps** @@ -1661,7 +1723,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessMessaging** @@ -1710,7 +1774,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsAccessMessaging_ForceAllowTheseApps** @@ -1751,7 +1817,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessMessaging_ForceDenyTheseApps** @@ -1792,7 +1860,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessMessaging_UserInControlOfTheseApps** @@ -1833,7 +1903,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessMicrophone** @@ -1882,7 +1954,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps** @@ -1923,7 +1997,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps** @@ -1964,7 +2040,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps** @@ -2005,7 +2083,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessMotion** @@ -2054,7 +2134,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsAccessMotion_ForceAllowTheseApps** @@ -2095,7 +2177,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessMotion_ForceDenyTheseApps** @@ -2136,7 +2220,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessMotion_UserInControlOfTheseApps** @@ -2177,7 +2263,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessNotifications** @@ -2226,7 +2314,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsAccessNotifications_ForceAllowTheseApps** @@ -2267,7 +2357,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessNotifications_ForceDenyTheseApps** @@ -2308,7 +2400,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessNotifications_UserInControlOfTheseApps** @@ -2349,7 +2443,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessPhone** @@ -2398,7 +2494,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsAccessPhone_ForceAllowTheseApps** @@ -2439,7 +2537,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessPhone_ForceDenyTheseApps** @@ -2480,7 +2580,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessPhone_UserInControlOfTheseApps** @@ -2521,7 +2623,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessRadios** @@ -2570,7 +2674,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsAccessRadios_ForceAllowTheseApps** @@ -2611,7 +2717,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessRadios_ForceDenyTheseApps** @@ -2652,7 +2760,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessRadios_UserInControlOfTheseApps** @@ -2693,7 +2803,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessTasks** @@ -2734,7 +2846,9 @@ Added in Windows 10, version 1703. Specifies whether Windows apps can access tas +
+ **Privacy/LetAppsAccessTasks_ForceAllowTheseApps** @@ -2775,7 +2889,9 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N +
+ **Privacy/LetAppsAccessTasks_ForceDenyTheseApps** @@ -2816,7 +2932,9 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N +
+ **Privacy/LetAppsAccessTasks_UserInControlOfTheseApps** @@ -2857,7 +2975,9 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N +
+ **Privacy/LetAppsAccessTrustedDevices** @@ -2906,7 +3026,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsAccessTrustedDevices_ForceAllowTheseApps** @@ -2947,7 +3069,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessTrustedDevices_ForceDenyTheseApps** @@ -2988,7 +3112,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps** @@ -3029,7 +3155,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsGetDiagnosticInfo** @@ -3078,7 +3206,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps** @@ -3119,7 +3249,9 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps** @@ -3160,7 +3292,9 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps** @@ -3201,7 +3335,9 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsRunInBackground** @@ -3252,7 +3388,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsRunInBackground_ForceAllowTheseApps** @@ -3293,7 +3431,9 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsRunInBackground_ForceDenyTheseApps** @@ -3334,7 +3474,9 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsRunInBackground_UserInControlOfTheseApps** @@ -3375,7 +3517,9 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsSyncWithDevices** @@ -3424,7 +3568,9 @@ Most restricted value is 2. +
+ **Privacy/LetAppsSyncWithDevices_ForceAllowTheseApps** @@ -3465,7 +3611,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps** @@ -3506,7 +3654,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps** @@ -3547,7 +3697,9 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family +
+ **Privacy/PublishUserActivities** diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md index 29f29a7267..b0b51ab819 100644 --- a/windows/client-management/mdm/policy-csp-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-remoteassistance.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - RemoteAssistance @@ -33,7 +33,9 @@ ms.date: 11/01/2017 +
+ **RemoteAssistance/CustomizeWarningMessages** @@ -99,7 +101,9 @@ ADMX Info: +
+ **RemoteAssistance/SessionLogging** @@ -161,7 +165,9 @@ ADMX Info: +
+ **RemoteAssistance/SolicitedRemoteAssistance** @@ -231,7 +237,9 @@ ADMX Info: +
+ **RemoteAssistance/UnsolicitedRemoteAssistance** diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md index dc0834d71a..782ca41f12 100644 --- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md +++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - RemoteDesktopServices @@ -39,7 +39,9 @@ ms.date: 11/01/2017 +
+ **RemoteDesktopServices/AllowUsersToConnectRemotely** @@ -105,7 +107,9 @@ ADMX Info: +
+ **RemoteDesktopServices/ClientConnectionEncryptionLevel** @@ -175,7 +179,9 @@ ADMX Info: +
+ **RemoteDesktopServices/DoNotAllowDriveRedirection** @@ -239,7 +245,9 @@ ADMX Info: +
+ **RemoteDesktopServices/DoNotAllowPasswordSaving** @@ -299,7 +307,9 @@ ADMX Info: +
+ **RemoteDesktopServices/PromptForPasswordUponConnection** @@ -365,7 +375,9 @@ ADMX Info: +
+ **RemoteDesktopServices/RequireSecureRPCCommunication** diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md index 315cac1258..176cd59211 100644 --- a/windows/client-management/mdm/policy-csp-remotemanagement.md +++ b/windows/client-management/mdm/policy-csp-remotemanagement.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - RemoteManagement @@ -66,7 +66,9 @@ ms.date: 11/01/2017 +
+ **RemoteManagement/AllowBasicAuthentication_Client** @@ -103,6 +105,7 @@ ms.date: 11/01/2017 + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -120,7 +123,9 @@ ADMX Info: +
+ **RemoteManagement/AllowBasicAuthentication_Service** @@ -157,6 +162,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -174,7 +180,9 @@ ADMX Info: +
+ **RemoteManagement/AllowCredSSPAuthenticationClient** @@ -211,6 +219,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -228,7 +237,9 @@ ADMX Info: +
+ **RemoteManagement/AllowCredSSPAuthenticationService** @@ -265,6 +276,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -282,7 +294,9 @@ ADMX Info: +
+ **RemoteManagement/AllowRemoteServerManagement** @@ -319,6 +333,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -336,7 +351,9 @@ ADMX Info: +
+ **RemoteManagement/AllowUnencryptedTraffic_Client** @@ -373,6 +390,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -390,7 +408,9 @@ ADMX Info: +
+ **RemoteManagement/AllowUnencryptedTraffic_Service** @@ -427,6 +447,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -444,7 +465,9 @@ ADMX Info: +
+ **RemoteManagement/DisallowDigestAuthentication** @@ -481,6 +504,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -498,7 +522,9 @@ ADMX Info: +
+ **RemoteManagement/DisallowNegotiateAuthenticationClient** @@ -535,6 +561,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -552,7 +579,9 @@ ADMX Info: +
+ **RemoteManagement/DisallowNegotiateAuthenticationService** @@ -589,6 +618,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -606,7 +636,9 @@ ADMX Info: +
+ **RemoteManagement/DisallowStoringOfRunAsCredentials** @@ -643,6 +675,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -660,7 +693,9 @@ ADMX Info: +
+ **RemoteManagement/SpecifyChannelBindingTokenHardeningLevel** @@ -697,6 +732,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -714,7 +750,9 @@ ADMX Info: +
+ **RemoteManagement/TrustedHosts** @@ -751,6 +789,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -768,7 +807,9 @@ ADMX Info: +
+ **RemoteManagement/TurnOnCompatibilityHTTPListener** @@ -805,6 +846,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -822,7 +864,9 @@ ADMX Info: +
+ **RemoteManagement/TurnOnCompatibilityHTTPSListener** @@ -859,6 +903,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md index 1569a65e29..7f7c9c2e4d 100644 --- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md +++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - RemoteProcedureCall @@ -27,7 +27,9 @@ ms.date: 11/01/2017 +
+ **RemoteProcedureCall/RPCEndpointMapperClientAuthentication** @@ -91,7 +93,9 @@ ADMX Info: +
+ **RemoteProcedureCall/RestrictUnauthenticatedRPCClients** diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md index a9538c867b..3a66eb8677 100644 --- a/windows/client-management/mdm/policy-csp-remoteshell.md +++ b/windows/client-management/mdm/policy-csp-remoteshell.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 11/01/2017 +ms.date: 01/29/2018 --- # Policy CSP - RemoteShell @@ -42,7 +42,9 @@ ms.date: 11/01/2017 +
+ **RemoteShell/AllowRemoteShellAccess** @@ -79,6 +81,7 @@ ms.date: 11/01/2017 + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -96,7 +99,9 @@ ADMX Info: +
+ **RemoteShell/MaxConcurrentUsers** @@ -133,6 +138,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -150,7 +156,9 @@ ADMX Info: +
+ **RemoteShell/SpecifyIdleTimeout** @@ -187,6 +195,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -204,7 +213,9 @@ ADMX Info: +
+ **RemoteShell/SpecifyMaxMemory** @@ -241,6 +252,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -258,7 +270,9 @@ ADMX Info: +
+ **RemoteShell/SpecifyMaxProcesses** @@ -295,6 +309,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -312,7 +327,9 @@ ADMX Info: +
+ **RemoteShell/SpecifyMaxRemoteShells** @@ -349,6 +366,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -366,7 +384,9 @@ ADMX Info: +
+ **RemoteShell/SpecifyShellTimeout** @@ -403,6 +423,7 @@ ADMX Info: + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index e5fca3da40..d992a30b6e 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/08/2018 +ms.date: 01/29/2018 --- # Policy CSP - Search @@ -65,7 +65,9 @@ ms.date: 01/08/2018 +
+ **Search/AllowCloudSearch** @@ -111,7 +113,9 @@ The following list shows the supported values: +
+ **Search/AllowCortanaInAAD** @@ -157,16 +161,11 @@ The following list shows the supported values: - 0 (default) - Not allowed. The Cortana consent page will not appear in AAD OOBE during setup. - 1 - Allowed. The Cortana consent page will appear in Azure AAD OOBE during setup. - - - - - - - +
+ **Search/AllowIndexingEncryptedStoresOrItems** @@ -220,7 +219,9 @@ The following list shows the supported values: +
+ **Search/AllowSearchToUseLocation** @@ -270,7 +271,9 @@ The following list shows the supported values: +
+ **Search/AllowStoringImagesFromVisionSearch** @@ -288,7 +291,9 @@ This policy has been deprecated. +
+ **Search/AllowUsingDiacritics** @@ -336,7 +341,9 @@ Most restricted value is 0. +
+ **Search/AllowWindowsIndexer** @@ -377,7 +384,9 @@ Allow Windows indexer. Value type is integer. +
+ **Search/AlwaysUseAutoLangDetection** @@ -425,7 +434,9 @@ Most restricted value is 0. +
+ **Search/DisableBackoff** @@ -471,7 +482,9 @@ The following list shows the supported values: +
+ **Search/DisableRemovableDriveIndexing** @@ -521,7 +534,9 @@ The following list shows the supported values: +
+ **Search/DoNotUseWebResults** @@ -573,14 +588,10 @@ The following list shows the supported values: - 1 (default) - Allowed. Queries will be performed on the web and web results will be displayed when a user performs a query in Search. - - - - - - +
+ **Search/PreventIndexingLowDiskSpaceMB** @@ -630,7 +641,9 @@ The following list shows the supported values: +
+ **Search/PreventRemoteQueries** @@ -676,7 +689,9 @@ The following list shows the supported values: +
+ **Search/SafeSearchPermissions** diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md index 7f23c593d7..7da2bfbe1c 100644 --- a/windows/client-management/mdm/policy-csp-security.md +++ b/windows/client-management/mdm/policy-csp-security.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/16/2018 +ms.date: 01/29/2018 --- # Policy CSP - Security @@ -56,7 +56,9 @@ ms.date: 01/16/2018 +
+ **Security/AllowAddProvisioningPackage** @@ -104,7 +106,9 @@ The following list shows the supported values: +
+ **Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices** @@ -150,7 +154,9 @@ The following list shows the supported values: +
+ **Security/AllowManualRootCertificateInstallation** @@ -204,7 +210,9 @@ The following list shows the supported values: +
+ **Security/AllowRemoveProvisioningPackage** @@ -252,7 +260,9 @@ The following list shows the supported values: +
+ **Security/AntiTheftMode** @@ -304,7 +314,9 @@ The following list shows the supported values: +
+ **Security/ClearTPMIfNotReady** @@ -355,7 +367,9 @@ The following list shows the supported values: +
+ **Security/ConfigureWindowsPasswords** @@ -404,15 +418,12 @@ The following list shows the supported values: - 0 -Disallow passwords (Asymmetric credentials will be promoted to replace passwords on Windows features) - 1- Allow passwords (Passwords continue to be allowed to be used for Windows features) - 2- Default (Feature defaults as per SKU and device capabilities. Windows 10 S devices will exhibit "Disallow passwords" default, and all other devices will default to "Allow passwords") + - - - - - - +
+ **Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices** @@ -464,7 +475,9 @@ The following list shows the supported values: +
+ **Security/RequireDeviceEncryption** @@ -515,7 +528,9 @@ Most restricted value is 1. +
+ **Security/RequireProvisioningPackageSignature** @@ -561,7 +576,9 @@ The following list shows the supported values: +
+ **Security/RequireRetrieveHealthCertificateOnBoot** diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index 614331c610..b21b911cc1 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/19/2017 +ms.date: 01/29/2018 --- # Policy CSP - Settings @@ -65,7 +65,9 @@ ms.date: 12/19/2017 +
+ **Settings/AllowAutoPlay** @@ -120,7 +122,9 @@ The following list shows the supported values: +
+ **Settings/AllowDataSense** @@ -168,7 +172,9 @@ The following list shows the supported values: +
+ **Settings/AllowDateTime** @@ -216,7 +222,9 @@ The following list shows the supported values: +
+ **Settings/AllowEditDeviceName** @@ -264,7 +272,9 @@ The following list shows the supported values: +
+ **Settings/AllowLanguage** @@ -316,7 +326,9 @@ The following list shows the supported values: +
+ **Settings/AllowOnlineTips** @@ -356,18 +368,12 @@ The following list shows the supported values: Enables or disables the retrieval of online tips and help for the Settings app. If disabled, Settings will not contact Microsoft content services to retrieve tips and help content. + - - - - - - - - - +
+ **Settings/AllowPowerSleep** @@ -419,7 +425,9 @@ The following list shows the supported values: +
+ **Settings/AllowRegion** @@ -471,7 +479,9 @@ The following list shows the supported values: +
+ **Settings/AllowSignInOptions** @@ -523,7 +533,9 @@ The following list shows the supported values: +
+ **Settings/AllowVPN** @@ -571,7 +583,9 @@ The following list shows the supported values: +
+ **Settings/AllowWorkplace** @@ -623,7 +637,9 @@ The following list shows the supported values: +
+ **Settings/AllowYourAccount** @@ -671,7 +687,9 @@ The following list shows the supported values: +
+ **Settings/ConfigureTaskbarCalendar** @@ -719,7 +737,9 @@ The following list shows the supported values: +
+ **Settings/PageVisibilityList** diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md index f842311ff1..4aeb3007f6 100644 --- a/windows/client-management/mdm/policy-csp-smartscreen.md +++ b/windows/client-management/mdm/policy-csp-smartscreen.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - SmartScreen @@ -30,7 +30,9 @@ ms.date: 12/14/2017 +
+ **SmartScreen/EnableAppInstallControl** @@ -78,7 +80,9 @@ The following list shows the supported values: +
+ **SmartScreen/EnableSmartScreenInShell** @@ -126,7 +130,9 @@ The following list shows the supported values: +
+ **SmartScreen/PreventOverrideForFilesInShell** diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md index ff34e8ec3b..eb15267764 100644 --- a/windows/client-management/mdm/policy-csp-speech.md +++ b/windows/client-management/mdm/policy-csp-speech.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - Speech @@ -24,7 +24,9 @@ ms.date: 12/14/2017 +
+ **Speech/AllowSpeechModelUpdate** diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index 4e4567d276..6dbef99ae1 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - Start @@ -108,7 +108,9 @@ ms.date: 12/14/2017 +
+ **Start/AllowPinnedFolderDocuments** @@ -157,7 +159,9 @@ The following list shows the supported values: +
+ **Start/AllowPinnedFolderDownloads** @@ -206,7 +210,9 @@ The following list shows the supported values: +
+ **Start/AllowPinnedFolderFileExplorer** @@ -255,7 +261,9 @@ The following list shows the supported values: +
+ **Start/AllowPinnedFolderHomeGroup** @@ -304,7 +312,9 @@ The following list shows the supported values: +
+ **Start/AllowPinnedFolderMusic** @@ -353,7 +363,9 @@ The following list shows the supported values: +
+ **Start/AllowPinnedFolderNetwork** @@ -402,7 +414,9 @@ The following list shows the supported values: +
+ **Start/AllowPinnedFolderPersonalFolder** @@ -451,7 +465,9 @@ The following list shows the supported values: +
+ **Start/AllowPinnedFolderPictures** @@ -500,7 +516,9 @@ The following list shows the supported values: +
+ **Start/AllowPinnedFolderSettings** @@ -549,7 +567,9 @@ The following list shows the supported values: +
+ **Start/AllowPinnedFolderVideos** @@ -598,7 +618,9 @@ The following list shows the supported values: +
+ **Start/ForceStartSize** @@ -651,7 +673,9 @@ If there is policy configuration conflict, the latest configuration request is a +
+ **Start/HideAppList** @@ -712,7 +736,9 @@ To validate on Desktop, do the following: +
+ **Start/HideChangeAccountSettings** @@ -765,7 +791,9 @@ The following list shows the supported values: +
+ **Start/HideFrequentlyUsedApps** @@ -825,7 +853,9 @@ The following list shows the supported values: +
+ **Start/HideHibernate** @@ -881,7 +911,9 @@ The following list shows the supported values: +
+ **Start/HideLock** @@ -934,7 +966,9 @@ The following list shows the supported values: +
+ **Start/HidePeopleBar** @@ -977,7 +1011,9 @@ Value type is integer. +
+ **Start/HidePowerButton** @@ -1033,7 +1069,9 @@ The following list shows the supported values: +
+ **Start/HideRecentJumplists** @@ -1096,7 +1134,9 @@ The following list shows the supported values: +
+ **Start/HideRecentlyAddedApps** @@ -1156,7 +1196,9 @@ The following list shows the supported values: +
+ **Start/HideRestart** @@ -1209,7 +1251,9 @@ The following list shows the supported values: +
+ **Start/HideShutDown** @@ -1262,7 +1306,9 @@ The following list shows the supported values: +
+ **Start/HideSignOut** @@ -1315,7 +1361,9 @@ The following list shows the supported values: +
+ **Start/HideSleep** @@ -1368,7 +1416,9 @@ The following list shows the supported values: +
+ **Start/HideSwitchAccount** @@ -1421,7 +1471,9 @@ The following list shows the supported values: +
+ **Start/HideUserTile** @@ -1478,7 +1530,9 @@ The following list shows the supported values: +
+ **Start/ImportEdgeAssets** @@ -1534,7 +1588,9 @@ To validate on Desktop, do the following: +
+ **Start/NoPinningToTaskbar** @@ -1590,7 +1646,9 @@ The following list shows the supported values: +
+ **Start/StartLayout** diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index 189436f4eb..a14fd22cb2 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/13/2017 +ms.date: 01/29/2018 --- # Policy CSP - Storage @@ -27,7 +27,9 @@ ms.date: 12/13/2017 +
+ **Storage/AllowDiskHealthModelUpdates** @@ -76,7 +78,9 @@ Value type is integer. +
+ **Storage/EnhancedStorageDevices** diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 2435e96fe0..e9d50d3359 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/19/2017 +ms.date: 01/29/2018 --- # Policy CSP - System @@ -68,7 +68,9 @@ ms.date: 12/19/2017 +
+ **System/AllowBuildPreview** @@ -121,7 +123,9 @@ The following list shows the supported values: +
+ **System/AllowEmbeddedMode** @@ -171,7 +175,9 @@ The following list shows the supported values: +
+ **System/AllowExperimentation** @@ -223,7 +229,9 @@ Most restricted value is 0. +
+ **System/AllowFontProviders** @@ -284,7 +292,9 @@ To verify if System/AllowFontProviders is set to true: +
+ **System/AllowLocation** @@ -339,7 +349,9 @@ For example, an app's original Location setting is Off. The administrator then s +
+ **System/AllowStorageCard** @@ -389,7 +401,9 @@ The following list shows the supported values: +
+ **System/AllowTelemetry** @@ -506,7 +520,9 @@ Most restricted value is 0. +
+ **System/AllowUserToResetPhone** @@ -557,7 +573,9 @@ orted values: +
+ **System/BootStartDriverInitialization** @@ -611,7 +629,9 @@ ADMX Info: +
+ **System/DisableEnterpriseAuthProxy** @@ -651,11 +671,10 @@ ADMX Info: This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or do not configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy. - - - +
+ **System/DisableOneDriveFileSync** @@ -717,7 +736,9 @@ The following list shows the supported values: +
+ **System/DisableSystemRestore** @@ -783,7 +804,9 @@ ADMX Info: +
+ **System/FeedbackHubAlwaysSaveDiagnosticsLocally** @@ -795,6 +818,8 @@ ADMX Info: Business Enterprise Education + Mobile + Mobile Enterprise check mark4 @@ -802,6 +827,8 @@ ADMX Info: check mark4 check mark4 check mark4 + + @@ -826,14 +853,10 @@ The following list shows the supported values: - 1 - True. The Feedback Hub should always save a local copy of diagnostics that may be created when a feedback is submitted. - - - - - - +
+ **System/LimitEnhancedDiagnosticDataWindowsAnalytics** @@ -887,7 +910,9 @@ If you disable or do not configure this policy setting, then the level of diagno +
+ **System/TelemetryProxy** diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md index c307f1e57f..cdee24bf7c 100644 --- a/windows/client-management/mdm/policy-csp-systemservices.md +++ b/windows/client-management/mdm/policy-csp-systemservices.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/03/2018 +ms.date: 01/29/2018 --- # Policy CSP - SystemServices @@ -41,7 +41,9 @@ ms.date: 01/03/2018 +
+ **SystemServices/ConfigureHomeGroupListenerServiceStartupMode** @@ -81,17 +83,10 @@ ms.date: 01/03/2018 Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - - - - - - - - - +
+ **SystemServices/ConfigureHomeGroupProviderServiceStartupMode** @@ -131,17 +126,10 @@ Added in Windows 10, next major update. This setting determines whether the serv Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - - - - - - - - - +
+ **SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode** @@ -181,17 +169,10 @@ Added in Windows 10, next major update. This setting determines whether the serv Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - - - - - - - - - +
+ **SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode** @@ -231,17 +212,10 @@ Added in Windows 10, next major update. This setting determines whether the serv Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - - - - - - - - - +
+ **SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode** @@ -281,17 +255,10 @@ Added in Windows 10, next major update. This setting determines whether the serv Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - - - - - - - - - +
+ **SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode** @@ -331,15 +298,6 @@ Added in Windows 10, next major update. This setting determines whether the serv Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - - - - - - - - -
diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md index 0a8f13c708..71e1d6c905 100644 --- a/windows/client-management/mdm/policy-csp-taskscheduler.md +++ b/windows/client-management/mdm/policy-csp-taskscheduler.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/03/2018 +ms.date: 01/29/2018 --- # Policy CSP - TaskScheduler @@ -26,7 +26,9 @@ ms.date: 01/03/2018 +
+ **TaskScheduler/EnableXboxGameSaveTask** @@ -66,15 +68,6 @@ ms.date: 01/03/2018 Added in Windows 10, next major update. This setting determines whether the specific task is enabled (1) or disabled (0). Default: Enabled. - - - - - - - - -
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index fbb6857b81..d345d4add2 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/19/2017 +ms.date: 01/29/2018 --- # Policy CSP - TextInput @@ -65,7 +65,9 @@ ms.date: 12/19/2017 +
+ **TextInput/AllowIMELogging** @@ -119,7 +121,9 @@ The following list shows the supported values: +
+ **TextInput/AllowIMENetworkAccess** @@ -173,7 +177,9 @@ The following list shows the supported values: +
+ **TextInput/AllowInputPanel** @@ -227,7 +233,9 @@ The following list shows the supported values: +
+ **TextInput/AllowJapaneseIMESurrogatePairCharacters** @@ -279,7 +287,9 @@ Most restricted value is 0. +
+ **TextInput/AllowJapaneseIVSCharacters** @@ -333,7 +343,9 @@ The following list shows the supported values: +
+ **TextInput/AllowJapaneseNonPublishingStandardGlyph** @@ -387,7 +399,9 @@ The following list shows the supported values: +
+ **TextInput/AllowJapaneseUserDictionary** @@ -441,7 +455,9 @@ The following list shows the supported values: +
+ **TextInput/AllowKeyboardTextSuggestions** @@ -500,7 +516,9 @@ The following list shows the supported values: +
+ **TextInput/AllowKoreanExtendedHanja** @@ -509,7 +527,9 @@ This policy has been deprecated. +
+ **TextInput/AllowLanguageFeaturesUninstall** @@ -563,7 +583,9 @@ The following list shows the supported values: +
+ **TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode** @@ -615,16 +637,11 @@ The following list shows the supported values: - 0 (default) - Disabled. - 1 - Enabled. - - - - - - - +
+ **TextInput/ExcludeJapaneseIMEExceptJIS0208** @@ -674,7 +691,9 @@ The following list shows the supported values: +
+ **TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC** @@ -724,7 +743,9 @@ The following list shows the supported values: +
+ **TextInput/ExcludeJapaneseIMEExceptShiftJIS** diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md index f97d7275a3..fedf2c5380 100644 --- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md +++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - TimeLanguageSettings @@ -24,7 +24,9 @@ ms.date: 12/14/2017 +
+ **TimeLanguageSettings/AllowSet24HourClock** diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 771fc0cab4..66e08b3185 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/19/2017 +ms.date: 01/29/2018 --- # Policy CSP - Update @@ -167,7 +167,9 @@ ms.date: 12/19/2017 +
+ **Update/ActiveHoursEnd** @@ -215,7 +217,9 @@ The default is 17 (5 PM). +
+ **Update/ActiveHoursMaxRange** @@ -260,7 +264,9 @@ The default value is 18 (hours). +
+ **Update/ActiveHoursStart** @@ -308,7 +314,9 @@ The default value is 8 (8 AM). +
+ **Update/AllowAutoUpdate** @@ -366,7 +374,9 @@ If the policy is not configured, end-users get the default behavior (Auto instal +
+ **Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork** @@ -418,7 +428,9 @@ The following list shows the supported values: +
+ **Update/AllowMUUpdateService** @@ -464,7 +476,9 @@ The following list shows the supported values: +
+ **Update/AllowNonMicrosoftSignedUpdate** @@ -516,7 +530,9 @@ The following list shows the supported values: +
+ **Update/AllowUpdateService** @@ -571,7 +587,9 @@ The following list shows the supported values: +
+ **Update/AutoRestartDeadlinePeriodInDays** @@ -616,7 +634,9 @@ The default value is 7 days. +
+ **Update/AutoRestartNotificationSchedule** @@ -663,7 +683,9 @@ Supported values are 15, 30, 60, 120, and 240 (minutes). +
+ **Update/AutoRestartRequiredNotificationDismissal** @@ -709,7 +731,9 @@ The following list shows the supported values: +
+ **Update/BranchReadinessLevel** @@ -760,7 +784,9 @@ The following list shows the supported values: +
+ **Update/ConfigureFeatureUpdateUninstallPeriod** @@ -787,16 +813,14 @@ The following list shows the supported values: - Added in Windows 10, next major update. Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days. - - - +
+ **Update/DeferFeatureUpdatesPeriodInDays** @@ -844,7 +868,9 @@ Supported values are 0-365 days. +
+ **Update/DeferQualityUpdatesPeriodInDays** @@ -887,7 +913,9 @@ Supported values are 0-30. +
+ **Update/DeferUpdatePeriod** @@ -1021,7 +1049,9 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego +
+ **Update/DeferUpgradePeriod** @@ -1074,7 +1104,9 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th +
+ **Update/DetectionFrequency** @@ -1115,7 +1147,9 @@ Added in Windows 10, version 1703. Specifies the scan frequency from every 1 - 2 +
+ **Update/DisableDualScan** @@ -1165,11 +1199,13 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. The following list shows the supported values: - 0 - allow scan against Windows Update -- 1 - do not allow update deferral policies to cause scans against Windows Update +- 1 - do not allow update deferral policies to cause scans against Windows Update +
+ **Update/EngagedRestartDeadline** @@ -1214,7 +1250,9 @@ The default value is 0 days (not specified). +
+ **Update/EngagedRestartSnoozeSchedule** @@ -1259,7 +1297,9 @@ The default value is 3 days. +
+ **Update/EngagedRestartTransitionSchedule** @@ -1304,7 +1344,9 @@ The default value is 7 days. +
+ **Update/ExcludeWUDriversInQualityUpdate** @@ -1353,7 +1395,9 @@ The following list shows the supported values: +
+ **Update/FillEmptyContentUrls** @@ -1402,7 +1446,9 @@ The following list shows the supported values: +
+ **Update/IgnoreMOAppDownloadLimit** @@ -1465,7 +1511,9 @@ To validate this policy: +
+ **Update/IgnoreMOUpdateDownloadLimit** @@ -1525,7 +1573,9 @@ The following list shows the supported values: +
+ **Update/ManagePreviewBuilds** @@ -1572,7 +1622,9 @@ The following list shows the supported values: +
+ **Update/PauseDeferrals** @@ -1626,7 +1678,9 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th +
+ **Update/PauseFeatureUpdates** @@ -1675,7 +1729,9 @@ The following list shows the supported values: +
+ **Update/PauseFeatureUpdatesStartTime** @@ -1718,7 +1774,9 @@ Value type is string. Supported operations are Add, Get, Delete, and Replace. +
+ **Update/PauseQualityUpdates** @@ -1764,7 +1822,9 @@ The following list shows the supported values: +
+ **Update/PauseQualityUpdatesStartTime** @@ -1807,24 +1867,20 @@ Value type is string. Supported operations are Add, Get, Delete, and Replace. +
+ **Update/PhoneUpdateRestrictions** This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupdateapproval) instead. + - - - - - - - - - +
+ **Update/RequireDeferUpgrade** @@ -1874,7 +1930,9 @@ The following list shows the supported values: +
+ **Update/RequireUpdateApproval** @@ -1926,7 +1984,9 @@ The following list shows the supported values: +
+ **Update/ScheduleImminentRestartWarning** @@ -1973,7 +2033,9 @@ Supported values are 15, 30, or 60 (minutes). +
+ **Update/ScheduleRestartWarning** @@ -2024,7 +2086,9 @@ Supported values are 2, 4, 8, 12, or 24 (hours). +
+ **Update/ScheduledInstallDay** @@ -2080,7 +2144,9 @@ The following list shows the supported values: +
+ **Update/ScheduledInstallEveryWeek** @@ -2125,7 +2191,9 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i +
+ **Update/ScheduledInstallFirstWeek** @@ -2170,7 +2238,9 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i +
+ **Update/ScheduledInstallFourthWeek** @@ -2215,7 +2285,9 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i +
+ **Update/ScheduledInstallSecondWeek** @@ -2260,7 +2332,9 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i +
+ **Update/ScheduledInstallThirdWeek** @@ -2305,7 +2379,9 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i +
+ **Update/ScheduledInstallTime** @@ -2358,7 +2434,9 @@ The default value is 3. +
+ **Update/SetAutoRestartNotificationDisable** @@ -2404,7 +2482,9 @@ The following list shows the supported values: +
+ **Update/SetEDURestart** @@ -2450,7 +2530,9 @@ The following list shows the supported values: +
+ **Update/UpdateServiceUrl** @@ -2519,7 +2601,9 @@ Example +
+ **Update/UpdateServiceUrlAlternate** diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index 5a1943db52..7ebe88f286 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 01/03/2018 +ms.date: 01/29/2018 --- # Policy CSP - UserRights @@ -110,7 +110,9 @@ ms.date: 01/03/2018 +
+ **UserRights/AccessCredentialManagerAsTrustedCaller** @@ -150,17 +152,10 @@ ms.date: 01/03/2018 This user right is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users' saved credentials might be compromised if this privilege is given to other entities. - - - - - - - - - +
+ **UserRights/AccessFromNetwork** @@ -200,17 +195,10 @@ This user right is used by Credential Manager during Backup/Restore. No accounts This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services are not affected by this user right.Note: Remote Desktop Services was called Terminal Services in previous versions of Windows Server. - - - - - - - - - +
+ **UserRights/ActAsPartOfTheOperatingSystem** @@ -250,17 +238,10 @@ This user right determines which users and groups are allowed to connect to the This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. Processes that require this privilege should use the LocalSystem account, which already includes this privilege, rather than using a separate user account with this privilege specially assigned. Caution:Assigning this user right can be a security risk. Only assign this user right to trusted users. - - - - - - - - - +
+ **UserRights/AllowLocalLogOn** @@ -297,20 +278,13 @@ This user right allows a process to impersonate any user without authentication. -This user right determines which users can log on to the computer. Note: Modifying this setting may affect compatibility with clients, services, and applications. For compatibility information about this setting, see Allow log on locally (https://go.microsoft.com/fwlink/?LinkId=24268 ) at the Microsoft website. +This user right determines which users can log on to the computer. Note: Modifying this setting may affect compatibility with clients, services, and applications. For compatibility information about this setting, see Allow log on locally (https://go.microsoft.com/fwlink/?LinkId=24268 ) at the Microsoft website. - - - - - - - - - +
+ **UserRights/BackupFilesAndDirectories** @@ -350,17 +324,10 @@ This user right determines which users can log on to the computer. Note: Modifyi This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when backing up files and directories.Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system:Traverse Folder/Execute File, Read. Caution: Assigning this user right can be a security risk. Since users with this user right can read any registry settings and files, only assign this user right to trusted users - - - - - - - - - +
+ **UserRights/ChangeSystemTime** @@ -400,17 +367,10 @@ This user right determines which users can bypass file, directory, registry, and This user right determines which users and groups can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred. - - - - - - - - - +
+ **UserRights/CreateGlobalObjects** @@ -450,17 +410,10 @@ This user right determines which users and groups can change the time and date o This security setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right. Users who can create global objects could affect processes that run under other users' sessions, which could lead to application failure or data corruption. Caution: Assigning this user right can be a security risk. Assign this user right only to trusted users. - - - - - - - - - +
+ **UserRights/CreatePageFile** @@ -500,17 +453,10 @@ This security setting determines whether users can create global objects that ar This user right determines which users and groups can call an internal application programming interface (API) to create and change the size of a page file. This user right is used internally by the operating system and usually does not need to be assigned to any users - - - - - - - - - +
+ **UserRights/CreatePermanentSharedObjects** @@ -550,17 +496,10 @@ This user right determines which users and groups can call an internal applicati This user right determines which accounts can be used by processes to create a directory object using the object manager. This user right is used internally by the operating system and is useful to kernel-mode components that extend the object namespace. Because components that are running in kernel mode already have this user right assigned to them, it is not necessary to specifically assign it. - - - - - - - - - +
+ **UserRights/CreateSymbolicLinks** @@ -600,17 +539,10 @@ This user right determines which accounts can be used by processes to create a d This user right determines if the user can create a symbolic link from the computer he is logged on to. Caution: This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that aren't designed to handle them. Note: This setting can be used in conjunction a symlink filesystem setting that can be manipulated with the command line utility to control the kinds of symlinks that are allowed on the machine. Type 'fsutil behavior set symlinkevaluation /?' at the command line to get more information about fsutil and symbolic links. - - - - - - - - - +
+ **UserRights/CreateToken** @@ -650,17 +582,10 @@ This user right determines if the user can create a symbolic link from the compu This user right determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token. This user right is used internally by the operating system. Unless it is necessary, do not assign this user right to a user, group, or process other than Local System. Caution: Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system. - - - - - - - - - +
+ **UserRights/DebugPrograms** @@ -700,17 +625,10 @@ This user right determines which accounts can be used by processes to create a t This user right determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need to be assigned this user right. Developers who are debugging new system components will need this user right to be able to do so. This user right provides complete access to sensitive and critical operating system components. Caution:Assigning this user right can be a security risk. Only assign this user right to trusted users. - - - - - - - - - +
+ **UserRights/DenyAccessFromNetwork** @@ -750,17 +668,10 @@ This user right determines which users can attach a debugger to any process or t This user right determines which users are prevented from accessing a computer over the network. This policy setting supersedes the Access this computer from the network policy setting if a user account is subject to both policies. - - - - - - - - - +
+ **UserRights/DenyLocalLogOn** @@ -800,17 +711,10 @@ This user right determines which users are prevented from accessing a computer o This security setting determines which service accounts are prevented from registering a process as a service. Note: This security setting does not apply to the System, Local Service, or Network Service accounts. - - - - - - - - - +
+ **UserRights/DenyRemoteDesktopServicesLogOn** @@ -850,17 +754,10 @@ This security setting determines which service accounts are prevented from regis This user right determines which users and groups are prohibited from logging on as a Remote Desktop Services client. - - - - - - - - - +
+ **UserRights/EnableDelegation** @@ -900,17 +797,10 @@ This user right determines which users and groups are prohibited from logging on This user right determines which users can set the Trusted for Delegation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using delegated credentials of a client, as long as the client account does not have the Account cannot be delegated account control flag set. Caution: Misuse of this user right, or of the Trusted for Delegation setting, could make the network vulnerable to sophisticated attacks using Trojan horse programs that impersonate incoming clients and use their credentials to gain access to network resources. - - - - - - - - - +
+ **UserRights/GenerateSecurityAudits** @@ -950,17 +840,10 @@ This user right determines which users can set the Trusted for Delegation settin This user right determines which accounts can be used by a process to add entries to the security log. The security log is used to trace unauthorized system access. Misuse of this user right can result in the generation of many auditing events, potentially hiding evidence of an attack or causing a denial of service. Shut down system immediately if unable to log security audits security policy setting is enabled. - - - - - - - - - +
+ **UserRights/ImpersonateClient** @@ -1004,17 +887,10 @@ Assigning this user right to a user allows programs running on behalf of that us Because of these factors, users do not usually need this user right. Warning: If you enable this setting, programs that previously had the Impersonate privilege may lose it, and they may not run. - - - - - - - - - +
+ **UserRights/IncreaseSchedulingPriority** @@ -1054,17 +930,10 @@ Because of these factors, users do not usually need this user right. Warning: If This user right determines which accounts can use a process with Write Property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface. - - - - - - - - - +
+ **UserRights/LoadUnloadDeviceDrivers** @@ -1104,17 +973,10 @@ This user right determines which accounts can use a process with Write Property This user right determines which users can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. It is recommended that you do not assign this privilege to other users. Caution: Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system. - - - - - - - - - +
+ **UserRights/LockMemory** @@ -1154,17 +1016,10 @@ This user right determines which users can dynamically load and unload device dr This user right determines which accounts can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM). - - - - - - - - - +
+ **UserRights/ManageAuditingAndSecurityLog** @@ -1204,17 +1059,10 @@ This user right determines which accounts can use a process to keep data in phys This user right determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. This security setting does not allow a user to enable file and object access auditing in general. You can view audited events in the security log of the Event Viewer. A user with this privilege can also view and clear the security log. - - - - - - - - - +
+ **UserRights/ManageVolume** @@ -1254,17 +1102,10 @@ This user right determines which users can specify object access auditing option This user right determines which users and groups can run maintenance tasks on a volume, such as remote defragmentation. Use caution when assigning this user right. Users with this user right can explore disks and extend files in to memory that contains other data. When the extended files are opened, the user might be able to read and modify the acquired data. - - - - - - - - - +
+ **UserRights/ModifyFirmwareEnvironment** @@ -1304,17 +1145,10 @@ This user right determines which users and groups can run maintenance tasks on a This user right determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor.On x86-based computers, the only firmware environment value that can be modified by assigning this user right is the Last Known Good Configuration setting, which should only be modified by the system. On Itanium-based computers, boot information is stored in nonvolatile RAM. Users must be assigned this user right to run bootcfg.exe and to change the Default Operating System setting on Startup and Recovery in System Properties. On all computers, this user right is required to install or upgrade Windows.Note: This security setting does not affect who can modify the system environment variables and user environment variables that are displayed on the Advanced tab of System Properties. - - - - - - - - - +
+ **UserRights/ModifyObjectLabel** @@ -1354,17 +1188,10 @@ This user right determines who can modify firmware environment values. Firmware This user right determines which user accounts can modify the integrity label of objects, such as files, registry keys, or processes owned by other users. Processes running under a user account can modify the label of an object owned by that user to a lower level without this privilege. - - - - - - - - - +
+ **UserRights/ProfileSingleProcess** @@ -1404,17 +1231,10 @@ This user right determines which user accounts can modify the integrity label of This user right determines which users can use performance monitoring tools to monitor the performance of system processes. - - - - - - - - - +
+ **UserRights/RemoteShutdown** @@ -1454,17 +1274,10 @@ This user right determines which users can use performance monitoring tools to m This user right determines which users are allowed to shut down a computer from a remote location on the network. Misuse of this user right can result in a denial of service. - - - - - - - - - +
+ **UserRights/RestoreFilesAndDirectories** @@ -1504,17 +1317,10 @@ This user right determines which users are allowed to shut down a computer from This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories, and determines which users can set any valid security principal as the owner of an object. Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system:Traverse Folder/Execute File, Write. Caution: Assigning this user right can be a security risk. Since users with this user right can overwrite registry settings, hide data, and gain ownership of system objects, only assign this user right to trusted users. - - - - - - - - - +
+ **UserRights/TakeOwnership** @@ -1554,15 +1360,6 @@ This user right determines which users can bypass file, directory, registry, and This user right determines which users can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads. Caution: Assigning this user right can be a security risk. Since owners of objects have full control of them, only assign this user right to trusted users. - - - - - - - - -
diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md index 043528cf1c..7416d833f4 100644 --- a/windows/client-management/mdm/policy-csp-wifi.md +++ b/windows/client-management/mdm/policy-csp-wifi.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - Wifi @@ -42,7 +42,9 @@ ms.date: 12/14/2017 +
+ **WiFi/AllowWiFiHotSpotReporting** @@ -51,7 +53,9 @@ This policy has been deprecated. +
+ **Wifi/AllowAutoConnectToWiFiSenseHotspots** @@ -101,7 +105,9 @@ The following list shows the supported values: +
+ **Wifi/AllowInternetSharing** @@ -151,7 +157,9 @@ The following list shows the supported values: +
+ **Wifi/AllowManualWiFiConfiguration** @@ -204,7 +212,9 @@ The following list shows the supported values: +
+ **Wifi/AllowWiFi** @@ -254,7 +264,9 @@ The following list shows the supported values: +
+ **Wifi/AllowWiFiDirect** @@ -302,7 +314,9 @@ The following list shows the supported values: +
+ **Wifi/WLANScanMode** diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md index ff846b2bbe..4c421859f2 100644 --- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md +++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/29/2017 +ms.date: 01/29/2018 --- # Policy CSP - WindowsDefenderSecurityCenter @@ -80,7 +80,9 @@ ms.date: 12/29/2017 +
+ **WindowsDefenderSecurityCenter/CompanyName** @@ -123,7 +125,9 @@ Value type is string. Supported operations are Add, Get, Replace and Delete. +
+ **WindowsDefenderSecurityCenter/DisableAccountProtectionUI** @@ -168,17 +172,10 @@ Valid values: - 1 - (Enable) The users cannot see the display of the Account protection area in Windows Defender Security Center. - - - - - - - - - +
+ **WindowsDefenderSecurityCenter/DisableAppBrowserUI** @@ -220,7 +217,6 @@ Added in Windows 10, version 1709. Use this policy setting if you want to disabl Value type is integer. Supported operations are Add, Get, Replace and Delete. - The following list shows the supported values: @@ -229,7 +225,9 @@ The following list shows the supported values: +
+ **WindowsDefenderSecurityCenter/DisableDeviceSecurityUI** @@ -274,17 +272,10 @@ Valid values: - 1 - (Enable) The users cannot see the display of the Device secuirty area in Windows Defender Security Center. - - - - - - - - - +
+ **WindowsDefenderSecurityCenter/DisableEnhancedNotifications** @@ -337,7 +328,9 @@ The following list shows the supported values: +
+ **WindowsDefenderSecurityCenter/DisableFamilyUI** @@ -387,7 +380,9 @@ The following list shows the supported values: +
+ **WindowsDefenderSecurityCenter/DisableHealthUI** @@ -437,7 +432,9 @@ The following list shows the supported values: +
+ **WindowsDefenderSecurityCenter/DisableNetworkUI** @@ -487,7 +484,9 @@ The following list shows the supported values: +
+ **WindowsDefenderSecurityCenter/DisableNotifications** @@ -537,7 +536,9 @@ The following list shows the supported values: +
+ **WindowsDefenderSecurityCenter/DisableVirusUI** @@ -587,7 +588,9 @@ The following list shows the supported values: +
+ **WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride** @@ -637,7 +640,9 @@ The following list shows the supported values: +
+ **WindowsDefenderSecurityCenter/Email** @@ -680,7 +685,9 @@ Value type is string. Supported operations are Add, Get, Replace and Delete. +
+ **WindowsDefenderSecurityCenter/EnableCustomizedToasts** @@ -730,7 +737,9 @@ The following list shows the supported values: +
+ **WindowsDefenderSecurityCenter/EnableInAppCustomization** @@ -780,7 +789,9 @@ The following list shows the supported values: +
+ **WindowsDefenderSecurityCenter/HideRansomwareDataRecovery** @@ -822,19 +833,13 @@ Added in Windows 10, next major update. Use this policy setting to hide the Rans Valid values: - 0 - (Disable or not configured) The Ransomware data recovery area will be visible. -- 1 - (Enable) The Ransomware data recovery area is hidden. +- 1 - (Enable) The Ransomware data recovery area is hidden. + - - - - - - - - - +
+ **WindowsDefenderSecurityCenter/HideSecureBoot** @@ -877,18 +882,12 @@ Valid values: - 0 - (Disable or not configured) The Secure boot area is displayed. - 1 - (Enable) The Secure boot area is hidden. + - - - - - - - - - +
+ **WindowsDefenderSecurityCenter/HideTPMTroubleshooting** @@ -931,18 +930,12 @@ Valid values: - 0 - (Disable or not configured) The Security processor (TPM) troubleshooting area is displayed. - 1 - (Enable) The Security processor (TPM) troubleshooting area is hidden. + - - - - - - - - - +
+ **WindowsDefenderSecurityCenter/Phone** @@ -985,7 +978,9 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. +
+ **WindowsDefenderSecurityCenter/URL** diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md index 53db2d066d..1ddb435ce8 100644 --- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md +++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - WindowsInkWorkspace @@ -27,7 +27,9 @@ ms.date: 12/14/2017 +
+ **WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace** @@ -75,7 +77,9 @@ The following list shows the supported values: +
+ **WindowsInkWorkspace/AllowWindowsInkWorkspace** diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index 9ee11366cd..62e9c0003c 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - WindowsLogon @@ -30,7 +30,9 @@ ms.date: 12/14/2017 +
+ **WindowsLogon/DisableLockScreenAppNotifications** @@ -90,7 +92,9 @@ ADMX Info: +
+ **WindowsLogon/DontDisplayNetworkSelectionUI** @@ -150,7 +154,9 @@ ADMX Info: +
+ **WindowsLogon/HideFastUserSwitching** diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index e2de8af8b2..4e120a73e2 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 12/14/2017 +ms.date: 01/29/2018 --- # Policy CSP - WirelessDisplay @@ -45,7 +45,9 @@ ms.date: 12/14/2017 +
+ **WirelessDisplay/AllowMdnsAdvertisement** @@ -82,7 +84,7 @@ ms.date: 12/14/2017 -Added in Windows 10, version 1709. This policy setting allows you to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver. If the network administrator is concerned about network congestion, they may set this policy to 0, disabling mDNS advertisement. +Added in Windows 10, version 1709. This policy setting allows you to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver. If the network administrator is concerned about network congestion, they may set this policy to 0, disabling mDNS advertisement. @@ -93,7 +95,9 @@ The following list shows the supported values: +
+ **WirelessDisplay/AllowMdnsDiscovery** @@ -130,7 +134,7 @@ The following list shows the supported values: -Added in Windows 10, version 1709. This policy setting allows you to turn off discovering the display service advertised over multicast DNS by a Wireless Display receiver. If the network administrator is concerned about network congestion, they may set this policy to 0, disabling mDNS discovery. +Added in Windows 10, version 1709. This policy setting allows you to turn off discovering the display service advertised over multicast DNS by a Wireless Display receiver. If the network administrator is concerned about network congestion, they may set this policy to 0, disabling mDNS discovery. @@ -141,7 +145,9 @@ The following list shows the supported values: +
+ **WirelessDisplay/AllowProjectionFromPC** @@ -178,7 +184,7 @@ The following list shows the supported values: -Added in Windows 10, version 1703. This policy allows you to turn off projection from a PC. +Added in Windows 10, version 1703. This policy allows you to turn off projection from a PC. @@ -189,7 +195,9 @@ The following list shows the supported values: +
+ **WirelessDisplay/AllowProjectionFromPCOverInfrastructure** @@ -226,7 +234,7 @@ The following list shows the supported values: -Added in Windows 10, version 1703. This policy allows you to turn off projection from a PC over infrastructure. +Added in Windows 10, version 1703. This policy allows you to turn off projection from a PC over infrastructure. @@ -237,7 +245,9 @@ The following list shows the supported values: +
+ **WirelessDisplay/AllowProjectionToPC** @@ -289,7 +299,9 @@ The following list shows the supported values: +
+ **WirelessDisplay/AllowProjectionToPCOverInfrastructure** @@ -326,7 +338,7 @@ The following list shows the supported values: -Added in Windows 10, version 1703. This policy setting allows you to turn off projection to a PC over infrastructure. +Added in Windows 10, version 1703. This policy setting allows you to turn off projection to a PC over infrastructure. @@ -337,7 +349,9 @@ The following list shows the supported values: +
+ **WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver** @@ -362,7 +376,9 @@ The following list shows the supported values: +
+ **WirelessDisplay/RequirePinForPairing** From 7d40bbea1b967eec41dc0c38809dc0141375b79c Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Mon, 29 Jan 2018 20:53:31 +0000 Subject: [PATCH 4/8] fixing redirects --- .openpublishing.redirection.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index f8fae17740..395247be86 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -8452,12 +8452,12 @@ }, { "source_path": "bcs/support/microsoft-365-business-faqs.md", -"redirect_url": "/microsoft-365/business/microsoft-365-business-faqs", +"redirect_url": "/microsoft-365/business/support/microsoft-365-business-faqs", "redirect_document_id": true }, { "source_path": "bcs/support/transition-csp-subscription.md", -"redirect_url": "/microsoft-365/business/transition-csp-subscription", +"redirect_url": "/microsoft-365/business/support/transition-csp-subscription", "redirect_document_id": true } ] From 6adbec8de7de5bf2b1dc2a97d011886d092e3d44 Mon Sep 17 00:00:00 2001 From: Nicholas Brower Date: Mon, 29 Jan 2018 20:58:05 +0000 Subject: [PATCH 5/8] Merged PR 5556: updating token tag names to minimize automation output, and standardize naming schema --- .../mdm/policy-csp-abovelock.md | 36 +- ...csp-accountpoliciesaccountlockoutpolicy.md | 36 +- .../mdm/policy-csp-accounts.md | 48 +- .../mdm/policy-csp-activexcontrols.md | 16 +- .../mdm/policy-csp-applicationdefaults.md | 12 +- .../mdm/policy-csp-applicationmanagement.md | 132 +- .../mdm/policy-csp-appvirtualization.md | 448 +- .../mdm/policy-csp-attachmentmanager.md | 48 +- .../mdm/policy-csp-authentication.md | 60 +- .../mdm/policy-csp-autoplay.md | 48 +- .../mdm/policy-csp-bitlocker.md | 12 +- .../mdm/policy-csp-bluetooth.md | 60 +- .../mdm/policy-csp-browser.md | 456 +- .../mdm/policy-csp-camera.md | 12 +- .../mdm/policy-csp-cellular.md | 64 +- .../mdm/policy-csp-connectivity.md | 188 +- .../mdm/policy-csp-controlpolicyconflict.md | 12 +- .../mdm/policy-csp-credentialproviders.md | 44 +- .../mdm/policy-csp-credentialsui.md | 32 +- .../mdm/policy-csp-cryptography.md | 24 +- .../mdm/policy-csp-dataprotection.md | 24 +- .../mdm/policy-csp-datausage.md | 32 +- .../mdm/policy-csp-defender.md | 420 +- .../mdm/policy-csp-deliveryoptimization.md | 280 +- .../mdm/policy-csp-desktop.md | 16 +- .../mdm/policy-csp-deviceguard.md | 36 +- .../mdm/policy-csp-deviceinstallation.md | 32 +- .../mdm/policy-csp-devicelock.md | 208 +- .../mdm/policy-csp-display.md | 24 +- .../mdm/policy-csp-education.md | 36 +- .../mdm/policy-csp-enterprisecloudprint.md | 72 +- .../mdm/policy-csp-errorreporting.md | 80 +- .../mdm/policy-csp-eventlogservice.md | 64 +- .../mdm/policy-csp-experience.md | 236 +- .../mdm/policy-csp-exploitguard.md | 12 +- .../client-management/mdm/policy-csp-games.md | 12 +- .../mdm/policy-csp-handwriting.md | 12 +- .../mdm/policy-csp-internetexplorer.md | 3880 ++++++++--------- .../mdm/policy-csp-kerberos.md | 80 +- .../mdm/policy-csp-kioskbrowser.md | 72 +- .../mdm/policy-csp-licensing.md | 24 +- ...policy-csp-localpoliciessecurityoptions.md | 656 +-- .../mdm/policy-csp-location.md | 12 +- .../mdm/policy-csp-lockdown.md | 12 +- .../client-management/mdm/policy-csp-maps.md | 24 +- .../mdm/policy-csp-messaging.md | 36 +- .../mdm/policy-csp-networkisolation.md | 96 +- .../mdm/policy-csp-notifications.md | 12 +- .../client-management/mdm/policy-csp-power.md | 144 +- .../mdm/policy-csp-printers.md | 48 +- .../mdm/policy-csp-privacy.md | 924 ++-- .../mdm/policy-csp-remoteassistance.md | 64 +- .../mdm/policy-csp-remotedesktopservices.md | 96 +- .../mdm/policy-csp-remotemanagement.md | 240 +- .../mdm/policy-csp-remoteprocedurecall.md | 32 +- .../mdm/policy-csp-remoteshell.md | 112 +- .../mdm/policy-csp-search.md | 164 +- .../mdm/policy-csp-security.md | 128 +- .../mdm/policy-csp-settings.md | 168 +- .../mdm/policy-csp-smartscreen.md | 36 +- .../mdm/policy-csp-speech.md | 12 +- .../client-management/mdm/policy-csp-start.md | 348 +- .../mdm/policy-csp-storage.md | 28 +- .../mdm/policy-csp-system.md | 188 +- .../mdm/policy-csp-systemservices.md | 72 +- .../mdm/policy-csp-taskscheduler.md | 12 +- .../mdm/policy-csp-textinput.md | 160 +- .../mdm/policy-csp-timelanguagesettings.md | 12 +- .../mdm/policy-csp-update.md | 564 +-- .../mdm/policy-csp-userrights.md | 348 +- .../client-management/mdm/policy-csp-wifi.md | 76 +- ...olicy-csp-windowsdefendersecuritycenter.md | 228 +- .../mdm/policy-csp-windowsinkworkspace.md | 24 +- .../mdm/policy-csp-windowslogon.md | 44 +- .../mdm/policy-csp-wirelessdisplay.md | 92 +- 75 files changed, 6326 insertions(+), 6326 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md index 544860e28f..8a9ab9e4cd 100644 --- a/windows/client-management/mdm/policy-csp-abovelock.md +++ b/windows/client-management/mdm/policy-csp-abovelock.md @@ -36,7 +36,7 @@ ms.date: 01/29/2018 **AboveLock/AllowActionCenterNotifications** - + @@ -58,8 +58,8 @@ ms.date: 01/29/2018
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -67,8 +67,8 @@ ms.date: 01/29/2018
- - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -76,7 +76,7 @@ Specifies whether to allow Action Center notifications above the device lock scr Most restricted value is 0. - + The following list shows the supported values: @@ -91,7 +91,7 @@ The following list shows the supported values: **AboveLock/AllowCortanaAboveLock** - + @@ -113,8 +113,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -122,11 +122,11 @@ The following list shows the supported values:
- - + + Added in Windows 10, version 1607. Specifies whether or not the user can interact with Cortana using speech while the system is locked. If you enable or don’t configure this setting, the user can interact with Cortana using speech while the system is locked. If you disable this setting, the system will need to be unlocked for the user to interact with Cortana using speech. - + The following list shows the supported values: @@ -141,7 +141,7 @@ The following list shows the supported values: **AboveLock/AllowToasts** - + @@ -163,8 +163,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -172,13 +172,13 @@ The following list shows the supported values:
- - + + Specifies whether to allow toast notifications above the device lock screen. Most restricted value is 0. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md b/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md index 341cac943e..fef93c8458 100644 --- a/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md +++ b/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md @@ -38,7 +38,7 @@ ms.date: 01/29/2018 **AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration** - + @@ -60,8 +60,8 @@ ms.date: 01/29/2018
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -69,15 +69,15 @@ ms.date: 01/29/2018
- - + + Added in Windows 10, next major release. This security setting determines the number of minutes a locked-out account remains locked out before automatically becoming unlocked. The available range is from 0 minutes through 99,999 minutes. If you set the account lockout duration to 0, the account will be locked out until an administrator explicitly unlocks it. If an account lockout threshold is defined, the account lockout duration must be greater than or equal to the reset time. Default: None, because this policy setting only has meaning when an Account lockout threshold is specified. - +
@@ -85,7 +85,7 @@ Default: None, because this policy setting only has meaning when an Account lock **AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold** - + @@ -107,8 +107,8 @@ Default: None, because this policy setting only has meaning when an Account lock
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -116,15 +116,15 @@ Default: None, because this policy setting only has meaning when an Account lock
- - + + Added in Windows 10, next major release. This security setting determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout duration for the account has expired. You can set a value between 0 and 999 failed logon attempts. If you set the value to 0, the account will never be locked out. Failed password attempts against workstations or member servers that have been locked using either CTRL+ALT+DELETE or password-protected screen savers count as failed logon attempts. Default: 0. - +
@@ -132,7 +132,7 @@ Default: 0. **AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter** - + @@ -154,8 +154,8 @@ Default: 0.
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -163,15 +163,15 @@ Default: 0.
- - + + Added in Windows 10, next major release. This security setting determines the number of minutes that must elapse after a failed logon attempt before the failed logon attempt counter is reset to 0 bad logon attempts. The available range is 1 minute to 99,999 minutes. If an account lockout threshold is defined, this reset time must be less than or equal to the Account lockout duration. Default: None, because this policy setting only has meaning when an Account lockout threshold is specified. - +
diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md index 3eaaad3542..8bfbafa470 100644 --- a/windows/client-management/mdm/policy-csp-accounts.md +++ b/windows/client-management/mdm/policy-csp-accounts.md @@ -39,7 +39,7 @@ ms.date: 01/29/2018 **Accounts/AllowAddingNonMicrosoftAccountsManually** - + @@ -61,8 +61,8 @@ ms.date: 01/29/2018
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -70,8 +70,8 @@ ms.date: 01/29/2018
- - + + Specifies whether user is allowed to add non-MSA email accounts. Most restricted value is 0. @@ -79,7 +79,7 @@ Most restricted value is 0. > [!NOTE] > This policy will only block UI/UX-based methods for adding non-Microsoft accounts. Even if this policy is enforced, you can still provision non-MSA accounts using the [EMAIL2 CSP](email2-csp.md). - + The following list shows the supported values: @@ -94,7 +94,7 @@ The following list shows the supported values: **Accounts/AllowMicrosoftAccountConnection** - + @@ -116,8 +116,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -125,13 +125,13 @@ The following list shows the supported values:
- - + + Specifies whether the user is allowed to use an MSA account for non-email related connection authentication and services. Most restricted value is 0. - + The following list shows the supported values: @@ -146,7 +146,7 @@ The following list shows the supported values: **Accounts/AllowMicrosoftAccountSignInAssistant** - + @@ -168,8 +168,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -177,11 +177,11 @@ The following list shows the supported values:
- - + + Added in Windows 10, version 1703. Allows IT Admins the ability to disable the "Microsoft Account Sign-In Assistant" (wlidsvc) NT service. - + The following list shows the supported values: @@ -196,7 +196,7 @@ The following list shows the supported values: **Accounts/DomainNamesForEmailSync** - + @@ -218,8 +218,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -227,15 +227,15 @@ The following list shows the supported values:
- - + + Specifies a list of the domains that are allowed to sync email on the device. The data type is a string. The default value is an empty string, which allows all email accounts on the device to sync email. Otherwise, the string should contain a pipe-separated list of domains that are allowed to sync email on the device. For example, "contoso.com|fabrikam.net|woodgrove.gov". - +
diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md index 43af11e725..c8facbef8f 100644 --- a/windows/client-management/mdm/policy-csp-activexcontrols.md +++ b/windows/client-management/mdm/policy-csp-activexcontrols.md @@ -30,7 +30,7 @@ ms.date: 01/29/2018 **ActiveXControls/ApprovedInstallationSites** - + @@ -52,8 +52,8 @@ ms.date: 01/29/2018
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -61,8 +61,8 @@ ms.date: 01/29/2018
- - + + This policy setting determines which ActiveX installation sites standard users in your organization can use to install ActiveX controls on their computers. When this setting is enabled, the administrator can create a list of approved Activex Install sites specified by host URL. If you enable this setting, the administrator can create a list of approved ActiveX Install sites specified by host URL. @@ -71,7 +71,7 @@ If you disable or do not configure this policy setting, ActiveX controls prompt Note: Wild card characters cannot be used when specifying the host URLs. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -79,14 +79,14 @@ Note: Wild card characters cannot be used when specifying the host URLs. > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Approved Installation Sites for ActiveX Controls* - GP name: *ApprovedActiveXInstallSites* - GP path: *Windows Components/ActiveX Installer Service* - GP ADMX file name: *ActiveXInstallService.admx* - +
diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index 549937c7e9..a2454f2ffd 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -30,7 +30,7 @@ ms.date: 01/29/2018 **ApplicationDefaults/DefaultAssociationsConfiguration** - + @@ -52,8 +52,8 @@ ms.date: 01/29/2018
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -61,8 +61,8 @@ ms.date: 01/29/2018
- - + + Added in Windows 10, version 1703. This policy allows an administrator to set default file type and protocol associations. When set, default associations will be applied on sign-in to the PC. The association file can be created using the DISM tool (dism /online /export-defaultappassociations:appassoc.xml), and then needs to be base64 encoded before being added to SyncML. If policy is enabled and the client machine is Azure Active Directory joined, the associations assigned in SyncML will be processed and default associations will be applied. @@ -119,7 +119,7 @@ Here is the SyncMl example: ``` - +
diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index 2cd0eb5954..024a22b95c 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -60,7 +60,7 @@ ms.date: 01/29/2018 **ApplicationManagement/AllowAllTrustedApps** - + @@ -82,8 +82,8 @@ ms.date: 01/29/2018
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -91,13 +91,13 @@ ms.date: 01/29/2018
- - + + Specifies whether non Microsoft Store apps are allowed. Most restricted value is 0. - + The following list shows the supported values: @@ -113,7 +113,7 @@ The following list shows the supported values: **ApplicationManagement/AllowAppStoreAutoUpdate** - + @@ -135,8 +135,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -144,8 +144,8 @@ The following list shows the supported values:
- - + + Specifies whether automatic update of apps from Microsoft Store are allowed. The following list shows the supported values: @@ -155,7 +155,7 @@ The following list shows the supported values: Most restricted value is 0. - +
@@ -163,7 +163,7 @@ Most restricted value is 0. **ApplicationManagement/AllowDeveloperUnlock** - + @@ -185,8 +185,8 @@ Most restricted value is 0.
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -194,13 +194,13 @@ Most restricted value is 0.
- - + + Specifies whether developer unlock is allowed. Most restricted value is 0. - + The following list shows the supported values: @@ -216,7 +216,7 @@ The following list shows the supported values: **ApplicationManagement/AllowGameDVR** - + @@ -238,8 +238,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -247,8 +247,8 @@ The following list shows the supported values:
- - + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -256,7 +256,7 @@ Specifies whether DVR and broadcasting is allowed. Most restricted value is 0. - + The following list shows the supported values: @@ -271,7 +271,7 @@ The following list shows the supported values: **ApplicationManagement/AllowSharedUserAppData** - + @@ -293,8 +293,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -302,13 +302,13 @@ The following list shows the supported values:
- - + + Specifies whether multiple users of the same app can share data. Most restricted value is 0. - + The following list shows the supported values: @@ -323,7 +323,7 @@ The following list shows the supported values: **ApplicationManagement/AllowStore** - + @@ -345,8 +345,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -354,13 +354,13 @@ The following list shows the supported values:
- - + + Specifies whether app store is allowed at the device. Most restricted value is 0. - + The following list shows the supported values: @@ -375,7 +375,7 @@ The following list shows the supported values: **ApplicationManagement/ApplicationRestrictions** - + @@ -397,8 +397,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -406,8 +406,8 @@ The following list shows the supported values:
- - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. For desktop devices, use the [AppLocker CSP](applocker-csp.md) instead. @@ -432,7 +432,7 @@ Value type is chr. Value evaluation rule - The information for PolicyManager is opaque. There is no most restricted value evaluation. Whenever there is a change to the value, the device parses the node value and enforces specified policies. - +
@@ -440,7 +440,7 @@ Value evaluation rule - The information for PolicyManager is opaque. There is no **ApplicationManagement/DisableStoreOriginatedApps** - + @@ -462,8 +462,8 @@ Value evaluation rule - The information for PolicyManager is opaque. There is no
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -471,11 +471,11 @@ Value evaluation rule - The information for PolicyManager is opaque. There is no
- - + + Added in Windows 10, version 1607. Boolean value that disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded. - + The following list shows the supported values: @@ -490,7 +490,7 @@ The following list shows the supported values: **ApplicationManagement/RequirePrivateStoreOnly** - + @@ -512,8 +512,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -521,8 +521,8 @@ The following list shows the supported values:
- - + + Allows disabling of the retail catalog and only enables the Private store. The following list shows the supported values: @@ -532,7 +532,7 @@ The following list shows the supported values: Most restricted value is 1. - +
@@ -540,7 +540,7 @@ Most restricted value is 1. **ApplicationManagement/RestrictAppDataToSystemVolume** - + @@ -562,8 +562,8 @@ Most restricted value is 1.
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -571,13 +571,13 @@ Most restricted value is 1.
- - + + Specifies whether application data is restricted to the system drive. Most restricted value is 1. - + The following list shows the supported values: @@ -592,7 +592,7 @@ The following list shows the supported values: **ApplicationManagement/RestrictAppToSystemVolume** - + @@ -614,8 +614,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -623,13 +623,13 @@ The following list shows the supported values:
- - + + Specifies whether the installation of applications is restricted to the system drive. Most restricted value is 1. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md index 53bb0578e4..b30da5cc6a 100644 --- a/windows/client-management/mdm/policy-csp-appvirtualization.md +++ b/windows/client-management/mdm/policy-csp-appvirtualization.md @@ -111,7 +111,7 @@ ms.date: 01/29/2018 **AppVirtualization/AllowAppVClient** - + @@ -133,8 +133,8 @@ ms.date: 01/29/2018
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -142,11 +142,11 @@ ms.date: 01/29/2018
- - + + This policy setting allows you to enable or disable Microsoft Application Virtualization (App-V) feature. Reboot is needed for disable to take effect. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -154,14 +154,14 @@ This policy setting allows you to enable or disable Microsoft Application Virtua > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Enable App-V Client* - GP name: *EnableAppV* - GP path: *System/App-V* - GP ADMX file name: *appv.admx* - +
@@ -169,7 +169,7 @@ ADMX Info: **AppVirtualization/AllowDynamicVirtualization** - + @@ -191,8 +191,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -200,11 +200,11 @@ ADMX Info:
- - + + Enables Dynamic Virtualization of supported shell extensions, browser helper objects, and ActiveX controls. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -212,14 +212,14 @@ Enables Dynamic Virtualization of supported shell extensions, browser helper obj > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Enable Dynamic Virtualization* - GP name: *Virtualization_JITVEnable* - GP path: *System/App-V/Virtualization* - GP ADMX file name: *appv.admx* - +
@@ -227,7 +227,7 @@ ADMX Info: **AppVirtualization/AllowPackageCleanup** - + @@ -249,8 +249,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -258,11 +258,11 @@ ADMX Info:
- - + + Enables automatic cleanup of appv packages that were added after Windows10 anniversary release. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -270,14 +270,14 @@ Enables automatic cleanup of appv packages that were added after Windows10 anniv > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Enable automatic cleanup of unused appv packages* - GP name: *PackageManagement_AutoCleanupEnable* - GP path: *System/App-V/PackageManagement* - GP ADMX file name: *appv.admx* - +
@@ -285,7 +285,7 @@ ADMX Info: **AppVirtualization/AllowPackageScripts** - + @@ -307,8 +307,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -316,11 +316,11 @@ ADMX Info:
- - + + Enables scripts defined in the package manifest of configuration files that should run. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -328,14 +328,14 @@ Enables scripts defined in the package manifest of configuration files that shou > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Enable Package Scripts* - GP name: *Scripting_Enable_Package_Scripts* - GP path: *System/App-V/Scripting* - GP ADMX file name: *appv.admx* - +
@@ -343,7 +343,7 @@ ADMX Info: **AppVirtualization/AllowPublishingRefreshUX** - + @@ -365,8 +365,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -374,11 +374,11 @@ ADMX Info:
- - + + Enables a UX to display to the user when a publishing refresh is performed on the client. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -386,14 +386,14 @@ Enables a UX to display to the user when a publishing refresh is performed on th > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Enable Publishing Refresh UX* - GP name: *Enable_Publishing_Refresh_UX* - GP path: *System/App-V/Publishing* - GP ADMX file name: *appv.admx* - +
@@ -401,7 +401,7 @@ ADMX Info: **AppVirtualization/AllowReportingServer** - + @@ -423,8 +423,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -432,8 +432,8 @@ ADMX Info:
- - + + Reporting Server URL: Displays the URL of reporting server. Reporting Time: When the client data should be reported to the server. Acceptable range is 0~23, corresponding to the 24 hours in a day. A good practice is, don't set this time to a busy hour, e.g. 9AM. @@ -446,7 +446,7 @@ Data Cache Limit: This value specifies the maximum size in megabytes (MB) of the Data Block Size: This value specifies the maximum size in bytes to transmit to the server at once on a reporting upload, to avoid permanent transmission failures when the log has reached a significant size. The default value is 65536. When transmitting report data to the server, one block at a time of application records that is less than or equal to the block size in bytes of XML data will be removed from the cache and sent to the server. Each block will have the general Client data and global package list data prepended, and these will not factor into the block size calculations; the potential exists for an extremely large package list to result in transmission failures over low bandwidth or unreliable connections. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -454,14 +454,14 @@ Data Block Size: This value specifies the maximum size in bytes to transmit to t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Reporting Server* - GP name: *Reporting_Server_Policy* - GP path: *System/App-V/Reporting* - GP ADMX file name: *appv.admx* - +
@@ -469,7 +469,7 @@ ADMX Info: **AppVirtualization/AllowRoamingFileExclusions** - + @@ -491,8 +491,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -500,11 +500,11 @@ ADMX Info:
- - + + Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /FILEEXCLUSIONLIST='desktop;my pictures'. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -512,14 +512,14 @@ Specifies the file paths relative to %userprofile% that do not roam with a user' > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Roaming File Exclusions* - GP name: *Integration_Roaming_File_Exclusions* - GP path: *System/App-V/Integration* - GP ADMX file name: *appv.admx* - +
@@ -527,7 +527,7 @@ ADMX Info: **AppVirtualization/AllowRoamingRegistryExclusions** - + @@ -549,8 +549,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -558,11 +558,11 @@ ADMX Info:
- - + + Specifies the registry paths that do not roam with a user profile. Example usage: /REGISTRYEXCLUSIONLIST=software\classes;software\clients. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -570,14 +570,14 @@ Specifies the registry paths that do not roam with a user profile. Example usage > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Roaming Registry Exclusions* - GP name: *Integration_Roaming_Registry_Exclusions* - GP path: *System/App-V/Integration* - GP ADMX file name: *appv.admx* - +
@@ -585,7 +585,7 @@ ADMX Info: **AppVirtualization/AllowStreamingAutoload** - + @@ -607,8 +607,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -616,11 +616,11 @@ ADMX Info:
- - + + Specifies how new packages should be loaded automatically by App-V on a specific computer. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -628,14 +628,14 @@ Specifies how new packages should be loaded automatically by App-V on a specific > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Specify what to load in background (aka AutoLoad)* - GP name: *Steaming_Autoload* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* - +
@@ -643,7 +643,7 @@ ADMX Info: **AppVirtualization/ClientCoexistenceAllowMigrationmode** - + @@ -665,8 +665,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -674,11 +674,11 @@ ADMX Info:
- - + + Migration mode allows the App-V client to modify shortcuts and FTA's for packages created using a previous version of App-V. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -686,14 +686,14 @@ Migration mode allows the App-V client to modify shortcuts and FTA's for package > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Enable Migration Mode* - GP name: *Client_Coexistence_Enable_Migration_mode* - GP path: *System/App-V/Client Coexistence* - GP ADMX file name: *appv.admx* - +
@@ -701,7 +701,7 @@ ADMX Info: **AppVirtualization/IntegrationAllowRootGlobal** - + @@ -723,8 +723,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -732,11 +732,11 @@ ADMX Info:
- - + + Specifies the location where symbolic links are created to the current version of a per-user published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %localappdata%\Microsoft\AppV\Client\Integration. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -744,14 +744,14 @@ Specifies the location where symbolic links are created to the current version o > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Integration Root User* - GP name: *Integration_Root_User* - GP path: *System/App-V/Integration* - GP ADMX file name: *appv.admx* - +
@@ -759,7 +759,7 @@ ADMX Info: **AppVirtualization/IntegrationAllowRootUser** - + @@ -781,8 +781,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -790,11 +790,11 @@ ADMX Info:
- - + + Specifies the location where symbolic links are created to the current version of a globally published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %allusersprofile%\Microsoft\AppV\Client\Integration. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -802,14 +802,14 @@ Specifies the location where symbolic links are created to the current version o > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Integration Root Global* - GP name: *Integration_Root_Global* - GP path: *System/App-V/Integration* - GP ADMX file name: *appv.admx* - +
@@ -817,7 +817,7 @@ ADMX Info: **AppVirtualization/PublishingAllowServer1** - + @@ -839,8 +839,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -848,8 +848,8 @@ ADMX Info:
- - + + Publishing Server Display Name: Displays the name of publishing server. Publishing Server URL: Displays the URL of publishing server. @@ -870,7 +870,7 @@ User Publishing Refresh Interval: Specifies the publishing refresh interval usin User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -878,14 +878,14 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Publishing Server 1 Settings* - GP name: *Publishing_Server1_Policy* - GP path: *System/App-V/Publishing* - GP ADMX file name: *appv.admx* - +
@@ -893,7 +893,7 @@ ADMX Info: **AppVirtualization/PublishingAllowServer2** - + @@ -915,8 +915,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -924,8 +924,8 @@ ADMX Info:
- - + + Publishing Server Display Name: Displays the name of publishing server. Publishing Server URL: Displays the URL of publishing server. @@ -946,7 +946,7 @@ User Publishing Refresh Interval: Specifies the publishing refresh interval usin User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -954,14 +954,14 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Publishing Server 2 Settings* - GP name: *Publishing_Server2_Policy* - GP path: *System/App-V/Publishing* - GP ADMX file name: *appv.admx* - +
@@ -969,7 +969,7 @@ ADMX Info: **AppVirtualization/PublishingAllowServer3** - + @@ -991,8 +991,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1000,8 +1000,8 @@ ADMX Info:
- - + + Publishing Server Display Name: Displays the name of publishing server. Publishing Server URL: Displays the URL of publishing server. @@ -1022,7 +1022,7 @@ User Publishing Refresh Interval: Specifies the publishing refresh interval usin User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1030,14 +1030,14 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Publishing Server 3 Settings* - GP name: *Publishing_Server3_Policy* - GP path: *System/App-V/Publishing* - GP ADMX file name: *appv.admx* - +
@@ -1045,7 +1045,7 @@ ADMX Info: **AppVirtualization/PublishingAllowServer4** - + @@ -1067,8 +1067,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1076,8 +1076,8 @@ ADMX Info:
- - + + Publishing Server Display Name: Displays the name of publishing server. Publishing Server URL: Displays the URL of publishing server. @@ -1098,7 +1098,7 @@ User Publishing Refresh Interval: Specifies the publishing refresh interval usin User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1106,14 +1106,14 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Publishing Server 4 Settings* - GP name: *Publishing_Server4_Policy* - GP path: *System/App-V/Publishing* - GP ADMX file name: *appv.admx* - +
@@ -1121,7 +1121,7 @@ ADMX Info: **AppVirtualization/PublishingAllowServer5** - + @@ -1143,8 +1143,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1152,8 +1152,8 @@ ADMX Info:
- - + + Publishing Server Display Name: Displays the name of publishing server. Publishing Server URL: Displays the URL of publishing server. @@ -1174,7 +1174,7 @@ User Publishing Refresh Interval: Specifies the publishing refresh interval usin User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1182,14 +1182,14 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Publishing Server 5 Settings* - GP name: *Publishing_Server5_Policy* - GP path: *System/App-V/Publishing* - GP ADMX file name: *appv.admx* - +
@@ -1197,7 +1197,7 @@ ADMX Info: **AppVirtualization/StreamingAllowCertificateFilterForClient_SSL** - + @@ -1219,8 +1219,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1228,11 +1228,11 @@ ADMX Info:
- - + + Specifies the path to a valid certificate in the certificate store. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1240,14 +1240,14 @@ Specifies the path to a valid certificate in the certificate store. > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Certificate Filter For Client SSL* - GP name: *Streaming_Certificate_Filter_For_Client_SSL* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* - +
@@ -1255,7 +1255,7 @@ ADMX Info: **AppVirtualization/StreamingAllowHighCostLaunch** - + @@ -1277,8 +1277,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1286,11 +1286,11 @@ ADMX Info:
- - + + This setting controls whether virtualized applications are launched on Windows 8 machines connected via a metered network connection (e.g. 4G). - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1298,14 +1298,14 @@ This setting controls whether virtualized applications are launched on Windows 8 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection* - GP name: *Streaming_Allow_High_Cost_Launch* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* - +
@@ -1313,7 +1313,7 @@ ADMX Info: **AppVirtualization/StreamingAllowLocationProvider** - + @@ -1335,8 +1335,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1344,11 +1344,11 @@ ADMX Info:
- - + + Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1356,14 +1356,14 @@ Specifies the CLSID for a compatible implementation of the IAppvPackageLocationP > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Location Provider* - GP name: *Streaming_Location_Provider* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* - +
@@ -1371,7 +1371,7 @@ ADMX Info: **AppVirtualization/StreamingAllowPackageInstallationRoot** - + @@ -1393,8 +1393,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1402,11 +1402,11 @@ ADMX Info:
- - + + Specifies directory where all new applications and updates will be installed. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1414,14 +1414,14 @@ Specifies directory where all new applications and updates will be installed. > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Package Installation Root* - GP name: *Streaming_Package_Installation_Root* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* - +
@@ -1429,7 +1429,7 @@ ADMX Info: **AppVirtualization/StreamingAllowPackageSourceRoot** - + @@ -1451,8 +1451,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1460,11 +1460,11 @@ ADMX Info:
- - + + Overrides source location for downloading package content. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1472,14 +1472,14 @@ Overrides source location for downloading package content. > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Package Source Root* - GP name: *Streaming_Package_Source_Root* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* - +
@@ -1487,7 +1487,7 @@ ADMX Info: **AppVirtualization/StreamingAllowReestablishmentInterval** - + @@ -1509,8 +1509,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1518,11 +1518,11 @@ ADMX Info:
- - + + Specifies the number of seconds between attempts to reestablish a dropped session. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1530,14 +1530,14 @@ Specifies the number of seconds between attempts to reestablish a dropped sessio > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Reestablishment Interval* - GP name: *Streaming_Reestablishment_Interval* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* - +
@@ -1545,7 +1545,7 @@ ADMX Info: **AppVirtualization/StreamingAllowReestablishmentRetries** - + @@ -1567,8 +1567,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1576,11 +1576,11 @@ ADMX Info:
- - + + Specifies the number of times to retry a dropped session. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1588,14 +1588,14 @@ Specifies the number of times to retry a dropped session. > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Reestablishment Retries* - GP name: *Streaming_Reestablishment_Retries* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* - +
@@ -1603,7 +1603,7 @@ ADMX Info: **AppVirtualization/StreamingSharedContentStoreMode** - + @@ -1625,8 +1625,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1634,11 +1634,11 @@ ADMX Info:
- - + + Specifies that streamed package contents will be not be saved to the local hard disk. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1646,14 +1646,14 @@ Specifies that streamed package contents will be not be saved to the local hard > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Shared Content Store (SCS) mode* - GP name: *Streaming_Shared_Content_Store_Mode* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* - +
@@ -1661,7 +1661,7 @@ ADMX Info: **AppVirtualization/StreamingSupportBranchCache** - + @@ -1683,8 +1683,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1692,11 +1692,11 @@ ADMX Info:
- - + + If enabled, the App-V client will support BrancheCache compatible HTTP streaming. If BranchCache support is not desired, this should be disabled. The client can then apply HTTP optimizations which are incompatible with BranchCache - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1704,14 +1704,14 @@ If enabled, the App-V client will support BrancheCache compatible HTTP streaming > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Enable Support for BranchCache* - GP name: *Streaming_Support_Branch_Cache* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* - +
@@ -1719,7 +1719,7 @@ ADMX Info: **AppVirtualization/StreamingVerifyCertificateRevocationList** - + @@ -1741,8 +1741,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1750,11 +1750,11 @@ ADMX Info:
- - + + Verifies Server certificate revocation status before streaming using HTTPS. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1762,14 +1762,14 @@ Verifies Server certificate revocation status before streaming using HTTPS. > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Verify certificate revocation list* - GP name: *Streaming_Verify_Certificate_Revocation_List* - GP path: *System/App-V/Streaming* - GP ADMX file name: *appv.admx* - +
@@ -1777,7 +1777,7 @@ ADMX Info: **AppVirtualization/VirtualComponentsAllowList** - + @@ -1799,8 +1799,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1808,11 +1808,11 @@ ADMX Info:
- - + + Specifies a list of process paths (may contain wildcards) which are candidates for using virtual components (shell extensions, browser helper objects, etc). Only processes whose full path matches one of these items can use virtual components. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1820,14 +1820,14 @@ Specifies a list of process paths (may contain wildcards) which are candidates f > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Virtual Component Process Allow List* - GP name: *Virtualization_JITVAllowList* - GP path: *System/App-V/Virtualization* - GP ADMX file name: *appv.admx* - +
diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md index 21e12791ee..257d3f313a 100644 --- a/windows/client-management/mdm/policy-csp-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md @@ -36,7 +36,7 @@ ms.date: 01/29/2018 **AttachmentManager/DoNotPreserveZoneInformation** - + @@ -58,8 +58,8 @@ ms.date: 01/29/2018
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -67,8 +67,8 @@ ms.date: 01/29/2018
- - + + This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted, Internet, intranet, local). This requires NTFS in order to function correctly, and will fail without notice on FAT32. By not preserving the zone information, Windows cannot make proper risk assessments. If you enable this policy setting, Windows does not mark file attachments with their zone information. @@ -77,7 +77,7 @@ If you disable this policy setting, Windows marks file attachments with their zo If you do not configure this policy setting, Windows marks file attachments with their zone information. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -85,14 +85,14 @@ If you do not configure this policy setting, Windows marks file attachments with > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Do not preserve zone information in file attachments* - GP name: *AM_MarkZoneOnSavedAtttachments* - GP path: *Windows Components/Attachment Manager* - GP ADMX file name: *AttachmentManager.admx* - +
@@ -100,7 +100,7 @@ ADMX Info: **AttachmentManager/HideZoneInfoMechanism** - + @@ -122,8 +122,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -131,8 +131,8 @@ ADMX Info:
- - + + This policy setting allows you to manage whether users can manually remove the zone information from saved file attachments by clicking the Unblock button in the file's property sheet or by using a check box in the security warning dialog. Removing the zone information allows users to open potentially dangerous file attachments that Windows has blocked users from opening. If you enable this policy setting, Windows hides the check box and Unblock button. @@ -141,7 +141,7 @@ If you disable this policy setting, Windows shows the check box and Unblock butt If you do not configure this policy setting, Windows hides the check box and Unblock button. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -149,14 +149,14 @@ If you do not configure this policy setting, Windows hides the check box and Unb > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Hide mechanisms to remove zone information* - GP name: *AM_RemoveZoneInfo* - GP path: *Windows Components/Attachment Manager* - GP ADMX file name: *AttachmentManager.admx* - +
@@ -164,7 +164,7 @@ ADMX Info: **AttachmentManager/NotifyAntivirusPrograms** - + @@ -186,8 +186,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -195,8 +195,8 @@ ADMX Info:
- - + + This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered, they will all be notified. If the registered antivirus program already performs on-access checks or scans files as they arrive on the computer's email server, additional calls would be redundant. If you enable this policy setting, Windows tells the registered antivirus program to scan the file when a user opens a file attachment. If the antivirus program fails, the attachment is blocked from being opened. @@ -205,7 +205,7 @@ If you disable this policy setting, Windows does not call the registered antivir If you do not configure this policy setting, Windows does not call the registered antivirus programs when file attachments are opened. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -213,14 +213,14 @@ If you do not configure this policy setting, Windows does not call the registere > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Notify antivirus programs when opening attachments* - GP name: *AM_CallIOfficeAntiVirus* - GP path: *Windows Components/Attachment Manager* - GP ADMX file name: *AttachmentManager.admx* - +
diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index 16cef802ca..d030e6f423 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -42,7 +42,7 @@ ms.date: 01/29/2018 **Authentication/AllowAadPasswordReset** - + @@ -64,8 +64,8 @@ ms.date: 01/29/2018
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -73,11 +73,11 @@ ms.date: 01/29/2018
- - + + Added in Windows 10, version 1709. Specifies whether password reset is enabled for Azure Active Directory accounts. This policy allows the Azure AD tenant administrators to enable self service password reset feature on the windows logon screen. - + The following list shows the supported values: @@ -92,7 +92,7 @@ The following list shows the supported values: **Authentication/AllowEAPCertSSO** - + @@ -114,8 +114,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -123,11 +123,11 @@ The following list shows the supported values:
- - + + Allows an EAP cert-based authentication for a single sign on (SSO) to access internal resources. - + The following list shows the supported values: @@ -142,7 +142,7 @@ The following list shows the supported values: **Authentication/AllowFastReconnect** - + @@ -164,8 +164,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -173,13 +173,13 @@ The following list shows the supported values:
- - + + Allows EAP Fast Reconnect from being attempted for EAP Method TLS. Most restricted value is 0. - + The following list shows the supported values: @@ -194,7 +194,7 @@ The following list shows the supported values: **Authentication/AllowFidoDeviceSignon** - + @@ -216,8 +216,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -225,15 +225,15 @@ The following list shows the supported values:
- - + + Preview release in Windows 10, version 1709. Supported in the next release. Specifies whether Fast Identity Online (FIDO) device can be used to sign on. This policy enables the Windows logon credential provider for FIDO 2.0 Value type is integer. Here is an example scenario: At Contoso, there are a lot of shared devices and kiosks that employees throughout the day using as many as 20 different devices. To minimize the loss in productivity when employees have to login with username and password everytime they pick up a device, the IT admin deploys SharePC CSP and Authentication/AllowFidoDeviceSignon policy to shared devices. The IT admin provisions and distributes FIDO 2.0 devices to employees, which allows them to authenticate to various shared devices and PCs. - + The following list shows the supported values: @@ -248,7 +248,7 @@ The following list shows the supported values: **Authentication/AllowSecondaryAuthenticationDevice** - + @@ -270,8 +270,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -279,13 +279,13 @@ The following list shows the supported values:
- - + + Added in Windows 10, version 1607. Allows secondary authentication devices to work with Windows. The default for this policy must be on for consumer devices (defined as local or Microsoft account connected device) and off for enterprise devices (such as cloud domain-joined, cloud domain-joined in an on-premise only environment, cloud domain-joined in a hybrid environment, and BYOD). - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md index ea392f0f79..0c38facc2f 100644 --- a/windows/client-management/mdm/policy-csp-autoplay.md +++ b/windows/client-management/mdm/policy-csp-autoplay.md @@ -36,7 +36,7 @@ ms.date: 01/29/2018 **Autoplay/DisallowAutoplayForNonVolumeDevices** - + @@ -58,8 +58,8 @@ ms.date: 01/29/2018
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -68,15 +68,15 @@ ms.date: 01/29/2018
- - + + This policy setting disallows AutoPlay for MTP devices like cameras or phones. If you enable this policy setting, AutoPlay is not allowed for MTP devices like cameras or phones. If you disable or do not configure this policy setting, AutoPlay is enabled for non-volume devices. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -84,14 +84,14 @@ If you disable or do not configure this policy setting, AutoPlay is enabled for > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Disallow Autoplay for non-volume devices* - GP name: *NoAutoplayfornonVolume* - GP path: *Windows Components/AutoPlay Policies* - GP ADMX file name: *AutoPlay.admx* - +
@@ -99,7 +99,7 @@ ADMX Info: **Autoplay/SetDefaultAutoRunBehavior** - + @@ -121,8 +121,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -131,8 +131,8 @@ ADMX Info:
- - + + This policy setting sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines. @@ -148,7 +148,7 @@ b) Revert back to pre-Windows Vista behavior of automatically executing the auto If you disable or not configure this policy setting, Windows Vista or later will prompt the user whether autorun command is to be run. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -156,14 +156,14 @@ If you disable or not configure this policy setting, Windows Vista or later will > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Set the default behavior for AutoRun* - GP name: *NoAutorun* - GP path: *Windows Components/AutoPlay Policies* - GP ADMX file name: *AutoPlay.admx* - +
@@ -171,7 +171,7 @@ ADMX Info: **Autoplay/TurnOffAutoPlay** - + @@ -193,8 +193,8 @@ ADMX Info:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -203,8 +203,8 @@ ADMX Info:
- - + + This policy setting allows you to turn off the Autoplay feature. Autoplay begins reading from a drive as soon as you insert media in the drive. As a result, the setup file of programs and the music on audio media start immediately. @@ -221,7 +221,7 @@ If you disable or do not configure this policy setting, AutoPlay is enabled. Note: This policy setting appears in both the Computer Configuration and User Configuration folders. If the policy settings conflict, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -229,14 +229,14 @@ Note: This policy setting appears in both the Computer Configuration and User Co > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off Autoplay* - GP name: *Autorun* - GP path: *Windows Components/AutoPlay Policies* - GP ADMX file name: *AutoPlay.admx* - +
diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md index 5310af5a0a..ab5e371656 100644 --- a/windows/client-management/mdm/policy-csp-bitlocker.md +++ b/windows/client-management/mdm/policy-csp-bitlocker.md @@ -30,7 +30,7 @@ ms.date: 01/29/2018 **Bitlocker/EncryptionMethod** - + @@ -52,8 +52,8 @@ ms.date: 01/29/2018
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -61,8 +61,8 @@ ms.date: 01/29/2018
- - + + Specifies the BitLocker Drive Encryption method and cipher strength. > [!NOTE] @@ -96,7 +96,7 @@ You can find the following policies in BitLocker CSP: - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index aebbabd6f8..4cc182b25a 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -42,7 +42,7 @@ ms.date: 01/29/2018 **Bluetooth/AllowAdvertising** - + @@ -64,8 +64,8 @@ ms.date: 01/29/2018
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -73,15 +73,15 @@ ms.date: 01/29/2018
- - + + Specifies whether the device can send out Bluetooth advertisements. If this is not set or it is deleted, the default value of 1 (Allow) is used. Most restricted value is 0. - + The following list shows the supported values: @@ -96,7 +96,7 @@ The following list shows the supported values: **Bluetooth/AllowDiscoverableMode** - + @@ -118,8 +118,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -127,15 +127,15 @@ The following list shows the supported values:
- - + + Specifies whether other Bluetooth-enabled devices can discover the device. If this is not set or it is deleted, the default value of 1 (Allow) is used. Most restricted value is 0. - + The following list shows the supported values: @@ -150,7 +150,7 @@ The following list shows the supported values: **Bluetooth/AllowPrepairing** - + @@ -172,8 +172,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -181,11 +181,11 @@ The following list shows the supported values:
- - + + Specifies whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device. - + The following list shows the supported values: @@ -200,7 +200,7 @@ The following list shows the supported values: **Bluetooth/LocalDeviceName** - + @@ -222,8 +222,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -231,15 +231,15 @@ The following list shows the supported values:
- - + + Sets the local Bluetooth device name. If this is set, the value that it is set to will be used as the Bluetooth device name. To verify the policy is set, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel, and verify that the value that was specified. If this policy is not set or it is deleted, the default local radio name is used. - +
@@ -247,7 +247,7 @@ If this policy is not set or it is deleted, the default local radio name is used **Bluetooth/ServicesAllowedList** - + @@ -269,8 +269,8 @@ If this policy is not set or it is deleted, the default local radio name is used
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -278,13 +278,13 @@ If this policy is not set or it is deleted, the default local radio name is used
- - + + Set a list of allowable services and profiles. String hex formatted array of Bluetooth service UUIDs in canonical format, delimited by semicolons. For example, {782AFCFC-7CAA-436C-8BF0-78CD0FFBD4AF}. The default value is an empty string. - +
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index 5e4018865e..cb2b6f9db3 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -143,7 +143,7 @@ ms.date: 01/29/2018 **Browser/AllowAddressBarDropdown** - + @@ -165,8 +165,8 @@ ms.date: 01/29/2018
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -175,8 +175,8 @@ ms.date: 01/29/2018
- - + + Added in Windows 10, version 1703. Specifies whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality.  > [!NOTE] @@ -184,7 +184,7 @@ Added in Windows 10, version 1703. Specifies whether to allow the address bar dr Most restricted value is 0. - + The following list shows the supported values: @@ -199,7 +199,7 @@ The following list shows the supported values: **Browser/AllowAutofill** - + @@ -221,8 +221,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -231,8 +231,8 @@ The following list shows the supported values:
- - + + Specifies whether autofill on websites is allowed. Most restricted value is 0. @@ -244,7 +244,7 @@ To verify AllowAutofill is set to 0 (not allowed): 3. Click **Settings** in the drop down list, and select **View Advanced Settings**. 4. Verify the setting **Save form entries** is greyed out. - + The following list shows the supported values: @@ -259,7 +259,7 @@ The following list shows the supported values: **Browser/AllowBrowser** - + @@ -281,8 +281,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -291,8 +291,8 @@ The following list shows the supported values:
- - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. For desktop devices, use the [AppLocker CSP](applocker-csp.md) instead. @@ -303,7 +303,7 @@ Most restricted value is 0. When this policy is set to 0 (not allowed), the Microsoft Edge for Windows 10 Mobile tile will appear greyed out, and clicking on the tile will display a message indicating theat Internet browsing has been disabled by your administrator. - + The following list shows the supported values: @@ -318,7 +318,7 @@ The following list shows the supported values: **Browser/AllowCookies** - + @@ -340,8 +340,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -350,8 +350,8 @@ The following list shows the supported values:
- - + + Specifies whether cookies are allowed. The following list shows the supported values: @@ -368,7 +368,7 @@ To verify AllowCookies is set to 0 (not allowed): 3. Click **Settings** in the drop down list, and select **View Advanced Settings**. 4. Verify the setting **Cookies** is greyed out. - +
@@ -376,7 +376,7 @@ To verify AllowCookies is set to 0 (not allowed): **Browser/AllowDeveloperTools** - + @@ -398,8 +398,8 @@ To verify AllowCookies is set to 0 (not allowed):
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -408,8 +408,8 @@ To verify AllowCookies is set to 0 (not allowed):
- - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -418,7 +418,7 @@ Specifies whether employees can use F12 Developer Tools on Microsoft Edge. Turni Most restricted value is 0. - + The following list shows the supported values: @@ -433,7 +433,7 @@ The following list shows the supported values: **Browser/AllowDoNotTrack** - + @@ -455,8 +455,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -465,8 +465,8 @@ The following list shows the supported values:
- - + + Specifies whether Do Not Track headers are allowed. Most restricted value is 1. @@ -478,7 +478,7 @@ To verify AllowDoNotTrack is set to 0 (not allowed): 3. Click **Settings** in the drop down list, and select **View Advanced Settings**. 4. Verify the setting **Send Do Not Track requests** is greyed out. - + The following list shows the supported values: @@ -493,7 +493,7 @@ The following list shows the supported values: **Browser/AllowExtensions** - + @@ -515,8 +515,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -525,11 +525,11 @@ The following list shows the supported values:
- - + + Added in Windows 10, version 1607. Specifies whether Microsoft Edge extensions are allowed. - + The following list shows the supported values: @@ -544,7 +544,7 @@ The following list shows the supported values: **Browser/AllowFlash** - + @@ -566,8 +566,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -576,11 +576,11 @@ The following list shows the supported values:
- - + + Added in Windows 10. Specifies whether Adobe Flash can run in Microsoft Edge. - + The following list shows the supported values: @@ -595,7 +595,7 @@ The following list shows the supported values: **Browser/AllowFlashClickToRun** - + @@ -617,8 +617,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -627,11 +627,11 @@ The following list shows the supported values:
- - + + Added in Windows 10, version 1703. Specifies whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. - + The following list shows the supported values: @@ -646,7 +646,7 @@ The following list shows the supported values: **Browser/AllowInPrivate** - + @@ -668,8 +668,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -678,13 +678,13 @@ The following list shows the supported values:
- - + + Specifies whether InPrivate browsing is allowed on corporate networks. Most restricted value is 0. - + The following list shows the supported values: @@ -699,7 +699,7 @@ The following list shows the supported values: **Browser/AllowMicrosoftCompatibilityList** - + @@ -721,8 +721,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -731,8 +731,8 @@ The following list shows the supported values:
- - + + Added in Windows 10, version 1703. Specifies whether to use the Microsoft compatibility list in Microsoft Edge. The Microsoft compatibility list is a Microsoft-provided list that enables sites with known compatibility issues to display properly. By default, the Microsoft compatibility list is enabled and can be viewed by visiting "about:compat". @@ -740,7 +740,7 @@ If you enable or don’t configure this setting, Microsoft Edge periodically dow Most restricted value is 0. - + The following list shows the supported values: @@ -755,7 +755,7 @@ The following list shows the supported values: **Browser/AllowPasswordManager** - + @@ -777,8 +777,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -787,8 +787,8 @@ The following list shows the supported values:
- - + + Specifies whether saving and managing passwords locally on the device is allowed. Most restricted value is 0. @@ -800,7 +800,7 @@ To verify AllowPasswordManager is set to 0 (not allowed): 3. Click **Settings** in the drop down list, and select **View Advanced Settings**. 4. Verify the settings **Offer to save password** and **Manage my saved passwords** are greyed out. - + The following list shows the supported values: @@ -815,7 +815,7 @@ The following list shows the supported values: **Browser/AllowPopups** - + @@ -837,8 +837,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -847,8 +847,8 @@ The following list shows the supported values:
- - + + Specifies whether pop-up blocker is allowed or enabled. Most restricted value is 1. @@ -860,7 +860,7 @@ To verify AllowPopups is set to 0 (not allowed): 3. Click **Settings** in the drop down list, and select **View Advanced Settings**. 4. Verify the setting **Block pop-ups** is greyed out. - + The following list shows the supported values: @@ -875,7 +875,7 @@ The following list shows the supported values: **Browser/AllowSearchEngineCustomization** - + @@ -897,8 +897,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -907,15 +907,15 @@ The following list shows the supported values:
- - + + Added in Windows 10, version 1703. Allows search engine customization for MDM-enrolled devices. Users can change their default search engine.     If this setting is turned on or not configured, users can add new search engines and change the default used in the address bar from within Microsoft Edge settings. If this setting is disabled, users will be unable to add search engines or change the default used in the address bar. This policy applies only on domain-joined machines or when the device is MDM-enrolled. For more information, see Microsoft browser extension policy (aka.ms/browserpolicy).  Most restricted value is 0. - + The following list shows the supported values: @@ -930,7 +930,7 @@ The following list shows the supported values: **Browser/AllowSearchSuggestionsinAddressBar** - + @@ -952,8 +952,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -962,13 +962,13 @@ The following list shows the supported values:
- - + + Specifies whether search suggestions are allowed in the address bar. Most restricted value is 0. - + The following list shows the supported values: @@ -983,7 +983,7 @@ The following list shows the supported values: **Browser/AllowSmartScreen** - + @@ -1005,8 +1005,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1015,8 +1015,8 @@ The following list shows the supported values:
- - + + Specifies whether Windows Defender SmartScreen is allowed. Most restricted value is 1. @@ -1028,7 +1028,7 @@ To verify AllowSmartScreen is set to 0 (not allowed): 3. Click **Settings** in the drop down list, and select **View Advanced Settings**. 4. Verify the setting **Help protect me from malicious sites and download with SmartScreen Filter** is greyed out. - + The following list shows the supported values: @@ -1043,7 +1043,7 @@ The following list shows the supported values: **Browser/AlwaysEnableBooksLibrary** - + @@ -1065,8 +1065,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1075,11 +1075,11 @@ The following list shows the supported values:
- - + + Added in Windows 10, next majot update. Always show the Books Library in Microsoft Edge - + The following list shows the supported values: @@ -1094,7 +1094,7 @@ The following list shows the supported values: **Browser/ClearBrowsingDataOnExit** - + @@ -1116,8 +1116,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1126,8 +1126,8 @@ The following list shows the supported values:
- - + + Added in Windows 10, version 1703. Specifies whether to clear browsing data on exiting Microsoft Edge. Most restricted value is 1. @@ -1138,7 +1138,7 @@ To verify that browsing data is cleared on exit (ClearBrowsingDataOnExit is set 2. Close the Microsoft Edge window. 3. Open Microsoft Edge and start typing the same URL in address bar. Verify that it does not auto-complete from history. - + The following list shows the supported values: @@ -1153,7 +1153,7 @@ The following list shows the supported values: **Browser/ConfigureAdditionalSearchEngines** - + @@ -1175,8 +1175,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1185,8 +1185,8 @@ The following list shows the supported values:
- - + + Added in Windows 10, version 1703. Allows you to add up to 5 additional search engines for MDM-enrolled devices.    If this policy is enabled, you can add up to 5 additional search engines for your employees. For each additional search engine you want to add, specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/). @@ -1204,7 +1204,7 @@ The following list shows the supported values: Most restricted value is 0. - +
@@ -1212,7 +1212,7 @@ Most restricted value is 0. **Browser/DisableLockdownOfStartPages** - + @@ -1234,8 +1234,8 @@ Most restricted value is 0.
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1244,8 +1244,8 @@ Most restricted value is 0.
- - + + Added in Windows 10, version 1703. Boolean value that specifies whether the lockdown on the Start pages is disabled. This policy works with the Browser/HomePages policy, which locks down the Start pages that the users cannot modify. You can use the DisableLockdownOfStartPages policy to allow users to modify the Start pages when the Browser/HomePages policy is in effect.     > [!NOTE] @@ -1256,7 +1256,7 @@ Added in Windows 10, version 1703. Boolean value that specifies whether the lock Most restricted value is 0. - + The following list shows the supported values: @@ -1271,7 +1271,7 @@ The following list shows the supported values: **Browser/EnableExtendedBooksTelemetry** - + @@ -1293,8 +1293,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1303,13 +1303,13 @@ The following list shows the supported values:
- - + + This policy setting lets you decide how much data to send to Microsoft about the book you're reading from the Books tab in Microsoft Edge. If you enable this setting, Microsoft Edge sends additional telemetry data, on top of the basic telemetry data, from the Books tab. If you disable or don't configure this setting, Microsoft Edge only sends basic telemetry data, depending on your device configuration. - + The following list shows the supported values: @@ -1324,7 +1324,7 @@ The following list shows the supported values: **Browser/EnterpriseModeSiteList** - + @@ -1346,8 +1346,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1356,8 +1356,8 @@ The following list shows the supported values:
- - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -1369,7 +1369,7 @@ The following list shows the supported values: - Not configured. The device checks for updates from Microsoft Update. - Set to a URL location of the enterprise site list. - +
@@ -1377,7 +1377,7 @@ The following list shows the supported values: **Browser/EnterpriseSiteListServiceUrl** - + @@ -1399,8 +1399,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1409,12 +1409,12 @@ The following list shows the supported values:
- - + + > [!IMPORTANT] > This policy (introduced in Windows 10, version 1507) was deprecated in Windows 10, version 1511 by [Browser/EnterpriseModeSiteList](#browser-enterprisemodesitelist). - +
@@ -1422,7 +1422,7 @@ The following list shows the supported values: **Browser/FirstRunURL** - + @@ -1444,8 +1444,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1454,8 +1454,8 @@ The following list shows the supported values:
- - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -1466,7 +1466,7 @@ The data type is a string. The default value is an empty string. Otherwise, the string should contain the URL of the webpage users will see the first time Microsoft Edge is run. For example, “contoso.com”. - +
@@ -1474,7 +1474,7 @@ The default value is an empty string. Otherwise, the string should contain the U **Browser/HomePages** - + @@ -1496,8 +1496,8 @@ The default value is an empty string. Otherwise, the string should contain the U
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1506,8 +1506,8 @@ The default value is an empty string. Otherwise, the string should contain the U
- - + + > [!NOTE] > This policy is only available for Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -1520,7 +1520,7 @@ Starting in Windows 10, version 1703, if you don’t want to send traffic to Mi > [!NOTE] > Turning this setting off, or not configuring it, sets your default Start pages to the webpages specified in App settings. - +
@@ -1528,7 +1528,7 @@ Starting in Windows 10, version 1703, if you don’t want to send traffic to Mi **Browser/LockdownFavorites** - + @@ -1550,8 +1550,8 @@ Starting in Windows 10, version 1703, if you don’t want to send traffic to Mi
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1560,8 +1560,8 @@ Starting in Windows 10, version 1703, if you don’t want to send traffic to Mi
- - + + Added in Windows 10, version 1709. This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge. If you enable this setting, employees won't be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off. @@ -1573,7 +1573,7 @@ If you disable or don't configure this setting (default), employees can add, imp Data type is integer. - + The following list shows the supported values: @@ -1588,7 +1588,7 @@ The following list shows the supported values: **Browser/PreventAccessToAboutFlagsInMicrosoftEdge** - + @@ -1610,8 +1610,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1620,11 +1620,11 @@ The following list shows the supported values:
- - + + Specifies whether users can access the about:flags page, which is used to change developer settings and to enable experimental features. - + The following list shows the supported values: @@ -1639,7 +1639,7 @@ The following list shows the supported values: **Browser/PreventFirstRunPage** - + @@ -1661,8 +1661,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1671,13 +1671,13 @@ The following list shows the supported values:
- - + + Added in Windows 10, version 1703. Specifies whether to enable or disable the First Run webpage. On the first explicit user-launch of Microsoft Edge, a First Run webpage hosted on Microsoft.com opens automatically via a FWLINK. This policy allows enterprises (such as those enrolled in a zero-emissions configuration) to prevent this page from opening. Most restricted value is 1. - + The following list shows the supported values: @@ -1692,7 +1692,7 @@ The following list shows the supported values: **Browser/PreventLiveTileDataCollection** - + @@ -1714,8 +1714,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1724,13 +1724,13 @@ The following list shows the supported values:
- - + + Added in Windows 10, version 1703. Specifies whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge. Most restricted value is 1. - + The following list shows the supported values: @@ -1745,7 +1745,7 @@ The following list shows the supported values: **Browser/PreventSmartScreenPromptOverride** - + @@ -1767,8 +1767,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1777,13 +1777,13 @@ The following list shows the supported values:
- - + + Specifies whether users can override the Windows Defender SmartScreen Filter warnings about potentially malicious websites. Turning this setting on stops users from ignoring the Windows Defender SmartScreen Filter warnings and blocks them from going to the site. Turning this setting off, or not configuring it, lets users ignore the Windows Defender SmartScreen Filter warnings about potentially malicious websites and to continue to the site. - + The following list shows the supported values: @@ -1798,7 +1798,7 @@ The following list shows the supported values: **Browser/PreventSmartScreenPromptOverrideForFiles** - + @@ -1820,8 +1820,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1830,11 +1830,11 @@ The following list shows the supported values:
- - + + Specifies whether users can override the Windows Defender SmartScreen Filter warnings about downloading unverified files. Turning this setting on stops users from ignoring the Windows Defender SmartScreen Filter warnings and blocks them from downloading unverified files. Turning this setting off, or not configuring it, lets users ignore the Windows Defender SmartScreen Filter warnings about unverified files and lets them continue the download process. - + The following list shows the supported values: @@ -1849,7 +1849,7 @@ The following list shows the supported values: **Browser/PreventUsingLocalHostIPAddressForWebRTC** - + @@ -1871,8 +1871,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1881,15 +1881,15 @@ The following list shows the supported values:
- - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. Specifies whether a user's localhost IP address is displayed while making phone calls using the WebRTC protocol. Turning this setting on hides an user’s localhost IP address while making phone calls using WebRTC. Turning this setting off, or not configuring it, shows an user’s localhost IP address while making phone calls using WebRTC. - + The following list shows the supported values: @@ -1904,7 +1904,7 @@ The following list shows the supported values: **Browser/ProvisionFavorites** - + @@ -1926,8 +1926,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1936,8 +1936,8 @@ The following list shows the supported values:
- - + + Added in Windows 10, version 1709. This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites. Specify the URL which points to the file that has all the data for provisioning favorites (in html format). You can export a set of favorites from Edge and use that html file for provisioning user machines.   URL can be specified as: @@ -1953,7 +1953,7 @@ If you disable or don't configure this setting, employees will see the favorites Data type is string. - +
@@ -1961,7 +1961,7 @@ Data type is string. **Browser/SendIntranetTraffictoInternetExplorer** - + @@ -1983,8 +1983,8 @@ Data type is string.
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1993,8 +1993,8 @@ Data type is string.
- - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -2003,7 +2003,7 @@ Specifies whether to send intranet traffic over to Internet Explorer. Most restricted value is 0. - + The following list shows the supported values: @@ -2018,7 +2018,7 @@ The following list shows the supported values: **Browser/SetDefaultSearchEngine** - + @@ -2040,8 +2040,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2050,8 +2050,8 @@ The following list shows the supported values:
- - + + Added in Windows 10, version 1703. Allows you configure the default search engine for your employees. By default, your employees can change the default search engine at any time. If you want to prevent your employees from changing the default search engine that you set, you can do so by configuring the AllowSearchEngineCustomization policy. You must specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/). If you want your employees to use the Microsoft Edge factory settings for the default search engine for their market, set the string EDGEDEFAULT; otherwise, if you want your employees to use Bing as the default search engine, set the string EDGEBING.  @@ -2068,7 +2068,7 @@ The following list shows the supported values: Most restricted value is 0. - +
@@ -2076,7 +2076,7 @@ Most restricted value is 0. **Browser/ShowMessageWhenOpeningSitesInInternetExplorer** - + @@ -2098,8 +2098,8 @@ Most restricted value is 0.
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2108,8 +2108,8 @@ Most restricted value is 0.
- - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -2118,7 +2118,7 @@ Added in Windows 10, version 1607. Specifies whether users should see a full in Most restricted value is 0. - + The following list shows the supported values: @@ -2133,7 +2133,7 @@ The following list shows the supported values: **Browser/SyncFavoritesBetweenIEAndMicrosoftEdge** - + @@ -2155,8 +2155,8 @@ The following list shows the supported values:
Home
- - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2165,8 +2165,8 @@ The following list shows the supported values:
- - + + Added in Windows 10, version 1703. Specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including: additions, deletions, modifications, and ordering. > [!NOTE] @@ -2182,7 +2182,7 @@ To verify that favorites are in synchronized between Internet Explorer and Micro
  • Verify that the favorites added to Internet Explorer show up in the favorites list in Microsoft Edge. - + The following list shows the supported values: @@ -2197,7 +2197,7 @@ The following list shows the supported values: **Browser/UseSharedFolderForBooks** - + @@ -2219,8 +2219,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2229,11 +2229,11 @@ The following list shows the supported values:
    - - + + This setting specifies whether organizations should use a folder shared across users to store books from the Books Library. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md index 6e910bd0ff..d92acc51af 100644 --- a/windows/client-management/mdm/policy-csp-camera.md +++ b/windows/client-management/mdm/policy-csp-camera.md @@ -30,7 +30,7 @@ ms.date: 01/29/2018 **Camera/AllowCamera** - + @@ -52,8 +52,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -61,13 +61,13 @@ ms.date: 01/29/2018
    - - + + Disables or enables the camera. Most restricted value is 0. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md index c1be290991..8fd91336fe 100644 --- a/windows/client-management/mdm/policy-csp-cellular.md +++ b/windows/client-management/mdm/policy-csp-cellular.md @@ -42,7 +42,7 @@ ms.date: 01/29/2018 **Cellular/LetAppsAccessCellularData** - + @@ -64,8 +64,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -73,8 +73,8 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1709. This policy setting specifies whether Windows apps can access cellular data. You can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting. @@ -89,7 +89,7 @@ If you disable or do not configure this policy setting, employees in your organi If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.” - + The following list shows the supported values: @@ -105,7 +105,7 @@ The following list shows the supported values: **Cellular/LetAppsAccessCellularData_ForceAllowTheseApps** - + @@ -127,8 +127,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -136,11 +136,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string. - +
    @@ -148,7 +148,7 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N **Cellular/LetAppsAccessCellularData_ForceDenyTheseApps** - + @@ -170,8 +170,8 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -179,11 +179,11 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N
    - - + + Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string. - +
    @@ -191,7 +191,7 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N **Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps** - + @@ -213,8 +213,8 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -222,11 +222,11 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N
    - - + + Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the cellular data access setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string. - +
    @@ -234,7 +234,7 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N **Cellular/ShowAppCellularAccessUI** - + @@ -256,8 +256,8 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -265,8 +265,8 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N
    - - + + This policy setting configures the visibility of the link to the per-application cellular access control page in the cellular setting UX. If this policy setting is enabled, a drop-down list box presenting possible values will be active. Select "Hide" or "Show" to hide or show the link to the per-application cellular access control page. @@ -278,7 +278,7 @@ Supported values: - 0 - Hide - 1 - Show - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -286,14 +286,14 @@ Supported values: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Set Per-App Cellular Access UI Visibility* - GP name: *ShowAppCellularAccessUI* - GP path: *Network/WWAN Service/WWAN UI Settings* - GP ADMX file name: *wwansvc.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index e121d2f02c..537f8beffa 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -69,7 +69,7 @@ ms.date: 01/29/2018 **Connectivity/AllowBluetooth** - + @@ -91,8 +91,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -100,8 +100,8 @@ ms.date: 01/29/2018
    - - + + Allows the user to enable Bluetooth or restrict access. > [!NOTE] @@ -111,7 +111,7 @@ If this is not set or it is deleted, the default value of 2 (Allow) is used. Most restricted value is 0. - + The following list shows the supported values: @@ -127,7 +127,7 @@ The following list shows the supported values: **Connectivity/AllowCellularData** - + @@ -149,8 +149,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -158,11 +158,11 @@ The following list shows the supported values:
    - - + + Allows the cellular data channel on the device. Device reboot is not required to enforce the policy. - + The following list shows the supported values: @@ -178,7 +178,7 @@ The following list shows the supported values: **Connectivity/AllowCellularDataRoaming** - + @@ -200,8 +200,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -209,13 +209,13 @@ The following list shows the supported values:
    - - + + Allows or disallows cellular data roaming on the device. Device reboot is not required to enforce the policy. Most restricted value is 0. - + The following list shows the supported values: @@ -241,7 +241,7 @@ To validate on mobile devices, do the following: **Connectivity/AllowConnectedDevices** - + @@ -263,8 +263,8 @@ To validate on mobile devices, do the following:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -272,14 +272,14 @@ To validate on mobile devices, do the following:
    - - + + > [!NOTE] > This policy requires reboot to take effect. Added in Windows 10, version 1703. Allows IT Admins the ability to disable the Connected Devices Platform (CDP) component. CDP enables discovery and connection to other devices (either proximally with BT/LAN or through the cloud) to support remote app launching, remote messaging, remote app sessions, and other cross-device experiences. - + The following list shows the supported values: @@ -294,7 +294,7 @@ The following list shows the supported values: **Connectivity/AllowNFC** - + @@ -316,8 +316,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -325,8 +325,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -335,7 +335,7 @@ Allows or disallows near field communication (NFC) on the device. Most restricted value is 0. - + The following list shows the supported values: @@ -350,7 +350,7 @@ The following list shows the supported values: **Connectivity/AllowUSBConnection** - + @@ -372,8 +372,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -381,8 +381,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -393,7 +393,7 @@ Both Media Transfer Protocol (MTP) and IP over USB are disabled when this policy Most restricted value is 0. - + The following list shows the supported values: @@ -408,7 +408,7 @@ The following list shows the supported values: **Connectivity/AllowVPNOverCellular** - + @@ -430,8 +430,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -439,13 +439,13 @@ The following list shows the supported values:
    - - + + Specifies what type of underlying connections VPN is allowed to use. Most restricted value is 0. - + The following list shows the supported values: @@ -460,7 +460,7 @@ The following list shows the supported values: **Connectivity/AllowVPNRoamingOverCellular** - + @@ -482,8 +482,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -491,13 +491,13 @@ The following list shows the supported values:
    - - + + Prevents the device from connecting to VPN when the device roams over cellular networks. Most restricted value is 0. - + The following list shows the supported values: @@ -512,7 +512,7 @@ The following list shows the supported values: **Connectivity/DiablePrintingOverHTTP** - + @@ -534,8 +534,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -543,10 +543,10 @@ The following list shows the supported values:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -554,14 +554,14 @@ The following list shows the supported values: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off printing over HTTP* - GP name: *DisableHTTPPrinting_2* - GP path: *Internet Communication settings* - GP ADMX file name: *ICM.admx* - +
    @@ -569,7 +569,7 @@ ADMX Info: **Connectivity/DisableDownloadingOfPrintDriversOverHTTP** - + @@ -591,8 +591,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -600,10 +600,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -611,14 +611,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off downloading of print drivers over HTTP* - GP name: *DisableWebPnPDownload_2* - GP path: *Internet Communication settings* - GP ADMX file name: *ICM.admx* - +
    @@ -626,7 +626,7 @@ ADMX Info: **Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards** - + @@ -648,8 +648,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -657,10 +657,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -668,14 +668,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off Internet download for Web publishing and online ordering wizards* - GP name: *ShellPreventWPWDownload_2* - GP path: *Internet Communication settings* - GP ADMX file name: *ICM.admx* - +
    @@ -683,7 +683,7 @@ ADMX Info: **Connectivity/DisallowNetworkConnectivityActiveTests** - + @@ -705,8 +705,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -714,13 +714,13 @@ ADMX Info:
    - - + + Added in Windows 10, version 1703. Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to http://www.msftconnecttest.com/connecttest.txt to determine if the device can communicate with the Internet. This policy disables the NCSI active probe, preventing network connectivity to www.msftconnecttest.com. Value type is integer. - +
    @@ -728,7 +728,7 @@ Value type is integer. **Connectivity/HardenedUNCPaths** - + @@ -750,8 +750,8 @@ Value type is integer.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -759,13 +759,13 @@ Value type is integer.
    - - + + This policy setting configures secure access to UNC paths. If you enable this policy, Windows only allows access to the specified UNC paths after fulfilling additional security requirements. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -773,14 +773,14 @@ If you enable this policy, Windows only allows access to the specified UNC paths > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Hardened UNC Paths* - GP name: *Pol_HardenedPaths* - GP path: *Network/Network Provider* - GP ADMX file name: *networkprovider.admx* - +
    @@ -788,7 +788,7 @@ ADMX Info: **Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge** - + @@ -810,8 +810,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -819,10 +819,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -830,14 +830,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prohibit installation and configuration of Network Bridge on your DNS domain network* - GP name: *NC_AllowNetBridge_NLA* - GP path: *Network/Network Connections* - GP ADMX file name: *NetworkConnections.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md index 50f47bd8ee..2adc69c9bb 100644 --- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md +++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md @@ -32,7 +32,7 @@ ms.date: 01/29/2018 **ControlPolicyConflict/MDMWinsOverGP** - + @@ -54,8 +54,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -63,8 +63,8 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, next major update. This policy allows the IT admin to control which policy will be used whenever both the MDM policy and its equivalent Group Policy are set on the device. This policy is used to ensure that MDM policy wins over GP when same setting is set by both GP and MDM channel. This policy doesn’t support Delete command. This policy doesn’t support setting the value to be 0 again after it was previously set 1. The default value is 0. In next major update, the MDM policies in Policy CSP will behave as described if this policy value is set 1. @@ -75,7 +75,7 @@ The policy should be set at every sync to ensure the device removes any settings - The current Policy Manager policies are refreshed from what MDM has set - Any values set by scripts/user outside of GP that conflict with MDM are removed - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md index f7c8f906c5..7b5579ff02 100644 --- a/windows/client-management/mdm/policy-csp-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-credentialproviders.md @@ -36,7 +36,7 @@ ms.date: 01/29/2018 **CredentialProviders/AllowPINLogon** - + @@ -58,8 +58,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -67,8 +67,8 @@ ms.date: 01/29/2018
    - - + + This policy setting allows you to control whether a domain user can sign in using a convenience PIN. If you enable this policy setting, a domain user can set up and sign in with a convenience PIN. @@ -79,7 +79,7 @@ Note: The user's domain password will be cached in the system vault when using t To configure Windows Hello for Business, use the Administrative Template policies under Windows Hello for Business. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -87,14 +87,14 @@ To configure Windows Hello for Business, use the Administrative Template policie > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on convenience PIN sign-in* - GP name: *AllowDomainPINLogon* - GP path: *System/Logon* - GP ADMX file name: *credentialproviders.admx* - +
    @@ -102,7 +102,7 @@ ADMX Info: **CredentialProviders/BlockPicturePassword** - + @@ -124,8 +124,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -133,8 +133,8 @@ ADMX Info:
    - - + + This policy setting allows you to control whether a domain user can sign in using a picture password. If you enable this policy setting, a domain user can't set up or sign in with a picture password. @@ -143,7 +143,7 @@ If you disable or don't configure this policy setting, a domain user can set up Note that the user's domain password will be cached in the system vault when using this feature. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -151,14 +151,14 @@ Note that the user's domain password will be cached in the system vault when usi > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off picture password sign-in* - GP name: *BlockDomainPicturePassword* - GP path: *System/Logon* - GP ADMX file name: *credentialproviders.admx* - +
    @@ -166,7 +166,7 @@ ADMX Info: **CredentialProviders/DisableAutomaticReDeploymentCredentials** - + @@ -188,8 +188,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -197,13 +197,13 @@ ADMX Info:
    - - + + Added in Windows 10, version 1709. Boolean policy to disable the visibility of the credential provider that triggers the PC refresh on a device. This policy does not actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device. The Windows 10 Automatic ReDeployment feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the automatic redeployment is triggered the devices are for ready for use by information workers or students. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md index f3cedd07cc..f8e1d19c97 100644 --- a/windows/client-management/mdm/policy-csp-credentialsui.md +++ b/windows/client-management/mdm/policy-csp-credentialsui.md @@ -33,7 +33,7 @@ ms.date: 01/29/2018 **CredentialsUI/DisablePasswordReveal** - + @@ -55,8 +55,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -65,8 +65,8 @@ ms.date: 01/29/2018
    - - + + This policy setting allows you to configure the display of the password reveal button in password entry user experiences. If you enable this policy setting, the password reveal button will not be displayed after a user types a password in the password entry text box. @@ -77,7 +77,7 @@ By default, the password reveal button is displayed after a user types a passwor The policy applies to all Windows components and applications that use the Windows system controls, including Internet Explorer. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -85,14 +85,14 @@ The policy applies to all Windows components and applications that use the Windo > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Do not display the password reveal button* - GP name: *DisablePasswordReveal* - GP path: *Windows Components/Credential User Interface* - GP ADMX file name: *credui.admx* - +
    @@ -100,7 +100,7 @@ ADMX Info: **CredentialsUI/EnumerateAdministrators** - + @@ -122,8 +122,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -131,15 +131,15 @@ ADMX Info:
    - - + + This policy setting controls whether administrator accounts are displayed when a user attempts to elevate a running application. By default, administrator accounts are not displayed when the user attempts to elevate a running application. If you enable this policy setting, all local administrator accounts on the PC will be displayed so the user can choose one and enter the correct password. If you disable this policy setting, users will always be required to type a user name and password to elevate. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -147,14 +147,14 @@ If you disable this policy setting, users will always be required to type a user > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Enumerate administrator accounts on elevation* - GP name: *EnumerateAdministrators* - GP path: *Windows Components/Credential User Interface* - GP ADMX file name: *credui.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md index 921ef9f0a0..4908b2af8e 100644 --- a/windows/client-management/mdm/policy-csp-cryptography.md +++ b/windows/client-management/mdm/policy-csp-cryptography.md @@ -33,7 +33,7 @@ ms.date: 01/29/2018 **Cryptography/AllowFipsAlgorithmPolicy** - + @@ -55,8 +55,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -64,8 +64,8 @@ ms.date: 01/29/2018
    - - + + Allows or disallows the Federal Information Processing Standard (FIPS) policy. The following list shows the supported values: @@ -73,7 +73,7 @@ The following list shows the supported values: - 0 (default) – Not allowed. - 1– Allowed. - +
    @@ -81,7 +81,7 @@ The following list shows the supported values: **Cryptography/TLSCipherSuites** - + @@ -103,8 +103,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -112,11 +112,11 @@ The following list shows the supported values:
    - - + + Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win. - +
    diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md index 9fc7abd61d..c1a23ddc73 100644 --- a/windows/client-management/mdm/policy-csp-dataprotection.md +++ b/windows/client-management/mdm/policy-csp-dataprotection.md @@ -33,7 +33,7 @@ ms.date: 01/29/2018 **DataProtection/AllowDirectMemoryAccess** - + @@ -55,8 +55,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -64,13 +64,13 @@ ms.date: 01/29/2018
    - - + + This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows. Once a user logs in, Windows will enumerate the PCI devices connected to the host plug PCI ports. Every time the user locks the machine, DMA will be blocked on hot plug PCI ports with no children devices until the user logs in again. Devices which were already enumerated when the machine was unlocked will continue to function until unplugged. This policy setting is only enforced when BitLocker or device encryption is enabled. Most restricted value is 0. - + The following list shows the supported values: @@ -85,7 +85,7 @@ The following list shows the supported values: **DataProtection/LegacySelectiveWipeID** - + @@ -107,8 +107,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -116,8 +116,8 @@ The following list shows the supported values:
    - - + + > [!IMPORTANT] > This policy may change in a future release. It may be used for testing purposes, but should not be used in a production environment at this time. @@ -127,7 +127,7 @@ Setting used by Windows 8.1 Selective Wipe. > [!NOTE] > This policy is not recommended for use in Windows 10. - +
    diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md index ca2c55abb5..da3f7e483a 100644 --- a/windows/client-management/mdm/policy-csp-datausage.md +++ b/windows/client-management/mdm/policy-csp-datausage.md @@ -33,7 +33,7 @@ ms.date: 01/29/2018 **DataUsage/SetCost3G** - + @@ -55,8 +55,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -64,8 +64,8 @@ ms.date: 01/29/2018
    - - + + This policy setting configures the cost of 3G connections on the local machine. If this policy setting is enabled, a drop-down list box presenting possible cost values will be active. Selecting one of the following values from the list will set the cost of all 3G connections on the local machine: @@ -78,7 +78,7 @@ If this policy setting is enabled, a drop-down list box presenting possible cost If this policy setting is disabled or is not configured, the cost of 3G connections is Fixed by default. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -86,14 +86,14 @@ If this policy setting is disabled or is not configured, the cost of 3G connecti > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Set 3G Cost* - GP name: *SetCost3G* - GP path: *Network/WWAN Service/WWAN Media Cost* - GP ADMX file name: *wwansvc.admx* - +
    @@ -101,7 +101,7 @@ ADMX Info: **DataUsage/SetCost4G** - + @@ -123,8 +123,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -132,8 +132,8 @@ ADMX Info:
    - - + + This policy setting configures the cost of 4G connections on the local machine. If this policy setting is enabled, a drop-down list box presenting possible cost values will be active. Selecting one of the following values from the list will set the cost of all 4G connections on the local machine: @@ -146,7 +146,7 @@ If this policy setting is enabled, a drop-down list box presenting possible cost If this policy setting is disabled or is not configured, the cost of 4G connections is Fixed by default. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -154,14 +154,14 @@ If this policy setting is disabled or is not configured, the cost of 4G connecti > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Set 4G Cost* - GP name: *SetCost4G* - GP path: *Network/WWAN Service/WWAN Media Cost* - GP ADMX file name: *wwansvc.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index fc2c7798e6..f8ca333a92 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -132,7 +132,7 @@ ms.date: 01/29/2018 **Defender/AllowArchiveScanning** - + @@ -154,8 +154,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -163,8 +163,8 @@ ms.date: 01/29/2018
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -176,7 +176,7 @@ The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
    @@ -184,7 +184,7 @@ The following list shows the supported values: **Defender/AllowBehaviorMonitoring** - + @@ -206,8 +206,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -215,8 +215,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -228,7 +228,7 @@ The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
    @@ -236,7 +236,7 @@ The following list shows the supported values: **Defender/AllowCloudProtection** - + @@ -258,8 +258,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -267,8 +267,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -280,7 +280,7 @@ The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
    @@ -288,7 +288,7 @@ The following list shows the supported values: **Defender/AllowEmailScanning** - + @@ -310,8 +310,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -319,8 +319,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -332,7 +332,7 @@ The following list shows the supported values: - 0 (default) – Not allowed. - 1 – Allowed. - +
    @@ -340,7 +340,7 @@ The following list shows the supported values: **Defender/AllowFullScanOnMappedNetworkDrives** - + @@ -362,8 +362,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -371,8 +371,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -384,7 +384,7 @@ The following list shows the supported values: - 0 (default) – Not allowed. - 1 – Allowed. - +
    @@ -392,7 +392,7 @@ The following list shows the supported values: **Defender/AllowFullScanRemovableDriveScanning** - + @@ -414,8 +414,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -423,8 +423,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -436,7 +436,7 @@ The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
    @@ -444,7 +444,7 @@ The following list shows the supported values: **Defender/AllowIOAVProtection** - + @@ -466,8 +466,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -475,8 +475,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -488,7 +488,7 @@ The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
    @@ -496,7 +496,7 @@ The following list shows the supported values: **Defender/AllowIntrusionPreventionSystem** - + @@ -518,8 +518,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -527,8 +527,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -540,7 +540,7 @@ The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
    @@ -548,7 +548,7 @@ The following list shows the supported values: **Defender/AllowOnAccessProtection** - + @@ -570,8 +570,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -579,8 +579,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -592,7 +592,7 @@ The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
    @@ -600,7 +600,7 @@ The following list shows the supported values: **Defender/AllowRealtimeMonitoring** - + @@ -622,8 +622,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -631,8 +631,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -644,7 +644,7 @@ The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
    @@ -652,7 +652,7 @@ The following list shows the supported values: **Defender/AllowScanningNetworkFiles** - + @@ -674,8 +674,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -683,8 +683,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -696,7 +696,7 @@ The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
    @@ -704,7 +704,7 @@ The following list shows the supported values: **Defender/AllowScriptScanning** - + @@ -726,8 +726,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -735,8 +735,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -748,7 +748,7 @@ The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
    @@ -756,7 +756,7 @@ The following list shows the supported values: **Defender/AllowUserUIAccess** - + @@ -778,8 +778,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -787,8 +787,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -800,7 +800,7 @@ The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
    @@ -808,7 +808,7 @@ The following list shows the supported values: **Defender/AttackSurfaceReductionOnlyExclusions** - + @@ -830,8 +830,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -839,8 +839,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -849,7 +849,7 @@ Added in Windows 10, version 1709. This policy setting allows you to prevent Att Value type is string. - +
    @@ -857,7 +857,7 @@ Value type is string. **Defender/AttackSurfaceReductionRules** - + @@ -879,8 +879,8 @@ Value type is string.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -888,8 +888,8 @@ Value type is string.
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -900,7 +900,7 @@ For more information about ASR rule ID and status ID, see [Enable Attack Surface Value type is string. - +
    @@ -908,7 +908,7 @@ Value type is string. **Defender/AvgCPULoadFactor** - + @@ -930,8 +930,8 @@ Value type is string.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -939,8 +939,8 @@ Value type is string.
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -951,7 +951,7 @@ Valid values: 0–100 The default value is 50. - +
    @@ -959,7 +959,7 @@ The default value is 50. **Defender/CloudBlockLevel** - + @@ -981,8 +981,8 @@ The default value is 50.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -990,8 +990,8 @@ The default value is 50.
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1005,7 +1005,7 @@ For more information about specific values that are supported, see the Windows D > [!Note] > This feature requires the "Join Microsoft MAPS" setting enabled in order to function. - + The following list shows the supported values: @@ -1022,7 +1022,7 @@ The following list shows the supported values: **Defender/CloudExtendedTimeout** - + @@ -1044,8 +1044,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1053,8 +1053,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1067,7 +1067,7 @@ For example, if the desired timeout is 60 seconds, specify 50 seconds in this se > [!Note] > This feature depends on three other MAPS settings the must all be enabled- "Configure the 'Block at First Sight' feature; "Join Microsoft MAPS"; "Send file samples when further analysis is required". - +
    @@ -1075,7 +1075,7 @@ For example, if the desired timeout is 60 seconds, specify 50 seconds in this se **Defender/ControlledFolderAccessAllowedApplications** - + @@ -1097,8 +1097,8 @@ For example, if the desired timeout is 60 seconds, specify 50 seconds in this se
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1106,14 +1106,14 @@ For example, if the desired timeout is 60 seconds, specify 50 seconds in this se
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersAllowedApplications and changed to ControlledFolderAccessAllowedApplications. Added in Windows 10, version 1709. This policy setting allows user-specified applications to the guard my folders feature. Adding an allowed application means the guard my folders feature will allow the application to modify or delete content in certain folders such as My Documents. In most cases it will not be necessary to add entries. Windows Defender Antivirus will automatically detect and dynamically add applications that are friendly. Value type is string. Use the | as the substring separator. - +
    @@ -1121,7 +1121,7 @@ Added in Windows 10, version 1709. This policy setting allows user-specified app **Defender/ControlledFolderAccessProtectedFolders** - + @@ -1143,8 +1143,8 @@ Added in Windows 10, version 1709. This policy setting allows user-specified app
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1152,14 +1152,14 @@ Added in Windows 10, version 1709. This policy setting allows user-specified app
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersList and changed to ControlledFolderAccessProtectedFolders. Added in Windows 10, version 1709. This policy settings allows adding user-specified folder locations to the guard my folders feature. These folders will complement the system defined folders such as My Documents and My Pictures. The list of system folders will be displayed in the user interface and can not be changed. Value type is string. Use the | as the substring separator. - +
    @@ -1167,7 +1167,7 @@ Added in Windows 10, version 1709. This policy settings allows adding user-speci **Defender/DaysToRetainCleanedMalware** - + @@ -1189,8 +1189,8 @@ Added in Windows 10, version 1709. This policy settings allows adding user-speci
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1198,8 +1198,8 @@ Added in Windows 10, version 1709. This policy settings allows adding user-speci
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1210,7 +1210,7 @@ Valid values: 0–90 The default value is 0, which keeps items in quarantine, and does not automatically remove them. - +
    @@ -1218,7 +1218,7 @@ The default value is 0, which keeps items in quarantine, and does not automatica **Defender/EnableControlledFolderAccess** - + @@ -1240,8 +1240,8 @@ The default value is 0, which keeps items in quarantine, and does not automatica
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1249,14 +1249,14 @@ The default value is 0, which keeps items in quarantine, and does not automatica
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. The previous name was EnableGuardMyFolders and changed to EnableControlledFolderAccess. Added in Windows 10, version 1709. This policy enables setting the state (On/Off/Audit) for the guard my folders feature. The guard my folders feature removes modify and delete permissions from untrusted applications to certain folders such as My Documents. Value type is integer and the range is 0 - 2. - + The following list shows the supported values: @@ -1272,7 +1272,7 @@ The following list shows the supported values: **Defender/EnableNetworkProtection** - + @@ -1294,8 +1294,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1303,8 +1303,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1316,7 +1316,7 @@ If you enable this policy with the ""Audit"" option, users/apps will not be bloc If you disable this policy, users/apps will not be blocked from connecting to dangerous domains. You will not see any network activity in Windows Defender Security Center. If you do not configure this policy, network blocking will be disabled by default. - + The following list shows the supported values: @@ -1332,7 +1332,7 @@ The following list shows the supported values: **Defender/ExcludedExtensions** - + @@ -1354,8 +1354,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1363,15 +1363,15 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop.   Allows an administrator to specify a list of file type extensions to ignore during a scan. Each file type in the list must be separated by a **|**. For example, "lib|obj". - +
    @@ -1379,7 +1379,7 @@ Allows an administrator to specify a list of file type extensions to ignore duri **Defender/ExcludedPaths** - + @@ -1401,8 +1401,8 @@ Allows an administrator to specify a list of file type extensions to ignore duri
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1410,15 +1410,15 @@ Allows an administrator to specify a list of file type extensions to ignore duri
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. Allows an administrator to specify a list of directory paths to ignore during a scan. Each path in the list must be separated by a **|**. For example, "C:\\Example|C:\\Example1". - +
    @@ -1426,7 +1426,7 @@ Allows an administrator to specify a list of directory paths to ignore during a **Defender/ExcludedProcesses** - + @@ -1448,8 +1448,8 @@ Allows an administrator to specify a list of directory paths to ignore during a
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1457,8 +1457,8 @@ Allows an administrator to specify a list of directory paths to ignore during a
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1471,7 +1471,7 @@ Allows an administrator to specify a list of files opened by processes to ignore   Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\Example1.exe". - +
    @@ -1479,7 +1479,7 @@ Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\E **Defender/PUAProtection** - + @@ -1501,8 +1501,8 @@ Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\E
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1510,8 +1510,8 @@ Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\E
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1524,7 +1524,7 @@ The following list shows the supported values: - 1 – PUA Protection on. Detected items are blocked. They will show in history along with other threats. - 2 – Audit mode. Windows Defender will detect potentially unwanted applications, but take no action. You can review information about the applications Windows Defender would have taken action against by searching for events created by Windows Defender in the Event Viewer. - +
    @@ -1532,7 +1532,7 @@ The following list shows the supported values: **Defender/RealTimeScanDirection** - + @@ -1554,8 +1554,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1563,8 +1563,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1581,7 +1581,7 @@ The following list shows the supported values: - 1 – Monitor incoming files. - 2 – Monitor outgoing files. - +
    @@ -1589,7 +1589,7 @@ The following list shows the supported values: **Defender/ScanParameter** - + @@ -1611,8 +1611,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1620,8 +1620,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1633,7 +1633,7 @@ The following list shows the supported values: - 1 (default) – Quick scan - 2 – Full scan - +
    @@ -1641,7 +1641,7 @@ The following list shows the supported values: **Defender/ScheduleQuickScanTime** - + @@ -1663,8 +1663,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1672,8 +1672,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1690,7 +1690,7 @@ For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, an The default value is 120 - +
    @@ -1698,7 +1698,7 @@ The default value is 120 **Defender/ScheduleScanDay** - + @@ -1720,8 +1720,8 @@ The default value is 120
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1729,8 +1729,8 @@ The default value is 120
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1753,7 +1753,7 @@ The following list shows the supported values: - 7 – Sunday - 8 – No scheduled scan - +
    @@ -1761,7 +1761,7 @@ The following list shows the supported values: **Defender/ScheduleScanTime** - + @@ -1783,8 +1783,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1792,8 +1792,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1810,7 +1810,7 @@ For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, an The default value is 120. - +
    @@ -1818,7 +1818,7 @@ The default value is 120. **Defender/SignatureUpdateInterval** - + @@ -1840,8 +1840,8 @@ The default value is 120.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1849,8 +1849,8 @@ The default value is 120.
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1863,7 +1863,7 @@ A value of 0 means no check for new signatures, a value of 1 means to check ever The default value is 8. - +
    @@ -1871,7 +1871,7 @@ The default value is 8. **Defender/SubmitSamplesConsent** - + @@ -1893,8 +1893,8 @@ The default value is 8.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1902,8 +1902,8 @@ The default value is 8.
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop. @@ -1917,7 +1917,7 @@ The following list shows the supported values: - 2 – Never send. - 3 – Send all samples automatically. - +
    @@ -1925,7 +1925,7 @@ The following list shows the supported values: **Defender/ThreatSeverityDefaultAction** - + @@ -1947,8 +1947,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1956,8 +1956,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop.   @@ -1982,7 +1982,7 @@ The following list shows the supported values for possible actions: - 8 – User defined - 10 – Block - +
    diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index 2489a17f31..44763626f4 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -101,7 +101,7 @@ ms.date: 01/29/2018 **DeliveryOptimization/DOAbsoluteMaxCacheSize** - + @@ -123,8 +123,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -132,8 +132,8 @@ ms.date: 01/29/2018
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -142,7 +142,7 @@ Added in Windows 10, version 1607. Specifies the maximum size in GB of Delivery The default value is 10. - +
    @@ -150,7 +150,7 @@ The default value is 10. **DeliveryOptimization/DOAllowVPNPeerCaching** - + @@ -172,8 +172,8 @@ The default value is 10.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -181,15 +181,15 @@ The default value is 10.
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. Added in Windows 10, version 1703. Specifies whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. This means the device can download from or upload to other domain network devices, either on VPN or on the corporate domain network. - + The following list shows the supported values: @@ -204,7 +204,7 @@ The following list shows the supported values: **DeliveryOptimization/DODelayBackgroundDownloadFromHttp** - + @@ -226,8 +226,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -235,13 +235,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, next major update. This policy allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer. After the max delay is reached, the download will resume using HTTP, either downloading the entire payload or complementing the bytes that could not be downloaded from peers. Note that a download that is waiting for peer sources, will appear to be stuck for the end user. The recommended value is 1 hour (3600). - +
    @@ -249,7 +249,7 @@ After the max delay is reached, the download will resume using HTTP, either down **DeliveryOptimization/DODelayForegroundDownloadFromHttp** - + @@ -271,8 +271,8 @@ After the max delay is reached, the download will resume using HTTP, either down
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -280,8 +280,8 @@ After the max delay is reached, the download will resume using HTTP, either down
    - - + + Added in Windows 10, next major update. This policy allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use peer-to-peer. After the max delay has reached, the download will resume using HTTP, either downloading the entire payload or complementing the bytes that could not be downloaded from Peers. @@ -290,7 +290,7 @@ Note that a download that is waiting for peer sources, will appear to be stuck f The recommended value is 1 minute (60). - + The following list shows the supported values as number of seconds: @@ -306,7 +306,7 @@ The following list shows the supported values as number of seconds: **DeliveryOptimization/DODownloadMode** - + @@ -328,8 +328,8 @@ The following list shows the supported values as number of seconds:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -337,15 +337,15 @@ The following list shows the supported values as number of seconds:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. Specifies the download method that Delivery Optimization can use in downloads of Windows Updates, Apps and App updates. - + The following list shows the supported values: @@ -364,7 +364,7 @@ The following list shows the supported values: **DeliveryOptimization/DOGroupId** - + @@ -386,8 +386,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -395,8 +395,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -406,7 +406,7 @@ This Policy specifies an arbitrary group ID that the device belongs to. Use this > [!NOTE] > You must use a GUID as the group ID. - +
    @@ -414,7 +414,7 @@ This Policy specifies an arbitrary group ID that the device belongs to. Use this **DeliveryOptimization/DOGroupIdSource** - + @@ -436,8 +436,8 @@ This Policy specifies an arbitrary group ID that the device belongs to. Use this
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -445,8 +445,8 @@ This Policy specifies an arbitrary group ID that the device belongs to. Use this
    - - + + Added in Windows 10, next major update. Set this policy to restrict peer selection to a specific source. Options available are: 1 = AD Site, 2 = Authenticated domain SID, 3 = DHCP Option ID, 4 = DNS Suffix When set, the Group ID will be assigned automatically from the selected source. @@ -457,7 +457,7 @@ The options set in this policy only apply to Group (2) download mode. If Group ( For option 4 - DHCP Option ID, the client will query DHCP Option ID 234 and use the returned GUID value as the Group ID. - + The following list shows the supported values: @@ -474,7 +474,7 @@ The following list shows the supported values: **DeliveryOptimization/DOMaxCacheAge** - + @@ -496,8 +496,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -505,8 +505,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -515,7 +515,7 @@ Specifies the maximum time in seconds that each file is held in the Delivery Opt The default value is 259200 seconds (3 days). - +
    @@ -523,7 +523,7 @@ The default value is 259200 seconds (3 days). **DeliveryOptimization/DOMaxCacheSize** - + @@ -545,8 +545,8 @@ The default value is 259200 seconds (3 days).
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -554,8 +554,8 @@ The default value is 259200 seconds (3 days).
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -564,7 +564,7 @@ Specifies the maximum cache size that Delivery Optimization can utilize, as a pe The default value is 20. - +
    @@ -572,7 +572,7 @@ The default value is 20. **DeliveryOptimization/DOMaxDownloadBandwidth** - + @@ -594,8 +594,8 @@ The default value is 20.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -603,8 +603,8 @@ The default value is 20.
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.   @@ -613,7 +613,7 @@ Added in Windows 10, version 1607. Specifies the maximum download bandwidth in The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads. - +
    @@ -621,7 +621,7 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts **DeliveryOptimization/DOMaxUploadBandwidth** - + @@ -643,8 +643,8 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -652,8 +652,8 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -662,7 +662,7 @@ Specifies the maximum upload bandwidth in KiloBytes/second that a device will us The default value is 0, which permits unlimited possible bandwidth (optimized for minimal usage of upload bandwidth). - +
    @@ -670,7 +670,7 @@ The default value is 0, which permits unlimited possible bandwidth (optimized fo **DeliveryOptimization/DOMinBackgroundQos** - + @@ -692,8 +692,8 @@ The default value is 0, which permits unlimited possible bandwidth (optimized fo
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -701,8 +701,8 @@ The default value is 0, which permits unlimited possible bandwidth (optimized fo
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -711,7 +711,7 @@ Added in Windows 10, version 1607. Specifies the minimum download QoS (Quality The default value is 500. - +
    @@ -719,7 +719,7 @@ The default value is 500. **DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload** - + @@ -741,8 +741,8 @@ The default value is 500.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -750,8 +750,8 @@ The default value is 500.
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -759,7 +759,7 @@ Added in Windows 10, version 1703. Specifies any value between 1 and 100 (in pe The default value is 0. The value 0 (zero) means "not limited" and the cloud service default value will be used. - +
    @@ -767,7 +767,7 @@ The default value is 0. The value 0 (zero) means "not limited" and the cloud ser **DeliveryOptimization/DOMinDiskSizeAllowedToPeer** - + @@ -789,8 +789,8 @@ The default value is 0. The value 0 (zero) means "not limited" and the cloud ser
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -798,8 +798,8 @@ The default value is 0. The value 0 (zero) means "not limited" and the cloud ser
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -811,7 +811,7 @@ Added in Windows 10, version 1703. Specifies the required minimum disk size (cap The default value is 32 GB. - +
    @@ -819,7 +819,7 @@ The default value is 32 GB. **DeliveryOptimization/DOMinFileSizeToCache** - + @@ -841,8 +841,8 @@ The default value is 32 GB.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -850,8 +850,8 @@ The default value is 32 GB.
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -860,7 +860,7 @@ Added in Windows 10, version 1703. Specifies the minimum content file size in MB The default value is 100 MB. - +
    @@ -868,7 +868,7 @@ The default value is 100 MB. **DeliveryOptimization/DOMinRAMAllowedToPeer** - + @@ -890,8 +890,8 @@ The default value is 100 MB.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -899,8 +899,8 @@ The default value is 100 MB.
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -909,7 +909,7 @@ Added in Windows 10, version 1703. Specifies the minimum RAM size in GB required The default value is 4 GB. - +
    @@ -917,7 +917,7 @@ The default value is 4 GB. **DeliveryOptimization/DOModifyCacheDrive** - + @@ -939,8 +939,8 @@ The default value is 4 GB.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -948,8 +948,8 @@ The default value is 4 GB.
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -958,7 +958,7 @@ Added in Windows 10, version 1607. Specifies the drive that Delivery Optimizati By default, %SystemDrive% is used to store the cache. - +
    @@ -966,7 +966,7 @@ By default, %SystemDrive% is used to store the cache. **DeliveryOptimization/DOMonthlyUploadDataCap** - + @@ -988,8 +988,8 @@ By default, %SystemDrive% is used to store the cache.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -997,8 +997,8 @@ By default, %SystemDrive% is used to store the cache.
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile. @@ -1009,7 +1009,7 @@ The value 0 (zero) means "unlimited"; No monthly upload limit is applied if 0 is The default value is 20. - +
    @@ -1017,7 +1017,7 @@ The default value is 20. **DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth** - + @@ -1039,8 +1039,8 @@ The default value is 20.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1048,13 +1048,13 @@ The default value is 20.
    - - + + Added in Windows 10, next major update. Specifies the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for background downloads. Note that downloads from LAN peers will not be throttled even when this policy is set. - +
    @@ -1062,10 +1062,10 @@ Note that downloads from LAN peers will not be throttled even when this policy i **DeliveryOptimization/DOPercentageMaxDownloadBandwidth** - + This policy is deprecated. Use [DOPercentageMaxForeDownloadBandwidth](#deliveryoptimization-dopercentagemaxforedownloadbandwidth) and [DOPercentageMaxBackDownloadBandwidth](#deliveryoptimization-dopercentagemaxbackdownloadbandwidth) policies instead. - +
    @@ -1073,7 +1073,7 @@ This policy is deprecated. Use [DOPercentageMaxForeDownloadBandwidth](#deliveryo **DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth** - + @@ -1095,8 +1095,8 @@ This policy is deprecated. Use [DOPercentageMaxForeDownloadBandwidth](#deliveryo
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1104,13 +1104,13 @@ This policy is deprecated. Use [DOPercentageMaxForeDownloadBandwidth](#deliveryo
    - - + + Added in Windows 10, next major update. Specifies the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for foreground downloads. Note that downloads from LAN peers will not be throttled even when this policy is set. - +
    @@ -1118,7 +1118,7 @@ Note that downloads from LAN peers will not be throttled even when this policy i **DeliveryOptimization/DORestrictPeerSelectionBy** - + @@ -1140,8 +1140,8 @@ Note that downloads from LAN peers will not be throttled even when this policy i
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1149,14 +1149,14 @@ Note that downloads from LAN peers will not be throttled even when this policy i
    - - + + Added in Windows 10, next major update. Set this policy to restrict peer selection via selected option. Options available are: 1=Subnet mask (more options will be added in a future release). Option 1 (Subnet mask) applies to both Download Mode LAN (1) and Group (2). - + The following list shows the supported values: @@ -1170,7 +1170,7 @@ The following list shows the supported values: **DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth** - + @@ -1192,8 +1192,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1201,13 +1201,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, next major update. Specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. Note that downloads from LAN peers will not be throttled even when this policy is set. - + This policy allows an IT Admin to define the following: @@ -1223,7 +1223,7 @@ This policy allows an IT Admin to define the following: **DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth** - + @@ -1245,8 +1245,8 @@ This policy allows an IT Admin to define the following:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1254,13 +1254,13 @@ This policy allows an IT Admin to define the following:
    - - + + Added in Windows 10, next major update. Specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. Note that downloads from LAN peers will not be throttled even when this policy is set. - + This policy allows an IT Admin to define the following: diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md index bf93aa8e5e..fbbf63681d 100644 --- a/windows/client-management/mdm/policy-csp-desktop.md +++ b/windows/client-management/mdm/policy-csp-desktop.md @@ -30,7 +30,7 @@ ms.date: 01/29/2018 **Desktop/PreventUserRedirectionOfProfileFolders** - + @@ -52,8 +52,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -61,15 +61,15 @@ ms.date: 01/29/2018
    - - + + Prevents users from changing the path to their profile folders. By default, a user can change the location of their individual profile folders like Documents, Music etc. by typing a new path in the Locations tab of the folder's Properties dialog box. If you enable this setting, users are unable to type a new location in the Target box. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -77,14 +77,14 @@ If you enable this setting, users are unable to type a new location in the Targe > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prohibit User from manually redirecting Profile Folders* - GP name: *DisablePersonalDirChange* - GP path: *Desktop* - GP ADMX file name: *desktop.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md index 7a77348d53..decc360200 100644 --- a/windows/client-management/mdm/policy-csp-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-deviceguard.md @@ -36,7 +36,7 @@ ms.date: 01/29/2018 **DeviceGuard/EnableVirtualizationBasedSecurity** - + @@ -58,8 +58,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -67,11 +67,11 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1709. Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. Value type is integer. - + The following list shows the supported values: @@ -86,7 +86,7 @@ The following list shows the supported values: **DeviceGuard/LsaCfgFlags** - + @@ -108,8 +108,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -117,11 +117,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. This setting lets users turn on Credential Guard with virtualization-based security to help protect credentials at next reboot. Value type is integer. - + The following list shows the supported values: @@ -137,7 +137,7 @@ The following list shows the supported values: **DeviceGuard/RequirePlatformSecurityFeatures** - + @@ -159,8 +159,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -168,11 +168,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. Specifies the platform security level at the next reboot. Value type is integer. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md index efc8a18433..212324e984 100644 --- a/windows/client-management/mdm/policy-csp-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md @@ -33,7 +33,7 @@ ms.date: 01/29/2018 **DeviceInstallation/PreventInstallationOfMatchingDeviceIDs** - + @@ -55,8 +55,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -64,15 +64,15 @@ ms.date: 01/29/2018
    - - + + This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device. If you enable this policy setting, Windows is prevented from installing a device whose hardware ID or compatible ID appears in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server. If you disable or do not configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -80,14 +80,14 @@ If you disable or do not configure this policy setting, devices can be installed > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prevent installation of devices that match any of these device IDs* - GP name: *DeviceInstall_IDs_Deny* - GP path: *System/Device Installation/Device Installation Restrictions* - GP ADMX file name: *deviceinstallation.admx* - +
    @@ -95,7 +95,7 @@ ADMX Info: **DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses** - + @@ -117,8 +117,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -126,15 +126,15 @@ ADMX Info:
    - - + + This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for device drivers that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device. If you enable this policy setting, Windows is prevented from installing or updating device drivers whose device setup class GUIDs appear in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server. If you disable or do not configure this policy setting, Windows can install and update devices as allowed or prevented by other policy settings. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -142,14 +142,14 @@ If you disable or do not configure this policy setting, Windows can install and > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prevent installation of devices using drivers that match these device setup classes* - GP name: *DeviceInstall_Classes_Deny* - GP path: *System/Device Installation/Device Installation Restrictions* - GP ADMX file name: *deviceinstallation.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index 963e8714e8..8b22ded5b4 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -80,7 +80,7 @@ ms.date: 01/29/2018 **DeviceLock/AllowIdleReturnWithoutPassword** - + @@ -102,8 +102,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -111,8 +111,8 @@ ms.date: 01/29/2018
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -122,7 +122,7 @@ Specifies whether the user must input a PIN or password when the device resumes > [!NOTE] > This policy must be wrapped in an Atomic command. - + The following list shows the supported values: @@ -137,7 +137,7 @@ The following list shows the supported values: **DeviceLock/AllowScreenTimeoutWhileLockedUserConfig** - + @@ -159,8 +159,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -168,8 +168,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -188,7 +188,7 @@ The following list shows the supported values: > [!IMPORTANT] > If this policy is set to 1 (Allowed), the value set by **DeviceLock/ScreenTimeOutWhileLocked** is ignored. To ensure enterprise control over the screen timeout, set this policy to 0 (Not allowed) and use **DeviceLock/ScreenTimeOutWhileLocked** to set the screen timeout period. - +
    @@ -196,7 +196,7 @@ The following list shows the supported values: **DeviceLock/AllowSimpleDevicePassword** - + @@ -218,8 +218,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -227,8 +227,8 @@ The following list shows the supported values:
    - - + + Specifies whether PINs or passwords such as "1111" or "1234" are allowed. For the desktop, it also controls the use of picture passwords. > [!NOTE] @@ -242,7 +242,7 @@ The following list shows the supported values: For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). - +
    @@ -250,7 +250,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En **DeviceLock/AlphanumericDevicePasswordRequired** - + @@ -272,8 +272,8 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -281,8 +281,8 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
    - - + + Determines the type of PIN or password required. This policy only applies if the **DeviceLock/DevicePasswordEnabled** policy is set to 0 (required). > [!NOTE] @@ -302,7 +302,7 @@ The following list shows the supported values: > > If **AlphanumericDevicePasswordRequired** is set to 0, then MinDevicePasswordLength = 4 and MinDevicePasswordComplexCharacters = 2. - +
    @@ -310,7 +310,7 @@ The following list shows the supported values: **DeviceLock/DevicePasswordEnabled** - + @@ -332,8 +332,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -341,8 +341,8 @@ The following list shows the supported values:
    - - + + Specifies whether device lock is enabled. > [!NOTE] @@ -390,7 +390,7 @@ The following list shows the supported values: > - MaxDevicePasswordFailedAttempts > - MaxInactivityTimeDeviceLock - +
    @@ -398,7 +398,7 @@ The following list shows the supported values: **DeviceLock/DevicePasswordExpiration** - + @@ -420,8 +420,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -429,8 +429,8 @@ The following list shows the supported values:
    - - + + Specifies when the password expires (in days). > [!NOTE] @@ -446,7 +446,7 @@ If all policy values = 0 then 0; otherwise, Min policy value is the most secure For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). - +
    @@ -454,7 +454,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En **DeviceLock/DevicePasswordHistory** - + @@ -476,8 +476,8 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -485,8 +485,8 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
    - - + + Specifies how many passwords can be stored in the history that can’t be used. > [!NOTE] @@ -504,7 +504,7 @@ Max policy value is the most restricted. For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). - +
    @@ -512,7 +512,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En **DeviceLock/EnforceLockScreenAndLogonImage** - + @@ -534,8 +534,8 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -543,8 +543,8 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
    - - + + Added in Windows 10, version 1607. Specifies the default lock screen and logon image shown when no user is signed in. It also sets the specified image for all users, which replaces the default image. The same image is used for both the lock and logon screens. Users will not be able to change this image. > [!NOTE] @@ -553,7 +553,7 @@ Added in Windows 10, version 1607. Specifies the default lock screen and logon Value type is a string, which is the full image filepath and filename. - +
    @@ -561,7 +561,7 @@ Value type is a string, which is the full image filepath and filename. **DeviceLock/EnforceLockScreenProvider** - + @@ -583,8 +583,8 @@ Value type is a string, which is the full image filepath and filename.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -592,8 +592,8 @@ Value type is a string, which is the full image filepath and filename.
    - - + + Added in Windows 10, version 1607. Restricts lock screen image to a specific lock screen provider. Users will not be able change this provider. > [!NOTE] @@ -602,7 +602,7 @@ Added in Windows 10, version 1607. Restricts lock screen image to a specific lo Value type is a string, which is the AppID. - +
    @@ -610,7 +610,7 @@ Value type is a string, which is the AppID. **DeviceLock/MaxDevicePasswordFailedAttempts** - + @@ -632,8 +632,8 @@ Value type is a string, which is the AppID.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -641,8 +641,8 @@ Value type is a string, which is the AppID.
    - - + + The number of authentication failures allowed before the device will be wiped. A value of 0 disables device wipe functionality. > [!NOTE] @@ -665,7 +665,7 @@ Most secure value is 0 if all policy values = 0; otherwise, Min policy value is For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). - +
    @@ -673,7 +673,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En **DeviceLock/MaxInactivityTimeDeviceLock** - + @@ -695,8 +695,8 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -704,8 +704,8 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
    - - + + Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. Users can select any existing timeout value less than the specified maximum time in the Settings app. Note the Lumia 950 and 950XL have a maximum timeout value of 5 minutes, regardless of the value set by this policy. > [!NOTE] @@ -719,7 +719,7 @@ The following list shows the supported values: For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx). - +
    @@ -727,7 +727,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En **DeviceLock/MaxInactivityTimeDeviceLockWithExternalDisplay** - + @@ -749,8 +749,8 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -758,8 +758,8 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
    - - + + Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked while connected to an external display. > [!NOTE] @@ -771,7 +771,7 @@ The following list shows the supported values: - An integer X where 0 <= X <= 999. - 0 (default) - No timeout is defined. The default of "0" is Windows Phone 7.5 parity and is interpreted by as "No timeout is defined." - +
    @@ -779,7 +779,7 @@ The following list shows the supported values: **DeviceLock/MinDevicePasswordComplexCharacters** - + @@ -801,8 +801,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -810,8 +810,8 @@ The following list shows the supported values:
    - - + + The number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password. > [!NOTE] @@ -885,7 +885,7 @@ The enforcement of policies for Microsoft accounts happen on the server, and the For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx) and [KB article](https://support.office.com/article/This-device-doesn-t-meet-the-security-requirements-set-by-your-email-administrator-87132fc7-2c7f-4a71-9de0-779ff81c86ca). - +
    @@ -893,7 +893,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En **DeviceLock/MinDevicePasswordLength** - + @@ -915,8 +915,8 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -924,8 +924,8 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
    - - + + Specifies the minimum number or characters required in the PIN or password. > [!NOTE] @@ -944,7 +944,7 @@ Max policy value is the most restricted. For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx) and [KB article](https://support.office.com/article/This-device-doesn-t-meet-the-security-requirements-set-by-your-email-administrator-87132fc7-2c7f-4a71-9de0-779ff81c86ca). - +
    @@ -952,7 +952,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En **DeviceLock/MinimumPasswordAge** - + @@ -974,8 +974,8 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -983,15 +983,15 @@ For additional information about this policy, see [Exchange ActiveSync Policy En
    - - + + This security setting determines the period of time (in days) that a password must be used before the user can change it. You can set a value between 1 and 998 days, or you can allow changes immediately by setting the number of days to 0. The minimum password age must be less than the Maximum password age, unless the maximum password age is set to 0, indicating that passwords will never expire. If the maximum password age is set to 0, the minimum password age can be set to any value between 0 and 998. Configure the minimum password age to be more than 0 if you want Enforce password history to be effective. Without a minimum password age, users can cycle through passwords repeatedly until they get to an old favorite. The default setting does not follow this recommendation, so that an administrator can specify a password for a user and then require the user to change the administrator-defined password when the user logs on. If the password history is set to 0, the user does not have to choose a new password. For this reason, Enforce password history is set to 1 by default. - +
    @@ -999,7 +999,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor **DeviceLock/PreventLockScreenSlideShow** - + @@ -1021,8 +1021,8 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1030,15 +1030,15 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
    - - + + Disables the lock screen slide show settings in PC Settings and prevents a slide show from playing on the lock screen. By default, users can enable a slide show that will run after they lock the machine. If you enable this setting, users will no longer be able to modify slide show settings in PC Settings, and no slide show will ever start. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1046,14 +1046,14 @@ If you enable this setting, users will no longer be able to modify slide show se > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prevent enabling lock screen slide show* - GP name: *CPL_Personalization_NoLockScreenSlideshow* - GP path: *Control Panel/Personalization* - GP ADMX file name: *ControlPanelDisplay.admx* - +
    @@ -1061,7 +1061,7 @@ ADMX Info: **DeviceLock/ScreenTimeoutWhileLocked** - + @@ -1083,8 +1083,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1092,8 +1092,8 @@ ADMX Info:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.   @@ -1107,7 +1107,7 @@ The default value is 10. Most restricted value is 0. - +
    diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md index 278ae2808f..3921cace6c 100644 --- a/windows/client-management/mdm/policy-csp-display.md +++ b/windows/client-management/mdm/policy-csp-display.md @@ -33,7 +33,7 @@ ms.date: 01/29/2018 **Display/TurnOffGdiDPIScalingForApps** - + @@ -55,8 +55,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -64,8 +64,8 @@ ms.date: 01/29/2018
    - - + + GDI DPI Scaling enables applications that are not DPI aware to become per monitor DPI aware. This policy setting lets you specify legacy applications that have GDI DPI Scaling turned off. @@ -81,7 +81,7 @@ To validate on Desktop, do the following: 1. Configure the setting for an app which has GDI DPI scaling enabled via MDM or any other supported mechanisms. 2. Run the app and observe blurry text. - +
    @@ -89,7 +89,7 @@ To validate on Desktop, do the following: **Display/TurnOnGdiDPIScalingForApps** - + @@ -111,8 +111,8 @@ To validate on Desktop, do the following:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -120,8 +120,8 @@ To validate on Desktop, do the following:
    - - + + GDI DPI Scaling enables applications that are not DPI aware to become per monitor DPI aware. This policy setting lets you specify legacy applications that have GDI DPI Scaling turned on. @@ -137,7 +137,7 @@ To validate on Desktop, do the following: 1. Configure the setting for an app which uses GDI. 2. Run the app and observe crisp text. - +
    diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md index ed70c0cb02..6889a52380 100644 --- a/windows/client-management/mdm/policy-csp-education.md +++ b/windows/client-management/mdm/policy-csp-education.md @@ -36,7 +36,7 @@ ms.date: 01/29/2018 **Education/DefaultPrinterName** - + @@ -58,8 +58,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -67,13 +67,13 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1709. This policy allows IT Admins to set the user's default printer. The policy value is expected to be the name (network host name) of an installed printer. - +
    @@ -81,7 +81,7 @@ The policy value is expected to be the name (network host name) of an installed **Education/PreventAddingNewPrinters** - + @@ -103,8 +103,8 @@ The policy value is expected to be the name (network host name) of an installed
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -112,11 +112,11 @@ The policy value is expected to be the name (network host name) of an installed
    - - + + Added in Windows 10, version 1709. Allows IT Admins to prevent user installation of additional printers from the printers settings. - + The following list shows the supported values: @@ -131,7 +131,7 @@ The following list shows the supported values: **Education/PrinterNames** - + @@ -153,8 +153,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -162,13 +162,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. Allows IT Admins to automatically provision printers based on their names (network host names). The policy value is expected to be a `````` seperated list of printer names. The OS will attempt to search and install the matching printer driver for each listed printer. - +
    diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md index 1a432f3397..38c3886970 100644 --- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md +++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md @@ -45,7 +45,7 @@ ms.date: 01/29/2018 **EnterpriseCloudPrint/CloudPrintOAuthAuthority** - + @@ -67,8 +67,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -76,15 +76,15 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1703. Specifies the authentication endpoint for acquiring OAuth tokens. This policy must target ./User, otherwise it fails. The datatype is a string. The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, "https://azuretenant.contoso.com/adfs". - +
    @@ -92,7 +92,7 @@ The default value is an empty string. Otherwise, the value should contain the UR **EnterpriseCloudPrint/CloudPrintOAuthClientId** - + @@ -114,8 +114,8 @@ The default value is an empty string. Otherwise, the value should contain the UR
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -123,15 +123,15 @@ The default value is an empty string. Otherwise, the value should contain the UR
    - - + + Added in Windows 10, version 1703. Specifies the GUID of a client application authorized to retrieve OAuth tokens from the OAuthAuthority. This policy must target ./User, otherwise it fails. The datatype is a string. The default value is an empty string. Otherwise, the value should contain a GUID. For example, "E1CF1107-FF90-4228-93BF-26052DD2C714". - +
    @@ -139,7 +139,7 @@ The default value is an empty string. Otherwise, the value should contain a GUID **EnterpriseCloudPrint/CloudPrintResourceId** - + @@ -161,8 +161,8 @@ The default value is an empty string. Otherwise, the value should contain a GUID
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -170,15 +170,15 @@ The default value is an empty string. Otherwise, the value should contain a GUID
    - - + + Added in Windows 10, version 1703. Specifies the per-user resource URL for which access is requested by the enterprise cloud print client during OAuth authentication. This policy must target ./User, otherwise it fails. The datatype is a string. The default value is an empty string. Otherwise, the value should contain a URL. For example, "http://MicrosoftEnterpriseCloudPrint/CloudPrint". - +
    @@ -186,7 +186,7 @@ The default value is an empty string. Otherwise, the value should contain a URL. **EnterpriseCloudPrint/CloudPrinterDiscoveryEndPoint** - + @@ -208,8 +208,8 @@ The default value is an empty string. Otherwise, the value should contain a URL.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -217,15 +217,15 @@ The default value is an empty string. Otherwise, the value should contain a URL.
    - - + + Added in Windows 10, version 1703. Specifies the per-user end point for discovering cloud printers. This policy must target ./User, otherwise it fails. The datatype is a string. The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, "https://cloudprinterdiscovery.contoso.com". - +
    @@ -233,7 +233,7 @@ The default value is an empty string. Otherwise, the value should contain the UR **EnterpriseCloudPrint/DiscoveryMaxPrinterLimit** - + @@ -255,8 +255,8 @@ The default value is an empty string. Otherwise, the value should contain the UR
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -264,15 +264,15 @@ The default value is an empty string. Otherwise, the value should contain the UR
    - - + + Added in Windows 10, version 1703. Defines the maximum number of printers that should be queried from a discovery end point. This policy must target ./User, otherwise it fails. The datatype is an integer. For Windows Mobile, the default value is 20. - +
    @@ -280,7 +280,7 @@ For Windows Mobile, the default value is 20. **EnterpriseCloudPrint/MopriaDiscoveryResourceId** - + @@ -302,8 +302,8 @@ For Windows Mobile, the default value is 20.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -311,15 +311,15 @@ For Windows Mobile, the default value is 20.
    - - + + Added in Windows 10, version 1703. Specifies the per-user resource URL for which access is requested by the Mopria discovery client during OAuth authentication. This policy must target ./User, otherwise it fails. The datatype is a string. The default value is an empty string. Otherwise, the value should contain a URL. For example, "http://MopriaDiscoveryService/CloudPrint". - +
    diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md index 71b4c992f1..4f957acf78 100644 --- a/windows/client-management/mdm/policy-csp-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-errorreporting.md @@ -42,7 +42,7 @@ ms.date: 01/29/2018 **ErrorReporting/CustomizeConsentSettings** - + @@ -64,8 +64,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -73,8 +73,8 @@ ms.date: 01/29/2018
    - - + + This policy setting determines the consent behavior of Windows Error Reporting for specific event types. If you enable this policy setting, you can add specific event types to a list by clicking Show, and typing event types in the Value Name column of the Show Contents dialog box. Event types are those for generic, non-fatal errors: crash, no response, and kernel fault errors. For each specified event type, you can set a consent level of 0, 1, 2, 3, or 4. @@ -91,7 +91,7 @@ If you enable this policy setting, you can add specific event types to a list by If you disable or do not configure this policy setting, then the default consent settings that are applied are those specified by the user in Control Panel, or in the Configure Default Consent policy setting. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -99,14 +99,14 @@ If you disable or do not configure this policy setting, then the default consent > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Customize consent settings* - GP name: *WerConsentCustomize_2* - GP path: *Windows Components/Windows Error Reporting/Consent* - GP ADMX file name: *ErrorReporting.admx* - +
    @@ -114,7 +114,7 @@ ADMX Info: **ErrorReporting/DisableWindowsErrorReporting** - + @@ -136,8 +136,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -145,15 +145,15 @@ ADMX Info:
    - - + + This policy setting turns off Windows Error Reporting, so that reports are not collected or sent to either Microsoft or internal servers within your organization when software unexpectedly stops working or fails. If you enable this policy setting, Windows Error Reporting does not send any problem information to Microsoft. Additionally, solution information is not available in Security and Maintenance in Control Panel. If you disable or do not configure this policy setting, the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings takes precedence. If Turn off Windows Error Reporting is also either disabled or not configured, user settings in Control Panel for Windows Error Reporting are applied. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -161,14 +161,14 @@ If you disable or do not configure this policy setting, the Turn off Windows Err > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Disable Windows Error Reporting* - GP name: *WerDisable_2* - GP path: *Windows Components/Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* - +
    @@ -176,7 +176,7 @@ ADMX Info: **ErrorReporting/DisplayErrorNotification** - + @@ -198,8 +198,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -207,8 +207,8 @@ ADMX Info:
    - - + + This policy setting controls whether users are shown an error dialog box that lets them report an error. If you enable this policy setting, users are notified in a dialog box that an error has occurred, and can display more details about the error. If the Configure Error Reporting policy setting is also enabled, the user can also report the error. @@ -219,7 +219,7 @@ If you do not configure this policy setting, users can change this setting in Co See also the Configure Error Reporting policy setting. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -227,14 +227,14 @@ See also the Configure Error Reporting policy setting. > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Display Error Notification* - GP name: *PCH_ShowUI* - GP path: *Windows Components/Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* - +
    @@ -242,7 +242,7 @@ ADMX Info: **ErrorReporting/DoNotSendAdditionalData** - + @@ -264,8 +264,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -273,15 +273,15 @@ ADMX Info:
    - - + + This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically. If you enable this policy setting, any additional data requests from Microsoft in response to a Windows Error Reporting report are automatically declined, without notification to the user. If you disable or do not configure this policy setting, then consent policy settings in Computer Configuration/Administrative Templates/Windows Components/Windows Error Reporting/Consent take precedence. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -289,14 +289,14 @@ If you disable or do not configure this policy setting, then consent policy sett > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Do not send additional data* - GP name: *WerNoSecondLevelData_2* - GP path: *Windows Components/Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* - +
    @@ -304,7 +304,7 @@ ADMX Info: **ErrorReporting/PreventCriticalErrorDisplay** - + @@ -326,8 +326,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -335,15 +335,15 @@ ADMX Info:
    - - + + This policy setting prevents the display of the user interface for critical errors. If you enable this policy setting, Windows Error Reporting does not display any GUI-based error messages or dialog boxes for critical errors. If you disable or do not configure this policy setting, Windows Error Reporting displays the user interface for critical errors. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -351,14 +351,14 @@ If you disable or do not configure this policy setting, Windows Error Reporting > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prevent display of the user interface for critical errors* - GP name: *WerDoNotShowUI* - GP path: *Windows Components/Windows Error Reporting* - GP ADMX file name: *ErrorReporting.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md index c98738d293..961555b8fe 100644 --- a/windows/client-management/mdm/policy-csp-eventlogservice.md +++ b/windows/client-management/mdm/policy-csp-eventlogservice.md @@ -39,7 +39,7 @@ ms.date: 01/29/2018 **EventLogService/ControlEventLogBehavior** - + @@ -61,8 +61,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -70,8 +70,8 @@ ms.date: 01/29/2018
    - - + + This policy setting controls Event Log behavior when the log file reaches its maximum size. If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost. @@ -80,7 +80,7 @@ If you disable or do not configure this policy setting and a log file reaches it Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -88,14 +88,14 @@ Note: Old events may or may not be retained according to the "Backup log automat > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Control Event Log behavior when the log file reaches its maximum size* - GP name: *Channel_Log_Retention_1* - GP path: *Windows Components/Event Log Service/Application* - GP ADMX file name: *eventlog.admx* - +
    @@ -103,7 +103,7 @@ ADMX Info: **EventLogService/SpecifyMaximumFileSizeApplicationLog** - + @@ -125,8 +125,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -134,15 +134,15 @@ ADMX Info:
    - - + + This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -150,14 +150,14 @@ If you disable or do not configure this policy setting, the maximum size of the > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Specify the maximum log file size (KB)* - GP name: *Channel_LogMaxSize_1* - GP path: *Windows Components/Event Log Service/Application* - GP ADMX file name: *eventlog.admx* - +
    @@ -165,7 +165,7 @@ ADMX Info: **EventLogService/SpecifyMaximumFileSizeSecurityLog** - + @@ -187,8 +187,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -196,15 +196,15 @@ ADMX Info:
    - - + + This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -212,14 +212,14 @@ If you disable or do not configure this policy setting, the maximum size of the > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Specify the maximum log file size (KB)* - GP name: *Channel_LogMaxSize_2* - GP path: *Windows Components/Event Log Service/Security* - GP ADMX file name: *eventlog.admx* - +
    @@ -227,7 +227,7 @@ ADMX Info: **EventLogService/SpecifyMaximumFileSizeSystemLog** - + @@ -249,8 +249,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -258,15 +258,15 @@ ADMX Info:
    - - + + This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -274,14 +274,14 @@ If you disable or do not configure this policy setting, the maximum size of the > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Specify the maximum log file size (KB)* - GP name: *Channel_LogMaxSize_4* - GP path: *Windows Components/Event Log Service/System* - GP ADMX file name: *eventlog.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index c8aaf83293..1ee67cf404 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -92,7 +92,7 @@ ms.date: 01/29/2018 **Experience/AllowCopyPaste** - + @@ -114,8 +114,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -123,8 +123,8 @@ ms.date: 01/29/2018
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -132,7 +132,7 @@ Specifies whether copy and paste is allowed. Most restricted value is 0. - + The following list shows the supported values: @@ -147,7 +147,7 @@ The following list shows the supported values: **Experience/AllowCortana** - + @@ -169,8 +169,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -178,13 +178,13 @@ The following list shows the supported values:
    - - + + Specifies whether Cortana is allowed on the device. If you enable or don’t configure this setting, Cortana is allowed on the device. If you disable this setting, Cortana is turned off. When Cortana is off, users will still be able to use search to find items on the device. Most restricted value is 0. - + The following list shows the supported values: @@ -199,7 +199,7 @@ The following list shows the supported values: **Experience/AllowDeviceDiscovery** - + @@ -221,8 +221,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -230,15 +230,15 @@ The following list shows the supported values:
    - - + + Allows users to turn on/off device discovery UX. When set to 0 , the projection pane is disabled. The Win+P and Win+K shortcut keys will not work on. Most restricted value is 0. - + The following list shows the supported values: @@ -253,7 +253,7 @@ The following list shows the supported values: **Experience/AllowFindMyDevice** - + @@ -275,8 +275,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -284,15 +284,15 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. This policy turns on Find My Device. When Find My Device is on, the device and its location are registered in the cloud so that the device can be located when the user initiates a Find command from account.microsoft.com. In Windows 10, version 1709 devices that are compatible with active digitizers, enabling Find My Device will also allow the user to view the last location of use of their active digitizer on their device; this location is stored locally on the user's device after each use of their active digitizer. When Find My Device is off, the device and its location are not registered and the Find My Device feature will not work. In Windows 10, version 1709 the user will not be able to view the location of the last use of their active digitizer on their device. - + The following list shows the supported values: @@ -307,7 +307,7 @@ The following list shows the supported values: **Experience/AllowManualMDMUnenrollment** - + @@ -329,8 +329,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -338,8 +338,8 @@ The following list shows the supported values:
    - - + + Specifies whether to allow the user to delete the workplace account using the workplace control panel. If the device is Azure Active Directory joined and MDM enrolled (e.g. auto-enrolled), which is majority of the case for Intune, then disabling the MDM unenrollment has no effect. > [!NOTE] @@ -348,7 +348,7 @@ Specifies whether to allow the user to delete the workplace account using the wo Most restricted value is 0. - + The following list shows the supported values: @@ -363,7 +363,7 @@ The following list shows the supported values: **Experience/AllowSIMErrorDialogPromptWhenNoSIM** - + @@ -385,8 +385,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -394,15 +394,15 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. Specifies whether to display dialog prompt when no SIM card is detected. - + The following list shows the supported values: @@ -417,10 +417,10 @@ The following list shows the supported values: **Experience/AllowSaveAsOfOfficeFiles** - + This policy is deprecated. - +
    @@ -428,7 +428,7 @@ This policy is deprecated. **Experience/AllowScreenCapture** - + @@ -450,8 +450,8 @@ This policy is deprecated.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -459,8 +459,8 @@ This policy is deprecated.
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -469,7 +469,7 @@ Specifies whether screen capture is allowed. Most restricted value is 0. - + The following list shows the supported values: @@ -484,10 +484,10 @@ The following list shows the supported values: **Experience/AllowSharingOfOfficeFiles** - + This policy is deprecated. - +
    @@ -495,7 +495,7 @@ This policy is deprecated. **Experience/AllowSyncMySettings** - + @@ -517,8 +517,8 @@ This policy is deprecated.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -526,11 +526,11 @@ This policy is deprecated.
    - - + + Allows or disallows all Windows sync settings on the device. For information about what settings are sync'ed, see [About sync setting on Windows 10 devices](http://windows.microsoft.com/windows-10/about-sync-settings-on-windows-10-devices). - + The following list shows the supported values: @@ -545,7 +545,7 @@ The following list shows the supported values: **Experience/AllowTailoredExperiencesWithDiagnosticData** - + @@ -567,8 +567,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -576,8 +576,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -589,7 +589,7 @@ Diagnostic data can include browser, app and feature usage, depending on the "Di Most restricted value is 0. - + The following list shows the supported values: @@ -604,7 +604,7 @@ The following list shows the supported values: **Experience/AllowTaskSwitcher** - + @@ -626,8 +626,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -635,15 +635,15 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. Allows or disallows task switching on the device. - + The following list shows the supported values: @@ -658,7 +658,7 @@ The following list shows the supported values: **Experience/AllowThirdPartySuggestionsInWindowsSpotlight** - + @@ -680,8 +680,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -689,15 +689,15 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only available for Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education. Specifies whether to allow app and content suggestions from third-party software publishers in Windows spotlight features like lock screen spotlight, suggested apps in the Start menu, and Windows tips. Users may still see suggestions for Microsoft features, apps, and services. - + The following list shows the supported values: @@ -712,7 +712,7 @@ The following list shows the supported values: **Experience/AllowVoiceRecording** - + @@ -734,8 +734,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -743,8 +743,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -753,7 +753,7 @@ Specifies whether voice recording is allowed for apps. Most restricted value is 0. - + The following list shows the supported values: @@ -768,7 +768,7 @@ The following list shows the supported values: **Experience/AllowWindowsConsumerFeatures** - + @@ -790,8 +790,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -799,8 +799,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -809,7 +809,7 @@ This policy allows IT admins to turn on experiences that are typically for consu Most restricted value is 0. - + The following list shows the supported values: @@ -824,7 +824,7 @@ The following list shows the supported values: **Experience/AllowWindowsSpotlight** - + @@ -846,8 +846,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -855,8 +855,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only available for Windows 10 Enterprise and Windows 10 Education. @@ -865,7 +865,7 @@ Specifies whether to turn off all Windows spotlight features at once. If you ena Most restricted value is 0. - + The following list shows the supported values: @@ -880,7 +880,7 @@ The following list shows the supported values: **Experience/AllowWindowsSpotlightOnActionCenter** - + @@ -902,8 +902,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -911,8 +911,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -920,7 +920,7 @@ Added in Windows 10, version 1703. This policy allows administrators to prevent Most restricted value is 0. - + The following list shows the supported values: @@ -935,7 +935,7 @@ The following list shows the supported values: **Experience/AllowWindowsSpotlightWindowsWelcomeExperience** - + @@ -957,8 +957,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -966,8 +966,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -976,7 +976,7 @@ The Windows welcome experience feature introduces onboard users to Windows; for Most restricted value is 0. - + The following list shows the supported values: @@ -991,7 +991,7 @@ The following list shows the supported values: **Experience/AllowWindowsTips** - + @@ -1013,8 +1013,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1022,11 +1022,11 @@ The following list shows the supported values:
    - - + + Enables or disables Windows Tips / soft landing. - + The following list shows the supported values: @@ -1041,7 +1041,7 @@ The following list shows the supported values: **Experience/ConfigureWindowsSpotlightOnLockScreen** - + @@ -1063,8 +1063,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1072,8 +1072,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only available for Windows 10 Enterprise and Windows 10 Education. @@ -1086,7 +1086,7 @@ The following list shows the supported values: - 1 (default) – Windows spotlight enabled. - 2 – placeholder only for future extension. Using this value has no effect. - +
    @@ -1094,7 +1094,7 @@ The following list shows the supported values: **Experience/DoNotShowFeedbackNotifications** - + @@ -1116,8 +1116,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1125,8 +1125,8 @@ The following list shows the supported values:
    - - + + Prevents devices from showing feedback questions from Microsoft. If you enable this policy setting, users will no longer see feedback notifications through the Feedback hub app. If you disable or do not configure this policy setting, users may see notifications through the Feedback hub app asking users for feedback. @@ -1138,7 +1138,7 @@ The following list shows the supported values: - 0 (default) – Feedback notifications are not disabled. The actual state of feedback notifications on the device will then depend on what GP has configured or what the user has configured locally. - 1 – Feedback notifications are disabled. - +
    diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md index c5da5ddb2d..ba0ff86d79 100644 --- a/windows/client-management/mdm/policy-csp-exploitguard.md +++ b/windows/client-management/mdm/policy-csp-exploitguard.md @@ -30,7 +30,7 @@ ms.date: 01/29/2018 **ExploitGuard/ExploitProtectionSettings** - + @@ -52,8 +52,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -61,8 +61,8 @@ ms.date: 01/29/2018
    - - + + Enables the IT admin to push out a configuration representing the desired system and application mitigation options to all the devices in the organization. The configuration is represented by an XML. For more information Exploit Protection, see [Protect devices from exploits with Windows Defender Exploit Guard](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard) and [Import, export, and deploy Exploit Protection configurations](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml). The system settings require a reboot; the application settings do not require a reboot. @@ -92,7 +92,7 @@ Here is an example: ``` - +
    diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md index d0db2bf70f..51f293f7b8 100644 --- a/windows/client-management/mdm/policy-csp-games.md +++ b/windows/client-management/mdm/policy-csp-games.md @@ -30,7 +30,7 @@ ms.date: 01/29/2018 **Games/AllowAdvancedGamingServices** - + @@ -52,8 +52,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -61,11 +61,11 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1709. Specifies whether advanced gaming services can be used. These services may send data to Microsoft or publishers of games that use these services. Value type is integer. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md index 98cb777d45..15016063fb 100644 --- a/windows/client-management/mdm/policy-csp-handwriting.md +++ b/windows/client-management/mdm/policy-csp-handwriting.md @@ -30,7 +30,7 @@ ms.date: 01/29/2018 **Handwriting/PanelDefaultModeDocked** - + @@ -52,8 +52,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -61,8 +61,8 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10. version 1709. This policy allows an enterprise to configure the default mode for the handwriting panel. The handwriting panel has 2 modes - floats near the text box, or docked to the bottom of the screen. The default configuration to is floating near text box. If you want the panel to be fixed or docked, use this policy to fix it to the bottom of the screen. @@ -71,7 +71,7 @@ In floating mode, the content is hidden behind a flying-in panel and results in The docked mode is especially useful in Kiosk mode where you do not expect the end-user to drag the flying-in panel out of the way. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index 8eb6808dbe..2b29a32684 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -756,7 +756,7 @@ ms.date: 01/29/2018 **InternetExplorer/AddSearchProvider** - + @@ -778,8 +778,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -788,15 +788,15 @@ ms.date: 01/29/2018
    - - + + This policy setting allows you to add a specific list of search providers to the user's default list of search providers. Normally, search providers can be added from third-party toolbars or in Setup. The user can also add a search provider from the provider's website. If you enable this policy setting, the user can add and remove search providers, but only from the set of search providers specified in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Note: This list can be created from a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers. If you disable or do not configure this policy setting, the user can configure their list of search providers unless another policy setting restricts such configuration. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -804,14 +804,14 @@ If you disable or do not configure this policy setting, the user can configure t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Add a specific list of search providers to the user's list of search providers* - GP name: *AddSearchProvider* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -819,7 +819,7 @@ ADMX Info: **InternetExplorer/AllowActiveXFiltering** - + @@ -841,8 +841,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -851,15 +851,15 @@ ADMX Info:
    - - + + This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to turn off ActiveX Filtering for specific websites so that ActiveX controls can run properly. If you enable this policy setting, ActiveX Filtering is enabled by default for the user. The user cannot turn off ActiveX Filtering, although they may add per-site exceptions. If you disable or do not configure this policy setting, ActiveX Filtering is not enabled by default for the user. The user can turn ActiveX Filtering on or off. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -867,14 +867,14 @@ If you disable or do not configure this policy setting, ActiveX Filtering is not > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on ActiveX Filtering* - GP name: *TurnOnActiveXFiltering* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -882,7 +882,7 @@ ADMX Info: **InternetExplorer/AllowAddOnList** - + @@ -904,8 +904,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -914,8 +914,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage a list of add-ons to be allowed or denied by Internet Explorer. Add-ons in this case are controls like ActiveX Controls, Toolbars, and Browser Helper Objects (BHOs) which are specifically written to extend or enhance the functionality of the browser or web pages. This list can be used with the 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting, which defines whether add-ons not listed here are assumed to be denied. @@ -928,7 +928,7 @@ Value - A number indicating whether Internet Explorer should deny or allow the a If you disable this policy setting, the list is deleted. The 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting will still determine whether add-ons not in this list are assumed to be denied. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -936,14 +936,14 @@ If you disable this policy setting, the list is deleted. The 'Deny all add-ons u > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Add-on List* - GP name: *AddonManagement_AddOnList* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* - +
    @@ -951,7 +951,7 @@ ADMX Info: **InternetExplorer/AllowAutoComplete** - + @@ -973,8 +973,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -982,10 +982,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -993,14 +993,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on the auto-complete feature for user names and passwords on forms* - GP name: *RestrictFormSuggestPW* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -1008,7 +1008,7 @@ ADMX Info: **InternetExplorer/AllowCertificateAddressMismatchWarning** - + @@ -1030,8 +1030,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1040,10 +1040,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1051,14 +1051,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on certificate address mismatch warning* - GP name: *IZ_PolicyWarnCertMismatch* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* - +
    @@ -1066,7 +1066,7 @@ ADMX Info: **InternetExplorer/AllowDeletingBrowsingHistoryOnExit** - + @@ -1088,8 +1088,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1098,10 +1098,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1109,14 +1109,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow deleting browsing history on exit* - GP name: *DBHDisableDeleteOnExit* - GP path: *Windows Components/Internet Explorer/Delete Browsing History* - GP ADMX file name: *inetres.admx* - +
    @@ -1124,7 +1124,7 @@ ADMX Info: **InternetExplorer/AllowEnhancedProtectedMode** - + @@ -1146,8 +1146,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1156,8 +1156,8 @@ ADMX Info:
    - - + + Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8, Enhanced Protected Mode also limits the locations Internet Explorer can read from in the registry and the file system. If you enable this policy setting, Enhanced Protected Mode will be turned on. Any zone that has Protected Mode enabled will use Enhanced Protected Mode. Users will not be able to disable Enhanced Protected Mode. @@ -1166,7 +1166,7 @@ If you disable this policy setting, Enhanced Protected Mode will be turned off. If you do not configure this policy, users will be able to turn on or turn off Enhanced Protected Mode on the Advanced tab of the Internet Options dialog. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1174,14 +1174,14 @@ If you do not configure this policy, users will be able to turn on or turn off E > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on Enhanced Protected Mode* - GP name: *Advanced_EnableEnhancedProtectedMode* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* - +
    @@ -1189,7 +1189,7 @@ ADMX Info: **InternetExplorer/AllowEnterpriseModeFromToolsMenu** - + @@ -1211,8 +1211,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1221,15 +1221,15 @@ ADMX Info:
    - - + + This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionally, this policy also lets you specify where to get reports (through post messages) about the websites for which users turn on Enterprise Mode using the Tools menu. If you turn this setting on, users can see and use the Enterprise Mode option from the Tools menu. If you turn this setting on, but don't specify a report location, Enterprise Mode will still be available to your users, but you won't get any reports. If you disable or don't configure this policy setting, the menu option won't appear and users won't be able to run websites in Enterprise Mode. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1237,14 +1237,14 @@ If you disable or don't configure this policy setting, the menu option won't app > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Let users turn on and use Enterprise Mode from the Tools menu* - GP name: *EnterpriseModeEnable* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -1252,7 +1252,7 @@ ADMX Info: **InternetExplorer/AllowEnterpriseModeSiteList** - + @@ -1274,8 +1274,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1284,15 +1284,15 @@ ADMX Info:
    - - + + This policy setting lets you specify where to find the list of websites you want opened using Enterprise Mode IE, instead of Standard mode, because of compatibility issues. Users can't edit this list. If you enable this policy setting, Internet Explorer downloads the website list from your location (HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\Main\EnterpriseMode), opening all listed websites using Enterprise Mode IE. If you disable or don't configure this policy setting, Internet Explorer opens all websites using Standards mode. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1300,14 +1300,14 @@ If you disable or don't configure this policy setting, Internet Explorer opens a > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Use the Enterprise Mode IE website list* - GP name: *EnterpriseModeSiteList* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -1315,7 +1315,7 @@ ADMX Info: **InternetExplorer/AllowFallbackToSSL3** - + @@ -1337,8 +1337,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1346,10 +1346,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1357,14 +1357,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow fallback to SSL 3.0 (Internet Explorer)* - GP name: *Advanced_EnableSSL3Fallback* - GP path: *Windows Components/Internet Explorer/Security Features* - GP ADMX file name: *inetres.admx* - +
    @@ -1372,7 +1372,7 @@ ADMX Info: **InternetExplorer/AllowInternetExplorer7PolicyList** - + @@ -1394,8 +1394,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1404,15 +1404,15 @@ ADMX Info:
    - - + + This policy setting allows you to add specific sites that must be viewed in Internet Explorer 7 Compatibility View. If you enable this policy setting, the user can add and remove sites from the list, but the user cannot remove the entries that you specify. If you disable or do not configure this policy setting, the user can add and remove sites from the list. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1420,14 +1420,14 @@ If you disable or do not configure this policy setting, the user can add and rem > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Use Policy List of Internet Explorer 7 sites* - GP name: *CompatView_UsePolicyList* - GP path: *Windows Components/Internet Explorer/Compatibility View* - GP ADMX file name: *inetres.admx* - +
    @@ -1435,7 +1435,7 @@ ADMX Info: **InternetExplorer/AllowInternetExplorerStandardsMode** - + @@ -1457,8 +1457,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1467,8 +1467,8 @@ ADMX Info:
    - - + + This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage that belongs to the local intranet security zone. If you enable this policy setting, Internet Explorer uses the current user agent string for local intranet content. Additionally, all local intranet Standards Mode pages appear in the Standards Mode available with the latest version of Internet Explorer. The user cannot change this behavior through the Compatibility View Settings dialog box. @@ -1477,7 +1477,7 @@ If you disable this policy setting, Internet Explorer uses an Internet Explorer If you do not configure this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended) for local intranet content. Additionally, all local intranet Standards Mode pages appear in Internet Explorer 7 Standards Mode. This option results in the greatest compatibility with existing webpages, but newer content written to common Internet standards may be displayed incorrectly. This option matches the default behavior of Internet Explorer. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1485,14 +1485,14 @@ If you do not configure this policy setting, Internet Explorer uses an Internet > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on Internet Explorer Standards Mode for local intranet* - GP name: *CompatView_IntranetSites* - GP path: *Windows Components/Internet Explorer/Compatibility View* - GP ADMX file name: *inetres.admx* - +
    @@ -1500,7 +1500,7 @@ ADMX Info: **InternetExplorer/AllowInternetZoneTemplate** - + @@ -1522,8 +1522,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1532,8 +1532,8 @@ ADMX Info:
    - - + + This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults. @@ -1546,7 +1546,7 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1554,14 +1554,14 @@ Note. It is recommended to configure template policy settings in one Group Polic > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Internet Zone Template* - GP name: *IZ_PolicyInternetZoneTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* - +
    @@ -1569,7 +1569,7 @@ ADMX Info: **InternetExplorer/AllowIntranetZoneTemplate** - + @@ -1591,8 +1591,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1601,8 +1601,8 @@ ADMX Info:
    - - + + This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults. @@ -1615,7 +1615,7 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1623,14 +1623,14 @@ Note. It is recommended to configure template policy settings in one Group Polic > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Intranet Zone Template* - GP name: *IZ_PolicyIntranetZoneTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* - +
    @@ -1638,7 +1638,7 @@ ADMX Info: **InternetExplorer/AllowLocalMachineZoneTemplate** - + @@ -1660,8 +1660,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1670,8 +1670,8 @@ ADMX Info:
    - - + + This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults. @@ -1684,7 +1684,7 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1692,14 +1692,14 @@ Note. It is recommended to configure template policy settings in one Group Polic > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Local Machine Zone Template* - GP name: *IZ_PolicyLocalMachineZoneTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* - +
    @@ -1707,7 +1707,7 @@ ADMX Info: **InternetExplorer/AllowLockedDownInternetZoneTemplate** - + @@ -1729,8 +1729,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1739,8 +1739,8 @@ ADMX Info:
    - - + + This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults. @@ -1753,7 +1753,7 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1761,14 +1761,14 @@ Note. It is recommended to configure template policy settings in one Group Polic > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Locked-Down Internet Zone Template* - GP name: *IZ_PolicyInternetZoneLockdownTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* - +
    @@ -1776,7 +1776,7 @@ ADMX Info: **InternetExplorer/AllowLockedDownIntranetZoneTemplate** - + @@ -1798,8 +1798,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1808,8 +1808,8 @@ ADMX Info:
    - - + + This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults. @@ -1822,7 +1822,7 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1830,14 +1830,14 @@ Note. It is recommended to configure template policy settings in one Group Polic > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Locked-Down Intranet Zone Template* - GP name: *IZ_PolicyIntranetZoneLockdownTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* - +
    @@ -1845,7 +1845,7 @@ ADMX Info: **InternetExplorer/AllowLockedDownLocalMachineZoneTemplate** - + @@ -1867,8 +1867,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1877,8 +1877,8 @@ ADMX Info:
    - - + + This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults. @@ -1891,7 +1891,7 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1899,14 +1899,14 @@ Note. It is recommended to configure template policy settings in one Group Polic > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Locked-Down Local Machine Zone Template* - GP name: *IZ_PolicyLocalMachineZoneLockdownTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* - +
    @@ -1914,7 +1914,7 @@ ADMX Info: **InternetExplorer/AllowLockedDownRestrictedSitesZoneTemplate** - + @@ -1936,8 +1936,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1946,8 +1946,8 @@ ADMX Info:
    - - + + This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults. @@ -1960,7 +1960,7 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -1968,14 +1968,14 @@ Note. It is recommended to configure template policy settings in one Group Polic > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Locked-Down Restricted Sites Zone Template* - GP name: *IZ_PolicyRestrictedSitesZoneLockdownTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* - +
    @@ -1983,7 +1983,7 @@ ADMX Info: **InternetExplorer/AllowOneWordEntry** - + @@ -2005,8 +2005,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2015,15 +2015,15 @@ ADMX Info:
    - - + + This policy allows the user to go directly to an intranet site for a one-word entry in the Address bar. If you enable this policy setting, Internet Explorer goes directly to an intranet site for a one-word entry in the Address bar, if it is available. If you disable or do not configure this policy setting, Internet Explorer does not go directly to an intranet site for a one-word entry in the Address bar. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2031,14 +2031,14 @@ If you disable or do not configure this policy setting, Internet Explorer does n > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Go to an intranet site for a one-word entry in the Address bar* - GP name: *UseIntranetSiteForOneWordEntry* - GP path: *Windows Components/Internet Explorer/Internet Settings/Advanced settings/Browsing* - GP ADMX file name: *inetres.admx* - +
    @@ -2046,7 +2046,7 @@ ADMX Info: **InternetExplorer/AllowSiteToZoneAssignmentList** - + @@ -2068,8 +2068,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2078,8 +2078,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage a list of sites that you want to associate with a particular security zone. These zone numbers have associated security settings that apply to all of the sites in the zone. Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone. Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites zone (Low template), Intranet zone (Medium-Low template), Internet zone (Medium template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer.) @@ -2092,7 +2092,7 @@ Value - A number indicating the zone with which this site should be associated f If you disable or do not configure this policy, users may choose their own site-to-zone assignments. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2100,14 +2100,14 @@ If you disable or do not configure this policy, users may choose their own site- > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Site to Zone Assignment List* - GP name: *IZ_Zonemaps* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* - +
    @@ -2115,7 +2115,7 @@ ADMX Info: **InternetExplorer/AllowSoftwareWhenSignatureIsInvalid** - + @@ -2137,8 +2137,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2147,10 +2147,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2158,14 +2158,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow software to run or install even if the signature is invalid* - GP name: *Advanced_InvalidSignatureBlock* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* - +
    @@ -2173,7 +2173,7 @@ ADMX Info: **InternetExplorer/AllowSuggestedSites** - + @@ -2195,8 +2195,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2205,8 +2205,8 @@ ADMX Info:
    - - + + This policy setting controls the Suggested Sites feature, which recommends websites based on the users browsing activity. Suggested Sites reports a users browsing history to Microsoft to suggest sites that the user might want to visit. If you enable this policy setting, the user is not prompted to enable Suggested Sites. The users browsing history is sent to Microsoft to produce suggestions. @@ -2215,7 +2215,7 @@ If you disable this policy setting, the entry points and functionality associate If you do not configure this policy setting, the user can turn on and turn off the Suggested Sites feature. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2223,14 +2223,14 @@ If you do not configure this policy setting, the user can turn on and turn off t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on Suggested Sites* - GP name: *EnableSuggestedSites* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -2238,7 +2238,7 @@ ADMX Info: **InternetExplorer/AllowTrustedSitesZoneTemplate** - + @@ -2260,8 +2260,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2270,8 +2270,8 @@ ADMX Info:
    - - + + This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults. @@ -2284,7 +2284,7 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2292,14 +2292,14 @@ Note. It is recommended to configure template policy settings in one Group Polic > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Trusted Sites Zone Template* - GP name: *IZ_PolicyTrustedSitesZoneTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* - +
    @@ -2307,7 +2307,7 @@ ADMX Info: **InternetExplorer/AllowsLockedDownTrustedSitesZoneTemplate** - + @@ -2329,8 +2329,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2339,8 +2339,8 @@ ADMX Info:
    - - + + This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults. @@ -2353,7 +2353,7 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2361,14 +2361,14 @@ Note. It is recommended to configure template policy settings in one Group Polic > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Locked-Down Trusted Sites Zone Template* - GP name: *IZ_PolicyTrustedSitesZoneLockdownTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* - +
    @@ -2376,7 +2376,7 @@ ADMX Info: **InternetExplorer/AllowsRestrictedSitesZoneTemplate** - + @@ -2398,8 +2398,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2408,8 +2408,8 @@ ADMX Info:
    - - + + This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults. @@ -2422,7 +2422,7 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2430,14 +2430,14 @@ Note. It is recommended to configure template policy settings in one Group Polic > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Restricted Sites Zone Template* - GP name: *IZ_PolicyRestrictedSitesZoneTemplate* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* - +
    @@ -2445,7 +2445,7 @@ ADMX Info: **InternetExplorer/CheckServerCertificateRevocation** - + @@ -2467,8 +2467,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2477,10 +2477,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2488,14 +2488,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Check for server certificate revocation* - GP name: *Advanced_CertificateRevocation* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* - +
    @@ -2503,7 +2503,7 @@ ADMX Info: **InternetExplorer/CheckSignaturesOnDownloadedPrograms** - + @@ -2525,8 +2525,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2535,10 +2535,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2546,14 +2546,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Check for signatures on downloaded programs* - GP name: *Advanced_DownloadSignatures* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* - +
    @@ -2561,7 +2561,7 @@ ADMX Info: **InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses** - + @@ -2583,8 +2583,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2593,10 +2593,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2604,14 +2604,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_2* - GP path: *Windows Components/Internet Explorer/Security Features/Binary Behavior Security Restriction* - GP ADMX file name: *inetres.admx* - +
    @@ -2619,7 +2619,7 @@ ADMX Info: **InternetExplorer/DisableAdobeFlash** - + @@ -2641,8 +2641,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2651,8 +2651,8 @@ ADMX Info:
    - - + + This policy setting turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology to instantiate Flash objects. If you enable this policy setting, Flash is turned off for Internet Explorer, and applications cannot use Internet Explorer technology to instantiate Flash objects. In the Manage Add-ons dialog box, the Flash status will be 'Disabled', and users cannot enable Flash. If you enable this policy setting, Internet Explorer will ignore settings made for Adobe Flash through the "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings. @@ -2661,7 +2661,7 @@ If you disable, or do not configure this policy setting, Flash is turned on for Note that Adobe Flash can still be disabled through the "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings, even if this policy setting is disabled, or not configured. However, if Adobe Flash is disabled through the "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings and not through this policy setting, all applications that use Internet Explorer technology to instantiate Flash object can still do so. For more information, see "Group Policy Settings in Internet Explorer 10" in the Internet Explorer TechNet library. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2669,14 +2669,14 @@ Note that Adobe Flash can still be disabled through the "Add-on List" and "Deny > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects* - GP name: *DisableFlashInIE* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* - +
    @@ -2684,7 +2684,7 @@ ADMX Info: **InternetExplorer/DisableBypassOfSmartScreenWarnings** - + @@ -2706,8 +2706,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2716,15 +2716,15 @@ ADMX Info:
    - - + + This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter prevents the user from browsing to or downloading from sites that are known to host malicious content. SmartScreen Filter also prevents the execution of files that are known to be malicious. If you enable this policy setting, SmartScreen Filter warnings block the user. If you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2732,14 +2732,14 @@ If you disable or do not configure this policy setting, the user can bypass Smar > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prevent bypassing SmartScreen Filter warnings* - GP name: *DisableSafetyFilterOverride* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -2747,7 +2747,7 @@ ADMX Info: **InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles** - + @@ -2769,8 +2769,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2779,15 +2779,15 @@ ADMX Info:
    - - + + This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter warns the user about executable files that Internet Explorer users do not commonly download from the Internet. If you enable this policy setting, SmartScreen Filter warnings block the user. If you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2795,14 +2795,14 @@ If you disable or do not configure this policy setting, the user can bypass Smar > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet* - GP name: *DisableSafetyFilterOverrideForAppRepUnknown* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -2810,7 +2810,7 @@ ADMX Info: **InternetExplorer/DisableConfiguringHistory** - + @@ -2832,8 +2832,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2842,10 +2842,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2853,14 +2853,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Disable "Configuring History"* - GP name: *RestrictHistory* - GP path: *Windows Components/Internet Explorer/Delete Browsing History* - GP ADMX file name: *inetres.admx* - +
    @@ -2868,7 +2868,7 @@ ADMX Info: **InternetExplorer/DisableCrashDetection** - + @@ -2890,8 +2890,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2900,10 +2900,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2911,14 +2911,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off Crash Detection* - GP name: *AddonManagement_RestrictCrashDetection* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -2926,7 +2926,7 @@ ADMX Info: **InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation** - + @@ -2948,8 +2948,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2958,8 +2958,8 @@ ADMX Info:
    - - + + This policy setting prevents the user from participating in the Customer Experience Improvement Program (CEIP). If you enable this policy setting, the user cannot participate in the CEIP, and the Customer Feedback Options command does not appear on the Help menu. @@ -2968,7 +2968,7 @@ If you disable this policy setting, the user must participate in the CEIP, and t If you do not configure this policy setting, the user can choose to participate in the CEIP. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -2976,14 +2976,14 @@ If you do not configure this policy setting, the user can choose to participate > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prevent participation in the Customer Experience Improvement Program* - GP name: *SQM_DisableCEIP* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -2991,7 +2991,7 @@ ADMX Info: **InternetExplorer/DisableDeletingUserVisitedWebsites** - + @@ -3013,8 +3013,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3023,10 +3023,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3034,14 +3034,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prevent deleting websites that the user has visited* - GP name: *DBHDisableDeleteHistory* - GP path: *Windows Components/Internet Explorer/Delete Browsing History* - GP ADMX file name: *inetres.admx* - +
    @@ -3049,7 +3049,7 @@ ADMX Info: **InternetExplorer/DisableEnclosureDownloading** - + @@ -3071,8 +3071,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3081,15 +3081,15 @@ ADMX Info:
    - - + + This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the user's computer. If you enable this policy setting, the user cannot set the Feed Sync Engine to download an enclosure through the Feed property page. A developer cannot change the download setting through the Feed APIs. If you disable or do not configure this policy setting, the user can set the Feed Sync Engine to download an enclosure through the Feed property page. A developer can change the download setting through the Feed APIs. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3097,14 +3097,14 @@ If you disable or do not configure this policy setting, the user can set the Fee > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prevent downloading of enclosures* - GP name: *Disable_Downloading_of_Enclosures* - GP path: *Windows Components/RSS Feeds* - GP ADMX file name: *inetres.admx* - +
    @@ -3112,7 +3112,7 @@ ADMX Info: **InternetExplorer/DisableEncryptionSupport** - + @@ -3134,8 +3134,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3144,8 +3144,8 @@ ADMX Info:
    - - + + This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0, TLS 1.1, TLS 1.2, Secure Sockets Layer (SSL) 2.0, or SSL 3.0 in the browser. TLS and SSL are protocols that help protect communication between the browser and the target server. When the browser attempts to set up a protected communication with the target server, the browser and server negotiate which protocol and version to use. The browser and server attempt to match each others list of supported protocols and versions, and they select the most preferred match. If you enable this policy setting, the browser negotiates or does not negotiate an encryption tunnel by using the encryption methods that you select from the drop-down list. @@ -3154,7 +3154,7 @@ If you disable or do not configure this policy setting, the user can select whic Note: SSL 2.0 is off by default and is no longer supported starting with Windows 10 Version 1607. SSL 2.0 is an outdated security protocol, and enabling SSL 2.0 impairs the performance and functionality of TLS 1.0. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3162,14 +3162,14 @@ Note: SSL 2.0 is off by default and is no longer supported starting with Windows > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off encryption support* - GP name: *Advanced_SetWinInetProtocols* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* - +
    @@ -3177,7 +3177,7 @@ ADMX Info: **InternetExplorer/DisableFirstRunWizard** - + @@ -3199,8 +3199,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3209,8 +3209,8 @@ ADMX Info:
    - - + + This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows. If you enable this policy setting, you must make one of the following choices: @@ -3221,7 +3221,7 @@ Starting with Windows 8, the "Welcome to Internet Explorer" webpage is not avail If you disable or do not configure this policy setting, Internet Explorer may run the First Run wizard the first time the browser is started after installation. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3229,14 +3229,14 @@ If you disable or do not configure this policy setting, Internet Explorer may ru > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prevent running First Run wizard* - GP name: *NoFirstRunCustomise* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -3244,7 +3244,7 @@ ADMX Info: **InternetExplorer/DisableFlipAheadFeature** - + @@ -3266,8 +3266,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3276,8 +3276,8 @@ ADMX Info:
    - - + + This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website. Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn't available for Internet Explorer for the desktop. @@ -3288,7 +3288,7 @@ If you disable this policy setting, flip ahead with page prediction is turned on If you don't configure this setting, users can turn this behavior on or off, using the Settings charm. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3296,14 +3296,14 @@ If you don't configure this setting, users can turn this behavior on or off, usi > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off the flip ahead with page prediction feature* - GP name: *Advanced_DisableFlipAhead* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* - +
    @@ -3311,7 +3311,7 @@ ADMX Info: **InternetExplorer/DisableHomePageChange** - + @@ -3333,8 +3333,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3342,15 +3342,15 @@ ADMX Info:
    - - + + The Home page specified on the General tab of the Internet Options dialog box is the default Web page that Internet Explorer loads whenever it is run. If you enable this policy setting, a user cannot set a custom default home page. You must specify which default home page should load on the user machine. For machines with at least Internet Explorer 7, the home page can be set within this policy to override other home page policies. If you disable or do not configure this policy setting, the Home page box is enabled and users can choose their own home page. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3358,14 +3358,14 @@ If you disable or do not configure this policy setting, the Home page box is ena > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Disable changing home page settings* - GP name: *RestrictHomePage* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -3373,7 +3373,7 @@ ADMX Info: **InternetExplorer/DisableIgnoringCertificateErrors** - + @@ -3395,8 +3395,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3405,10 +3405,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3416,14 +3416,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prevent ignoring certificate errors* - GP name: *NoCertError* - GP path: *Windows Components/Internet Explorer/Internet Control Panel* - GP ADMX file name: *inetres.admx* - +
    @@ -3431,7 +3431,7 @@ ADMX Info: **InternetExplorer/DisableInPrivateBrowsing** - + @@ -3453,8 +3453,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3463,10 +3463,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3474,14 +3474,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off InPrivate Browsing* - GP name: *DisableInPrivateBrowsing* - GP path: *Windows Components/Internet Explorer/Privacy* - GP ADMX file name: *inetres.admx* - +
    @@ -3489,7 +3489,7 @@ ADMX Info: **InternetExplorer/DisableProcessesInEnhancedProtectedMode** - + @@ -3511,8 +3511,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3521,10 +3521,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3532,14 +3532,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows* - GP name: *Advanced_EnableEnhancedProtectedMode64Bit* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* - +
    @@ -3547,7 +3547,7 @@ ADMX Info: **InternetExplorer/DisableProxyChange** - + @@ -3569,8 +3569,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3579,15 +3579,15 @@ ADMX Info:
    - - + + This policy setting specifies if a user can change proxy settings. If you enable this policy setting, the user will not be able to configure proxy settings. If you disable or do not configure this policy setting, the user can configure proxy settings. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3595,14 +3595,14 @@ If you disable or do not configure this policy setting, the user can configure p > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prevent changing proxy settings* - GP name: *RestrictProxy* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -3610,7 +3610,7 @@ ADMX Info: **InternetExplorer/DisableSearchProviderChange** - + @@ -3632,8 +3632,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3642,15 +3642,15 @@ ADMX Info:
    - - + + This policy setting prevents the user from changing the default search provider for the Address bar and the toolbar Search box. If you enable this policy setting, the user cannot change the default search provider. If you disable or do not configure this policy setting, the user can change the default search provider. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3658,14 +3658,14 @@ If you disable or do not configure this policy setting, the user can change the > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prevent changing the default search provider* - GP name: *NoSearchProvider* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -3673,7 +3673,7 @@ ADMX Info: **InternetExplorer/DisableSecondaryHomePageChange** - + @@ -3695,8 +3695,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3705,8 +3705,8 @@ ADMX Info:
    - - + + Secondary home pages are the default Web pages that Internet Explorer loads in separate tabs from the home page whenever the browser is run. This policy setting allows you to set default secondary home pages. If you enable this policy setting, you can specify which default home pages should load as secondary home pages. The user cannot set custom default secondary home pages. @@ -3715,7 +3715,7 @@ If you disable or do not configure this policy setting, the user can add seconda Note: If the Disable Changing Home Page Settings policy is enabled, the user cannot add secondary home pages. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3723,14 +3723,14 @@ Note: If the Disable Changing Home Page Settings policy is enabled, the user can > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Disable changing secondary home page settings* - GP name: *SecondaryHomePages* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -3738,7 +3738,7 @@ ADMX Info: **InternetExplorer/DisableSecuritySettingsCheck** - + @@ -3760,8 +3760,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3770,10 +3770,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3781,14 +3781,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off the Security Settings Check feature* - GP name: *Disable_Security_Settings_Check* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -3796,7 +3796,7 @@ ADMX Info: **InternetExplorer/DisableUpdateCheck** - + @@ -3818,8 +3818,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3827,8 +3827,8 @@ ADMX Info:
    - - + + Prevents Internet Explorer from checking whether a new version of the browser is available. If you enable this policy, it prevents Internet Explorer from checking to see whether it is the latest available browser version and notifying users if a new version is available. @@ -3837,7 +3837,7 @@ If you disable this policy or do not configure it, Internet Explorer checks ever This policy is intended to help the administrator maintain version control for Internet Explorer by preventing users from being notified about new versions of the browser. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3845,14 +3845,14 @@ This policy is intended to help the administrator maintain version control for I > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Disable Periodic Check for Internet Explorer software updates* - GP name: *NoUpdateCheck* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -3860,7 +3860,7 @@ ADMX Info: **InternetExplorer/DoNotAllowActiveXControlsInProtectedMode** - + @@ -3882,8 +3882,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3892,10 +3892,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3903,14 +3903,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled* - GP name: *Advanced_DisableEPMCompat* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page* - GP ADMX file name: *inetres.admx* - +
    @@ -3918,7 +3918,7 @@ ADMX Info: **InternetExplorer/DoNotAllowUsersToAddSites** - + @@ -3940,8 +3940,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3949,8 +3949,8 @@ ADMX Info:
    - - + + Prevents users from adding or removing sites from security zones. A security zone is a group of Web sites with the same security level. If you enable this policy, the site management settings for security zones are disabled. (To see the site management settings for security zones, in the Internet Options dialog box, click the Security tab, and then click the Sites button.) @@ -3963,7 +3963,7 @@ Note: The "Disable the Security page" policy (located in \User Configuration\Ad Also, see the "Security zones: Use only machine settings" policy. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -3971,14 +3971,14 @@ Also, see the "Security zones: Use only machine settings" policy. > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Security Zones: Do not allow users to add/delete sites* - GP name: *Security_zones_map_edit* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -3986,7 +3986,7 @@ ADMX Info: **InternetExplorer/DoNotAllowUsersToChangePolicies** - + @@ -4008,8 +4008,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4017,8 +4017,8 @@ ADMX Info:
    - - + + Prevents users from changing security zone settings. A security zone is a group of Web sites with the same security level. If you enable this policy, the Custom Level button and security-level slider on the Security tab in the Internet Options dialog box are disabled. @@ -4031,7 +4031,7 @@ Note: The "Disable the Security page" policy (located in \User Configuration\Adm Also, see the "Security zones: Use only machine settings" policy. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4039,14 +4039,14 @@ Also, see the "Security zones: Use only machine settings" policy. > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Security Zones: Do not allow users to change policies* - GP name: *Security_options_edit* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -4054,7 +4054,7 @@ ADMX Info: **InternetExplorer/DoNotBlockOutdatedActiveXControls** - + @@ -4076,8 +4076,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4086,8 +4086,8 @@ ADMX Info:
    - - + + This policy setting determines whether Internet Explorer blocks specific outdated ActiveX controls. Outdated ActiveX controls are never blocked in the Intranet Zone. If you enable this policy setting, Internet Explorer stops blocking outdated ActiveX controls. @@ -4096,7 +4096,7 @@ If you disable or don't configure this policy setting, Internet Explorer continu For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4104,14 +4104,14 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off blocking of outdated ActiveX controls for Internet Explorer* - GP name: *VerMgmtDisable* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* - +
    @@ -4119,7 +4119,7 @@ ADMX Info: **InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomains** - + @@ -4141,8 +4141,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4151,8 +4151,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage a list of domains on which Internet Explorer will stop blocking outdated ActiveX controls. Outdated ActiveX controls are never blocked in the Intranet Zone. If you enable this policy setting, you can enter a custom list of domains for which outdated ActiveX controls won't be blocked in Internet Explorer. Each domain entry must be formatted like one of the following: @@ -4165,7 +4165,7 @@ If you disable or don't configure this policy setting, the list is deleted and I For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4173,14 +4173,14 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains* - GP name: *VerMgmtDomainAllowlist* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* - +
    @@ -4188,7 +4188,7 @@ ADMX Info: **InternetExplorer/IncludeAllLocalSites** - + @@ -4210,8 +4210,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4220,8 +4220,8 @@ ADMX Info:
    - - + + This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone. If you enable this policy setting, local sites which are not explicitly mapped into a zone are considered to be in the Intranet Zone. @@ -4230,7 +4230,7 @@ If you disable this policy setting, local sites which are not explicitly mapped If you do not configure this policy setting, users choose whether to force local sites into the Intranet Zone. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4238,14 +4238,14 @@ If you do not configure this policy setting, users choose whether to force local > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Intranet Sites: Include all local (intranet) sites not listed in other zones* - GP name: *IZ_IncludeUnspecifiedLocalSites* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* - +
    @@ -4253,7 +4253,7 @@ ADMX Info: **InternetExplorer/IncludeAllNetworkPaths** - + @@ -4275,8 +4275,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4285,8 +4285,8 @@ ADMX Info:
    - - + + This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone. If you enable this policy setting, all network paths are mapped into the Intranet Zone. @@ -4295,7 +4295,7 @@ If you disable this policy setting, network paths are not necessarily mapped int If you do not configure this policy setting, users choose whether network paths are mapped into the Intranet Zone. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4303,14 +4303,14 @@ If you do not configure this policy setting, users choose whether network paths > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Intranet Sites: Include all network paths (UNCs)* - GP name: *IZ_UNCAsIntranet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page* - GP ADMX file name: *inetres.admx* - +
    @@ -4318,7 +4318,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowAccessToDataSources** - + @@ -4340,8 +4340,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4350,8 +4350,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -4360,7 +4360,7 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4368,14 +4368,14 @@ If you do not configure this policy setting, users cannot load a page in the zon > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -4383,7 +4383,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowAutomaticPromptingForActiveXControls** - + @@ -4405,8 +4405,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4415,8 +4415,8 @@ ADMX Info:
    - - + + This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. @@ -4425,7 +4425,7 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4433,14 +4433,14 @@ If you do not configure this policy setting, ActiveX control installations will > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -4448,7 +4448,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads** - + @@ -4470,8 +4470,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4480,15 +4480,15 @@ ADMX Info:
    - - + + This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. If you enable this setting, users will receive a file download dialog for automatic download attempts. If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4496,14 +4496,14 @@ If you disable or do not configure this setting, file downloads that are not use > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -4511,7 +4511,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowCopyPasteViaScript** - + @@ -4533,8 +4533,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4543,10 +4543,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4554,14 +4554,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow cut, copy or paste operations from the clipboard via script* - GP name: *IZ_PolicyAllowPasteViaScript_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -4569,7 +4569,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles** - + @@ -4591,8 +4591,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4601,10 +4601,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4612,14 +4612,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow drag and drop or copy and paste files* - GP name: *IZ_PolicyDropOrPasteFiles_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -4627,7 +4627,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowFontDownloads** - + @@ -4649,8 +4649,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4659,8 +4659,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download. @@ -4669,7 +4669,7 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4677,14 +4677,14 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -4692,7 +4692,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowLessPrivilegedSites** - + @@ -4714,8 +4714,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4724,8 +4724,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone. If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. @@ -4734,7 +4734,7 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4742,14 +4742,14 @@ If you do not configure this policy setting, Web sites from less privileged zone > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -4757,7 +4757,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles** - + @@ -4779,8 +4779,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4789,10 +4789,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4800,14 +4800,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow loading of XAML files* - GP name: *IZ_Policy_XAML_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -4815,7 +4815,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents** - + @@ -4837,8 +4837,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4847,8 +4847,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. @@ -4857,7 +4857,7 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will execute unsigned managed components. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4865,14 +4865,14 @@ If you do not configure this policy setting, Internet Explorer will execute unsi > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -4880,7 +4880,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls** - + @@ -4902,8 +4902,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4912,10 +4912,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4923,14 +4923,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow only approved domains to use ActiveX controls without prompt* - GP name: *IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -4938,7 +4938,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl** - + @@ -4960,8 +4960,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -4970,10 +4970,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -4981,14 +4981,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow only approved domains to use the TDC ActiveX control* - GP name: *IZ_PolicyAllowTDCControl_Both_Internet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -4996,7 +4996,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowScriptInitiatedWindows** - + @@ -5018,8 +5018,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5028,10 +5028,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5039,14 +5039,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow script-initiated windows without size or position constraints* - GP name: *IZ_PolicyWindowsRestrictionsURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5054,7 +5054,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls** - + @@ -5076,8 +5076,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5086,10 +5086,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5097,14 +5097,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow scripting of Internet Explorer WebBrowser controls* - GP name: *IZ_Policy_WebBrowserControl_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5112,7 +5112,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowScriptlets** - + @@ -5134,8 +5134,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5144,8 +5144,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run scriptlets. @@ -5154,7 +5154,7 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5162,14 +5162,14 @@ If you do not configure this policy setting, the user can enable or disable scri > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5177,7 +5177,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowSmartScreenIE** - + @@ -5199,8 +5199,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5209,8 +5209,8 @@ ADMX Info:
    - - + + This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. @@ -5221,7 +5221,7 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5229,14 +5229,14 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5244,7 +5244,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript** - + @@ -5266,8 +5266,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5276,10 +5276,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5287,14 +5287,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow updates to status bar via script* - GP name: *IZ_Policy_ScriptStatusBar_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5302,7 +5302,7 @@ ADMX Info: **InternetExplorer/InternetZoneAllowUserDataPersistence** - + @@ -5324,8 +5324,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5334,8 +5334,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -5344,7 +5344,7 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5352,14 +5352,14 @@ If you do not configure this policy setting, users can preserve information in t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5367,7 +5367,7 @@ ADMX Info: **InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls** - + @@ -5389,8 +5389,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5399,10 +5399,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5410,14 +5410,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5425,7 +5425,7 @@ ADMX Info: **InternetExplorer/InternetZoneDownloadSignedActiveXControls** - + @@ -5447,8 +5447,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5457,10 +5457,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5468,14 +5468,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Download signed ActiveX controls* - GP name: *IZ_PolicyDownloadSignedActiveX_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5483,7 +5483,7 @@ ADMX Info: **InternetExplorer/InternetZoneDownloadUnsignedActiveXControls** - + @@ -5505,8 +5505,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5515,10 +5515,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5526,14 +5526,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Download unsigned ActiveX controls* - GP name: *IZ_PolicyDownloadUnsignedActiveX_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5541,7 +5541,7 @@ ADMX Info: **InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter** - + @@ -5563,8 +5563,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5573,10 +5573,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5584,14 +5584,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on Cross-Site Scripting Filter* - GP name: *IZ_PolicyTurnOnXSSFilter_Both_Internet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5599,7 +5599,7 @@ ADMX Info: **InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows** - + @@ -5621,8 +5621,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5631,10 +5631,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5642,14 +5642,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Enable dragging of content from different domains across windows* - GP name: *IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5657,7 +5657,7 @@ ADMX Info: **InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows** - + @@ -5679,8 +5679,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5689,10 +5689,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5700,14 +5700,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Enable dragging of content from different domains within a window* - GP name: *IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5715,7 +5715,7 @@ ADMX Info: **InternetExplorer/InternetZoneEnableMIMESniffing** - + @@ -5737,8 +5737,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5747,10 +5747,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5758,14 +5758,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Enable MIME Sniffing* - GP name: *IZ_PolicyMimeSniffingURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5773,7 +5773,7 @@ ADMX Info: **InternetExplorer/InternetZoneEnableProtectedMode** - + @@ -5795,8 +5795,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5805,10 +5805,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5816,14 +5816,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on Protected Mode* - GP name: *IZ_Policy_TurnOnProtectedMode_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5831,7 +5831,7 @@ ADMX Info: **InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer** - + @@ -5853,8 +5853,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5863,10 +5863,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5874,14 +5874,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Include local path when user is uploading files to a server* - GP name: *IZ_Policy_LocalPathForUpload_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5889,7 +5889,7 @@ ADMX Info: **InternetExplorer/InternetZoneInitializeAndScriptActiveXControls** - + @@ -5911,8 +5911,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -5921,8 +5921,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. @@ -5933,7 +5933,7 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -5941,14 +5941,14 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -5956,7 +5956,7 @@ ADMX Info: **InternetExplorer/InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe** - + @@ -5978,10 +5978,10 @@ ADMX Info:
    Home
    - - + + - +
    @@ -5989,7 +5989,7 @@ ADMX Info: **InternetExplorer/InternetZoneJavaPermissions** - + @@ -6011,8 +6011,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6021,10 +6021,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6032,14 +6032,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6047,7 +6047,7 @@ ADMX Info: **InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME** - + @@ -6069,8 +6069,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6079,10 +6079,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6090,14 +6090,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Launching applications and files in an IFRAME* - GP name: *IZ_PolicyLaunchAppsAndFilesInIFRAME_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6105,7 +6105,7 @@ ADMX Info: **InternetExplorer/InternetZoneLogonOptions** - + @@ -6127,8 +6127,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6137,10 +6137,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6148,14 +6148,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Logon options* - GP name: *IZ_PolicyLogon_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6163,7 +6163,7 @@ ADMX Info: **InternetExplorer/InternetZoneNavigateWindowsAndFrames** - + @@ -6185,8 +6185,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6195,8 +6195,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. @@ -6205,7 +6205,7 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6213,14 +6213,14 @@ If you do not configure this policy setting, users can open windows and frames f > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6228,7 +6228,7 @@ ADMX Info: **InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode** - + @@ -6250,8 +6250,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6260,10 +6260,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6271,14 +6271,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Run .NET Framework-reliant components signed with Authenticode* - GP name: *IZ_PolicySignedFrameworkComponentsURLaction_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6286,7 +6286,7 @@ ADMX Info: **InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles** - + @@ -6308,8 +6308,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6318,10 +6318,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6329,14 +6329,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Show security warning for potentially unsafe files* - GP name: *IZ_Policy_UnsafeFiles_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6344,7 +6344,7 @@ ADMX Info: **InternetExplorer/InternetZoneUsePopupBlocker** - + @@ -6366,8 +6366,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6376,10 +6376,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6387,14 +6387,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Use Pop-up Blocker* - GP name: *IZ_PolicyBlockPopupWindows_1* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6402,7 +6402,7 @@ ADMX Info: **InternetExplorer/IntranetZoneAllowAccessToDataSources** - + @@ -6424,8 +6424,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6434,8 +6434,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -6444,7 +6444,7 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6452,14 +6452,14 @@ If you do not configure this policy setting, users are queried to choose whether > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6467,7 +6467,7 @@ ADMX Info: **InternetExplorer/IntranetZoneAllowAutomaticPromptingForActiveXControls** - + @@ -6489,8 +6489,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6499,8 +6499,8 @@ ADMX Info:
    - - + + This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. @@ -6509,7 +6509,7 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6517,14 +6517,14 @@ If you do not configure this policy setting, users will receive a prompt when a > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6532,7 +6532,7 @@ ADMX Info: **InternetExplorer/IntranetZoneAllowAutomaticPromptingForFileDownloads** - + @@ -6554,8 +6554,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6564,15 +6564,15 @@ ADMX Info:
    - - + + This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. If you enable this setting, users will receive a file download dialog for automatic download attempts. If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6580,14 +6580,14 @@ If you disable or do not configure this setting, users will receive a file downl > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6595,7 +6595,7 @@ ADMX Info: **InternetExplorer/IntranetZoneAllowFontDownloads** - + @@ -6617,8 +6617,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6627,8 +6627,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download. @@ -6637,7 +6637,7 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6645,14 +6645,14 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6660,7 +6660,7 @@ ADMX Info: **InternetExplorer/IntranetZoneAllowLessPrivilegedSites** - + @@ -6682,8 +6682,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6692,8 +6692,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone. If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. @@ -6702,7 +6702,7 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6710,14 +6710,14 @@ If you do not configure this policy setting, Web sites from less privileged zone > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6725,7 +6725,7 @@ ADMX Info: **InternetExplorer/IntranetZoneAllowNETFrameworkReliantComponents** - + @@ -6747,8 +6747,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6757,8 +6757,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. @@ -6767,7 +6767,7 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will execute unsigned managed components. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6775,14 +6775,14 @@ If you do not configure this policy setting, Internet Explorer will execute unsi > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6790,7 +6790,7 @@ ADMX Info: **InternetExplorer/IntranetZoneAllowScriptlets** - + @@ -6812,8 +6812,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6822,8 +6822,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run scriptlets. @@ -6832,7 +6832,7 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6840,14 +6840,14 @@ If you do not configure this policy setting, the user can enable or disable scri > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6855,7 +6855,7 @@ ADMX Info: **InternetExplorer/IntranetZoneAllowSmartScreenIE** - + @@ -6877,8 +6877,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6887,8 +6887,8 @@ ADMX Info:
    - - + + This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. @@ -6899,7 +6899,7 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6907,14 +6907,14 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6922,7 +6922,7 @@ ADMX Info: **InternetExplorer/IntranetZoneAllowUserDataPersistence** - + @@ -6944,8 +6944,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -6954,8 +6954,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -6964,7 +6964,7 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -6972,14 +6972,14 @@ If you do not configure this policy setting, users can preserve information in t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -6987,7 +6987,7 @@ ADMX Info: **InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls** - + @@ -7009,8 +7009,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7019,10 +7019,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7030,14 +7030,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -7045,7 +7045,7 @@ ADMX Info: **InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls** - + @@ -7067,8 +7067,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7077,8 +7077,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. @@ -7089,7 +7089,7 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7097,14 +7097,14 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -7112,7 +7112,7 @@ ADMX Info: **InternetExplorer/IntranetZoneJavaPermissions** - + @@ -7134,8 +7134,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7144,10 +7144,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7155,14 +7155,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -7170,7 +7170,7 @@ ADMX Info: **InternetExplorer/IntranetZoneNavigateWindowsAndFrames** - + @@ -7192,8 +7192,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7202,8 +7202,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. @@ -7212,7 +7212,7 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7220,14 +7220,14 @@ If you do not configure this policy setting, users can open windows and frames f > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_3* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -7235,7 +7235,7 @@ ADMX Info: **InternetExplorer/LocalMachineZoneAllowAccessToDataSources** - + @@ -7257,8 +7257,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7267,8 +7267,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -7277,7 +7277,7 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7285,14 +7285,14 @@ If you do not configure this policy setting, users can load a page in the zone t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -7300,7 +7300,7 @@ ADMX Info: **InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForActiveXControls** - + @@ -7322,8 +7322,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7332,8 +7332,8 @@ ADMX Info:
    - - + + This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. @@ -7342,7 +7342,7 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7350,14 +7350,14 @@ If you do not configure this policy setting, users will receive a prompt when a > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -7365,7 +7365,7 @@ ADMX Info: **InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForFileDownloads** - + @@ -7387,8 +7387,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7397,15 +7397,15 @@ ADMX Info:
    - - + + This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. If you enable this setting, users will receive a file download dialog for automatic download attempts. If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7413,14 +7413,14 @@ If you disable or do not configure this setting, users will receive a file downl > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -7428,7 +7428,7 @@ ADMX Info: **InternetExplorer/LocalMachineZoneAllowFontDownloads** - + @@ -7450,8 +7450,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7460,8 +7460,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download. @@ -7470,7 +7470,7 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7478,14 +7478,14 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -7493,7 +7493,7 @@ ADMX Info: **InternetExplorer/LocalMachineZoneAllowLessPrivilegedSites** - + @@ -7515,8 +7515,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7525,8 +7525,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. @@ -7535,7 +7535,7 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7543,14 +7543,14 @@ If you do not configure this policy setting, the possibly harmful navigations ar > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -7558,7 +7558,7 @@ ADMX Info: **InternetExplorer/LocalMachineZoneAllowNETFrameworkReliantComponents** - + @@ -7580,8 +7580,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7590,8 +7590,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. @@ -7600,7 +7600,7 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7608,14 +7608,14 @@ If you do not configure this policy setting, Internet Explorer will not execute > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -7623,7 +7623,7 @@ ADMX Info: **InternetExplorer/LocalMachineZoneAllowScriptlets** - + @@ -7645,8 +7645,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7655,8 +7655,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run scriptlets. @@ -7665,7 +7665,7 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7673,14 +7673,14 @@ If you do not configure this policy setting, the user can enable or disable scri > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -7688,7 +7688,7 @@ ADMX Info: **InternetExplorer/LocalMachineZoneAllowSmartScreenIE** - + @@ -7710,8 +7710,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7720,8 +7720,8 @@ ADMX Info:
    - - + + This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. @@ -7732,7 +7732,7 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7740,14 +7740,14 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -7755,7 +7755,7 @@ ADMX Info: **InternetExplorer/LocalMachineZoneAllowUserDataPersistence** - + @@ -7777,8 +7777,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7787,8 +7787,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -7797,7 +7797,7 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7805,14 +7805,14 @@ If you do not configure this policy setting, users can preserve information in t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -7820,7 +7820,7 @@ ADMX Info: **InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls** - + @@ -7842,8 +7842,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7852,10 +7852,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7863,14 +7863,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -7878,7 +7878,7 @@ ADMX Info: **InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls** - + @@ -7900,8 +7900,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7910,8 +7910,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. @@ -7922,7 +7922,7 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7930,14 +7930,14 @@ If you do not configure this policy setting, users are queried whether to allow > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -7945,7 +7945,7 @@ ADMX Info: **InternetExplorer/LocalMachineZoneJavaPermissions** - + @@ -7967,8 +7967,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -7977,10 +7977,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -7988,14 +7988,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8003,7 +8003,7 @@ ADMX Info: **InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames** - + @@ -8025,8 +8025,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -8035,8 +8035,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. @@ -8045,7 +8045,7 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8053,14 +8053,14 @@ If you do not configure this policy setting, users can open windows and frames f > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_9* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8068,7 +8068,7 @@ ADMX Info: **InternetExplorer/LockedDownInternetZoneAllowAccessToDataSources** - + @@ -8090,8 +8090,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -8100,8 +8100,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -8110,7 +8110,7 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8118,14 +8118,14 @@ If you do not configure this policy setting, users cannot load a page in the zon > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8133,7 +8133,7 @@ ADMX Info: **InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls** - + @@ -8155,8 +8155,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -8165,8 +8165,8 @@ ADMX Info:
    - - + + This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. @@ -8175,7 +8175,7 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8183,14 +8183,14 @@ If you do not configure this policy setting, ActiveX control installations will > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8198,7 +8198,7 @@ ADMX Info: **InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads** - + @@ -8220,8 +8220,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -8230,15 +8230,15 @@ ADMX Info:
    - - + + This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. If you enable this setting, users will receive a file download dialog for automatic download attempts. If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8246,14 +8246,14 @@ If you disable or do not configure this setting, file downloads that are not use > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8261,7 +8261,7 @@ ADMX Info: **InternetExplorer/LockedDownInternetZoneAllowFontDownloads** - + @@ -8283,8 +8283,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -8293,8 +8293,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download. @@ -8303,7 +8303,7 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8311,14 +8311,14 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8326,7 +8326,7 @@ ADMX Info: **InternetExplorer/LockedDownInternetZoneAllowLessPrivilegedSites** - + @@ -8348,8 +8348,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -8358,8 +8358,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. @@ -8368,7 +8368,7 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8376,14 +8376,14 @@ If you do not configure this policy setting, the possibly harmful navigations ar > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8391,7 +8391,7 @@ ADMX Info: **InternetExplorer/LockedDownInternetZoneAllowNETFrameworkReliantComponents** - + @@ -8413,8 +8413,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -8423,8 +8423,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. @@ -8433,7 +8433,7 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8441,14 +8441,14 @@ If you do not configure this policy setting, Internet Explorer will not execute > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8456,7 +8456,7 @@ ADMX Info: **InternetExplorer/LockedDownInternetZoneAllowScriptlets** - + @@ -8478,8 +8478,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -8488,8 +8488,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run scriptlets. @@ -8498,7 +8498,7 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8506,14 +8506,14 @@ If you do not configure this policy setting, the user can enable or disable scri > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8521,7 +8521,7 @@ ADMX Info: **InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE** - + @@ -8543,8 +8543,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -8553,8 +8553,8 @@ ADMX Info:
    - - + + This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. @@ -8565,7 +8565,7 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8573,14 +8573,14 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8588,7 +8588,7 @@ ADMX Info: **InternetExplorer/LockedDownInternetZoneAllowUserDataPersistence** - + @@ -8610,8 +8610,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -8620,8 +8620,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -8630,7 +8630,7 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8638,14 +8638,14 @@ If you do not configure this policy setting, users can preserve information in t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8653,7 +8653,7 @@ ADMX Info: **InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls** - + @@ -8675,8 +8675,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -8685,8 +8685,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. @@ -8697,7 +8697,7 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8705,14 +8705,14 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8720,7 +8720,7 @@ ADMX Info: **InternetExplorer/LockedDownInternetZoneJavaPermissions** - + @@ -8742,8 +8742,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -8752,10 +8752,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8763,14 +8763,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8778,7 +8778,7 @@ ADMX Info: **InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames** - + @@ -8800,8 +8800,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -8810,8 +8810,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. @@ -8820,7 +8820,7 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8828,14 +8828,14 @@ If you do not configure this policy setting, users can open windows and frames f > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_2* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8843,7 +8843,7 @@ ADMX Info: **InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources** - + @@ -8865,8 +8865,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -8875,8 +8875,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -8885,7 +8885,7 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8893,14 +8893,14 @@ If you do not configure this policy setting, users are queried to choose whether > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8908,7 +8908,7 @@ ADMX Info: **InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls** - + @@ -8930,8 +8930,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -8940,8 +8940,8 @@ ADMX Info:
    - - + + This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. @@ -8950,7 +8950,7 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -8958,14 +8958,14 @@ If you do not configure this policy setting, ActiveX control installations will > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -8973,7 +8973,7 @@ ADMX Info: **InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads** - + @@ -8995,8 +8995,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9005,15 +9005,15 @@ ADMX Info:
    - - + + This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. If you enable this setting, users will receive a file download dialog for automatic download attempts. If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9021,14 +9021,14 @@ If you disable or do not configure this setting, file downloads that are not use > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -9036,7 +9036,7 @@ ADMX Info: **InternetExplorer/LockedDownIntranetZoneAllowFontDownloads** - + @@ -9058,8 +9058,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9068,8 +9068,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download. @@ -9078,7 +9078,7 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9086,14 +9086,14 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -9101,7 +9101,7 @@ ADMX Info: **InternetExplorer/LockedDownIntranetZoneAllowLessPrivilegedSites** - + @@ -9123,8 +9123,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9133,8 +9133,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. @@ -9143,7 +9143,7 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9151,14 +9151,14 @@ If you do not configure this policy setting, the possibly harmful navigations ar > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -9166,7 +9166,7 @@ ADMX Info: **InternetExplorer/LockedDownIntranetZoneAllowNETFrameworkReliantComponents** - + @@ -9188,8 +9188,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9198,8 +9198,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. @@ -9208,7 +9208,7 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9216,14 +9216,14 @@ If you do not configure this policy setting, Internet Explorer will not execute > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -9231,7 +9231,7 @@ ADMX Info: **InternetExplorer/LockedDownIntranetZoneAllowScriptlets** - + @@ -9253,8 +9253,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9263,8 +9263,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run scriptlets. @@ -9273,7 +9273,7 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9281,14 +9281,14 @@ If you do not configure this policy setting, the user can enable or disable scri > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -9296,7 +9296,7 @@ ADMX Info: **InternetExplorer/LockedDownIntranetZoneAllowSmartScreenIE** - + @@ -9318,8 +9318,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9328,8 +9328,8 @@ ADMX Info:
    - - + + This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. @@ -9340,7 +9340,7 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9348,14 +9348,14 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -9363,7 +9363,7 @@ ADMX Info: **InternetExplorer/LockedDownIntranetZoneAllowUserDataPersistence** - + @@ -9385,8 +9385,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9395,8 +9395,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -9405,7 +9405,7 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9413,14 +9413,14 @@ If you do not configure this policy setting, users can preserve information in t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -9428,7 +9428,7 @@ ADMX Info: **InternetExplorer/LockedDownIntranetZoneInitializeAndScriptActiveXControls** - + @@ -9450,8 +9450,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9460,8 +9460,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. @@ -9472,7 +9472,7 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9480,14 +9480,14 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -9495,7 +9495,7 @@ ADMX Info: **InternetExplorer/LockedDownIntranetZoneNavigateWindowsAndFrames** - + @@ -9517,8 +9517,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9527,8 +9527,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. @@ -9537,7 +9537,7 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9545,14 +9545,14 @@ If you do not configure this policy setting, users can open windows and frames f > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_4* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -9560,7 +9560,7 @@ ADMX Info: **InternetExplorer/LockedDownLocalMachineZoneAllowAccessToDataSources** - + @@ -9582,8 +9582,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9592,8 +9592,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -9602,7 +9602,7 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9610,14 +9610,14 @@ If you do not configure this policy setting, users can load a page in the zone t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -9625,7 +9625,7 @@ ADMX Info: **InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls** - + @@ -9647,8 +9647,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9657,8 +9657,8 @@ ADMX Info:
    - - + + This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. @@ -9667,7 +9667,7 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9675,14 +9675,14 @@ If you do not configure this policy setting, ActiveX control installations will > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -9690,7 +9690,7 @@ ADMX Info: **InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads** - + @@ -9712,8 +9712,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9722,15 +9722,15 @@ ADMX Info:
    - - + + This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. If you enable this setting, users will receive a file download dialog for automatic download attempts. If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9738,14 +9738,14 @@ If you disable or do not configure this setting, file downloads that are not use > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -9753,7 +9753,7 @@ ADMX Info: **InternetExplorer/LockedDownLocalMachineZoneAllowFontDownloads** - + @@ -9775,8 +9775,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9785,8 +9785,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download. @@ -9795,7 +9795,7 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9803,14 +9803,14 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -9818,7 +9818,7 @@ ADMX Info: **InternetExplorer/LockedDownLocalMachineZoneAllowLessPrivilegedSites** - + @@ -9840,8 +9840,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9850,8 +9850,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. @@ -9860,7 +9860,7 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9868,14 +9868,14 @@ If you do not configure this policy setting, the possibly harmful navigations ar > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -9883,7 +9883,7 @@ ADMX Info: **InternetExplorer/LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents** - + @@ -9905,8 +9905,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9915,8 +9915,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. @@ -9925,7 +9925,7 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9933,14 +9933,14 @@ If you do not configure this policy setting, Internet Explorer will not execute > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -9948,7 +9948,7 @@ ADMX Info: **InternetExplorer/LockedDownLocalMachineZoneAllowScriptlets** - + @@ -9970,8 +9970,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -9980,8 +9980,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run scriptlets. @@ -9990,7 +9990,7 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -9998,14 +9998,14 @@ If you do not configure this policy setting, the user can enable or disable scri > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10013,7 +10013,7 @@ ADMX Info: **InternetExplorer/LockedDownLocalMachineZoneAllowSmartScreenIE** - + @@ -10035,8 +10035,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -10045,8 +10045,8 @@ ADMX Info:
    - - + + This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. @@ -10057,7 +10057,7 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10065,14 +10065,14 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10080,7 +10080,7 @@ ADMX Info: **InternetExplorer/LockedDownLocalMachineZoneAllowUserDataPersistence** - + @@ -10102,8 +10102,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -10112,8 +10112,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -10122,7 +10122,7 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10130,14 +10130,14 @@ If you do not configure this policy setting, users can preserve information in t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10145,7 +10145,7 @@ ADMX Info: **InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls** - + @@ -10167,8 +10167,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -10177,8 +10177,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. @@ -10189,7 +10189,7 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10197,14 +10197,14 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10212,7 +10212,7 @@ ADMX Info: **InternetExplorer/LockedDownLocalMachineZoneJavaPermissions** - + @@ -10234,8 +10234,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -10244,10 +10244,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10255,14 +10255,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10270,7 +10270,7 @@ ADMX Info: **InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames** - + @@ -10292,8 +10292,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -10302,8 +10302,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. @@ -10312,7 +10312,7 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10320,14 +10320,14 @@ If you do not configure this policy setting, users can open windows and frames f > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_10* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10335,7 +10335,7 @@ ADMX Info: **InternetExplorer/LockedDownRestrictedSitesZoneAllowAccessToDataSources** - + @@ -10357,8 +10357,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -10367,8 +10367,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -10377,7 +10377,7 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10385,14 +10385,14 @@ If you do not configure this policy setting, users cannot load a page in the zon > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10400,7 +10400,7 @@ ADMX Info: **InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls** - + @@ -10422,8 +10422,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -10432,8 +10432,8 @@ ADMX Info:
    - - + + This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. @@ -10442,7 +10442,7 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10450,14 +10450,14 @@ If you do not configure this policy setting, ActiveX control installations will > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10465,7 +10465,7 @@ ADMX Info: **InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads** - + @@ -10487,8 +10487,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -10497,15 +10497,15 @@ ADMX Info:
    - - + + This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. If you enable this setting, users will receive a file download dialog for automatic download attempts. If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10513,14 +10513,14 @@ If you disable or do not configure this setting, file downloads that are not use > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10528,7 +10528,7 @@ ADMX Info: **InternetExplorer/LockedDownRestrictedSitesZoneAllowFontDownloads** - + @@ -10550,8 +10550,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -10560,8 +10560,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download. @@ -10570,7 +10570,7 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, users are queried whether to allow HTML fonts to download. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10578,14 +10578,14 @@ If you do not configure this policy setting, users are queried whether to allow > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10593,7 +10593,7 @@ ADMX Info: **InternetExplorer/LockedDownRestrictedSitesZoneAllowLessPrivilegedSites** - + @@ -10615,8 +10615,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -10625,8 +10625,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. @@ -10635,7 +10635,7 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10643,14 +10643,14 @@ If you do not configure this policy setting, the possibly harmful navigations ar > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10658,7 +10658,7 @@ ADMX Info: **InternetExplorer/LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents** - + @@ -10680,8 +10680,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -10690,8 +10690,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. @@ -10700,7 +10700,7 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10708,14 +10708,14 @@ If you do not configure this policy setting, Internet Explorer will not execute > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10723,7 +10723,7 @@ ADMX Info: **InternetExplorer/LockedDownRestrictedSitesZoneAllowScriptlets** - + @@ -10745,8 +10745,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -10755,8 +10755,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run scriptlets. @@ -10765,7 +10765,7 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10773,14 +10773,14 @@ If you do not configure this policy setting, the user can enable or disable scri > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10788,7 +10788,7 @@ ADMX Info: **InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE** - + @@ -10810,8 +10810,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -10820,8 +10820,8 @@ ADMX Info:
    - - + + This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. @@ -10832,7 +10832,7 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10840,14 +10840,14 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10855,7 +10855,7 @@ ADMX Info: **InternetExplorer/LockedDownRestrictedSitesZoneAllowUserDataPersistence** - + @@ -10877,8 +10877,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -10887,8 +10887,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -10897,7 +10897,7 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10905,14 +10905,14 @@ If you do not configure this policy setting, users cannot preserve information i > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10920,7 +10920,7 @@ ADMX Info: **InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls** - + @@ -10942,8 +10942,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -10952,8 +10952,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. @@ -10964,7 +10964,7 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -10972,14 +10972,14 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -10987,7 +10987,7 @@ ADMX Info: **InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions** - + @@ -11009,8 +11009,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11019,10 +11019,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11030,14 +11030,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -11045,7 +11045,7 @@ ADMX Info: **InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames** - + @@ -11067,8 +11067,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11077,8 +11077,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. If you enable this policy setting, users can open additional windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional windows and frames to access applications from other domains. @@ -11087,7 +11087,7 @@ If you disable this policy setting, users cannot open other windows and frames f If you do not configure this policy setting, users cannot open other windows and frames from different domains or access applications from different domains. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11095,14 +11095,14 @@ If you do not configure this policy setting, users cannot open other windows and > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_8* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -11110,7 +11110,7 @@ ADMX Info: **InternetExplorer/LockedDownTrustedSitesZoneAllowAccessToDataSources** - + @@ -11132,8 +11132,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11142,8 +11142,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -11152,7 +11152,7 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11160,14 +11160,14 @@ If you do not configure this policy setting, users can load a page in the zone t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -11175,7 +11175,7 @@ ADMX Info: **InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls** - + @@ -11197,8 +11197,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11207,8 +11207,8 @@ ADMX Info:
    - - + + This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. @@ -11217,7 +11217,7 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11225,14 +11225,14 @@ If you do not configure this policy setting, ActiveX control installations will > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -11240,7 +11240,7 @@ ADMX Info: **InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads** - + @@ -11262,8 +11262,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11272,15 +11272,15 @@ ADMX Info:
    - - + + This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. If you enable this setting, users will receive a file download dialog for automatic download attempts. If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11288,14 +11288,14 @@ If you disable or do not configure this setting, file downloads that are not use > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -11303,7 +11303,7 @@ ADMX Info: **InternetExplorer/LockedDownTrustedSitesZoneAllowFontDownloads** - + @@ -11325,8 +11325,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11335,8 +11335,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download. @@ -11345,7 +11345,7 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11353,14 +11353,14 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -11368,7 +11368,7 @@ ADMX Info: **InternetExplorer/LockedDownTrustedSitesZoneAllowLessPrivilegedSites** - + @@ -11390,8 +11390,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11400,8 +11400,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. @@ -11410,7 +11410,7 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11418,14 +11418,14 @@ If you do not configure this policy setting, the possibly harmful navigations ar > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -11433,7 +11433,7 @@ ADMX Info: **InternetExplorer/LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents** - + @@ -11455,8 +11455,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11465,8 +11465,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. @@ -11475,7 +11475,7 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11483,14 +11483,14 @@ If you do not configure this policy setting, Internet Explorer will not execute > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -11498,7 +11498,7 @@ ADMX Info: **InternetExplorer/LockedDownTrustedSitesZoneAllowScriptlets** - + @@ -11520,8 +11520,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11530,8 +11530,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run scriptlets. @@ -11540,7 +11540,7 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11548,14 +11548,14 @@ If you do not configure this policy setting, the user can enable or disable scri > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -11563,7 +11563,7 @@ ADMX Info: **InternetExplorer/LockedDownTrustedSitesZoneAllowSmartScreenIE** - + @@ -11585,8 +11585,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11595,8 +11595,8 @@ ADMX Info:
    - - + + This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. @@ -11607,7 +11607,7 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11615,14 +11615,14 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -11630,7 +11630,7 @@ ADMX Info: **InternetExplorer/LockedDownTrustedSitesZoneAllowUserDataPersistence** - + @@ -11652,8 +11652,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11662,8 +11662,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -11672,7 +11672,7 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11680,14 +11680,14 @@ If you do not configure this policy setting, users can preserve information in t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -11695,7 +11695,7 @@ ADMX Info: **InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls** - + @@ -11717,8 +11717,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11727,8 +11727,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. @@ -11739,7 +11739,7 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11747,14 +11747,14 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -11762,7 +11762,7 @@ ADMX Info: **InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions** - + @@ -11784,8 +11784,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11794,10 +11794,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11805,14 +11805,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -11820,7 +11820,7 @@ ADMX Info: **InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames** - + @@ -11842,8 +11842,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11852,8 +11852,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. @@ -11862,7 +11862,7 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11870,14 +11870,14 @@ If you do not configure this policy setting, users can open windows and frames f > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_6* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -11885,7 +11885,7 @@ ADMX Info: **InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses** - + @@ -11907,8 +11907,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11917,10 +11917,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11928,14 +11928,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_3* - GP path: *Windows Components/Internet Explorer/Security Features/MK Protocol Security Restriction* - GP ADMX file name: *inetres.admx* - +
    @@ -11943,7 +11943,7 @@ ADMX Info: **InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses** - + @@ -11965,8 +11965,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -11975,10 +11975,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -11986,14 +11986,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_6* - GP path: *Windows Components/Internet Explorer/Security Features/Mime Sniffing Safety Feature* - GP ADMX file name: *inetres.admx* - +
    @@ -12001,7 +12001,7 @@ ADMX Info: **InternetExplorer/NotificationBarInternetExplorerProcesses** - + @@ -12023,8 +12023,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12033,10 +12033,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12044,14 +12044,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Internet Explorer Processes* - GP name: *IESF_PolicyExplorerProcesses_10* - GP path: *Windows Components/Internet Explorer/Security Features/Notification bar* - GP ADMX file name: *inetres.admx* - +
    @@ -12059,7 +12059,7 @@ ADMX Info: **InternetExplorer/PreventManagingSmartScreenFilter** - + @@ -12081,8 +12081,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12091,10 +12091,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12102,14 +12102,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prevent managing SmartScreen Filter* - GP name: *Disable_Managing_Safety_Filter_IE9* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -12117,7 +12117,7 @@ ADMX Info: **InternetExplorer/PreventPerUserInstallationOfActiveXControls** - + @@ -12139,8 +12139,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12149,10 +12149,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12160,14 +12160,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Prevent per-user installation of ActiveX controls* - GP name: *DisablePerUserActiveXInstall* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -12175,7 +12175,7 @@ ADMX Info: **InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses** - + @@ -12197,8 +12197,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12207,10 +12207,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12218,14 +12218,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *All Processes* - GP name: *IESF_PolicyAllProcesses_9* - GP path: *Windows Components/Internet Explorer/Security Features/Protection From Zone Elevation* - GP ADMX file name: *inetres.admx* - +
    @@ -12233,7 +12233,7 @@ ADMX Info: **InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls** - + @@ -12255,8 +12255,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12265,10 +12265,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12276,14 +12276,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Remove "Run this time" button for outdated ActiveX controls in Internet Explorer * - GP name: *VerMgmtDisableRunThisTime* - GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* - GP ADMX file name: *inetres.admx* - +
    @@ -12291,7 +12291,7 @@ ADMX Info: **InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses** - + @@ -12313,8 +12313,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12323,10 +12323,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12334,14 +12334,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *All Processes* - GP name: *IESF_PolicyAllProcesses_11* - GP path: *Windows Components/Internet Explorer/Security Features/Restrict ActiveX Install* - GP ADMX file name: *inetres.admx* - +
    @@ -12349,7 +12349,7 @@ ADMX Info: **InternetExplorer/RestrictFileDownloadInternetExplorerProcesses** - + @@ -12371,8 +12371,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12381,10 +12381,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12392,14 +12392,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *All Processes* - GP name: *IESF_PolicyAllProcesses_12* - GP path: *Windows Components/Internet Explorer/Security Features/Restrict File Download* - GP ADMX file name: *inetres.admx* - +
    @@ -12407,7 +12407,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources** - + @@ -12429,8 +12429,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12439,8 +12439,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -12449,7 +12449,7 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12457,14 +12457,14 @@ If you do not configure this policy setting, users cannot load a page in the zon > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -12472,7 +12472,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowActiveScripting** - + @@ -12494,8 +12494,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12504,10 +12504,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12515,14 +12515,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow active scripting* - GP name: *IZ_PolicyActiveScripting_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -12530,7 +12530,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls** - + @@ -12552,8 +12552,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12562,8 +12562,8 @@ ADMX Info:
    - - + + This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. @@ -12572,7 +12572,7 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12580,14 +12580,14 @@ If you do not configure this policy setting, ActiveX control installations will > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -12595,7 +12595,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads** - + @@ -12617,8 +12617,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12627,15 +12627,15 @@ ADMX Info:
    - - + + This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. If you enable this setting, users will receive a file download dialog for automatic download attempts. If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12643,14 +12643,14 @@ If you disable or do not configure this setting, file downloads that are not use > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -12658,7 +12658,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors** - + @@ -12680,8 +12680,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12690,10 +12690,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12701,14 +12701,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow binary and script behaviors* - GP name: *IZ_PolicyBinaryBehaviors_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -12716,7 +12716,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript** - + @@ -12738,8 +12738,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12748,10 +12748,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12759,14 +12759,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow cut, copy or paste operations from the clipboard via script* - GP name: *IZ_PolicyAllowPasteViaScript_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -12774,7 +12774,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles** - + @@ -12796,8 +12796,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12806,10 +12806,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12817,14 +12817,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow drag and drop or copy and paste files* - GP name: *IZ_PolicyDropOrPasteFiles_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -12832,7 +12832,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowFileDownloads** - + @@ -12854,8 +12854,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12864,10 +12864,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12875,14 +12875,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow file downloads* - GP name: *IZ_PolicyFileDownload_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -12890,7 +12890,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowFontDownloads** - + @@ -12912,8 +12912,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12922,8 +12922,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download. @@ -12932,7 +12932,7 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, users are queried whether to allow HTML fonts to download. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -12940,14 +12940,14 @@ If you do not configure this policy setting, users are queried whether to allow > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -12955,7 +12955,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites** - + @@ -12977,8 +12977,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -12987,8 +12987,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. @@ -12997,7 +12997,7 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13005,14 +13005,14 @@ If you do not configure this policy setting, the possibly harmful navigations ar > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13020,7 +13020,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles** - + @@ -13042,8 +13042,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13052,10 +13052,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13063,14 +13063,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow loading of XAML files* - GP name: *IZ_Policy_XAML_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13078,7 +13078,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH** - + @@ -13100,8 +13100,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13110,10 +13110,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13121,14 +13121,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow META REFRESH* - GP name: *IZ_PolicyAllowMETAREFRESH_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13136,7 +13136,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents** - + @@ -13158,8 +13158,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13168,8 +13168,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. @@ -13178,7 +13178,7 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13186,14 +13186,14 @@ If you do not configure this policy setting, Internet Explorer will not execute > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13201,7 +13201,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls** - + @@ -13223,8 +13223,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13233,10 +13233,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13244,14 +13244,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow only approved domains to use ActiveX controls without prompt* - GP name: *IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13259,7 +13259,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl** - + @@ -13281,8 +13281,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13291,10 +13291,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13302,14 +13302,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow only approved domains to use the TDC ActiveX control* - GP name: *IZ_PolicyAllowTDCControl_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13317,7 +13317,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows** - + @@ -13339,8 +13339,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13349,10 +13349,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13360,14 +13360,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow script-initiated windows without size or position constraints* - GP name: *IZ_PolicyWindowsRestrictionsURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13375,7 +13375,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls** - + @@ -13397,8 +13397,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13407,10 +13407,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13418,14 +13418,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow scripting of Internet Explorer WebBrowser controls* - GP name: *IZ_Policy_WebBrowserControl_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13433,7 +13433,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowScriptlets** - + @@ -13455,8 +13455,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13465,8 +13465,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run scriptlets. @@ -13475,7 +13475,7 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13483,14 +13483,14 @@ If you do not configure this policy setting, the user can enable or disable scri > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13498,7 +13498,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE** - + @@ -13520,8 +13520,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13530,8 +13530,8 @@ ADMX Info:
    - - + + This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. @@ -13542,7 +13542,7 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13550,14 +13550,14 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13565,7 +13565,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript** - + @@ -13587,8 +13587,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13597,10 +13597,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13608,14 +13608,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow updates to status bar via script* - GP name: *IZ_Policy_ScriptStatusBar_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13623,7 +13623,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence** - + @@ -13645,8 +13645,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13655,8 +13655,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -13665,7 +13665,7 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13673,14 +13673,14 @@ If you do not configure this policy setting, users cannot preserve information i > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13688,7 +13688,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls** - + @@ -13710,8 +13710,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13720,10 +13720,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13731,14 +13731,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13746,7 +13746,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls** - + @@ -13768,8 +13768,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13778,10 +13778,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13789,14 +13789,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Download signed ActiveX controls* - GP name: *IZ_PolicyDownloadSignedActiveX_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13804,7 +13804,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls** - + @@ -13826,8 +13826,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13836,10 +13836,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13847,14 +13847,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Download unsigned ActiveX controls* - GP name: *IZ_PolicyDownloadUnsignedActiveX_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13862,7 +13862,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter** - + @@ -13884,8 +13884,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13894,10 +13894,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13905,14 +13905,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on Cross-Site Scripting Filter* - GP name: *IZ_PolicyTurnOnXSSFilter_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13920,7 +13920,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows** - + @@ -13942,8 +13942,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -13952,10 +13952,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -13963,14 +13963,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Enable dragging of content from different domains across windows* - GP name: *IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -13978,7 +13978,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows** - + @@ -14000,8 +14000,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14010,10 +14010,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14021,14 +14021,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Enable dragging of content from different domains within a window* - GP name: *IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -14036,7 +14036,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneEnableMIMESniffing** - + @@ -14058,8 +14058,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14068,10 +14068,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14079,14 +14079,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Enable MIME Sniffing* - GP name: *IZ_PolicyMimeSniffingURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -14094,7 +14094,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer** - + @@ -14116,8 +14116,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14126,10 +14126,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14137,14 +14137,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Include local path when user is uploading files to a server* - GP name: *IZ_Policy_LocalPathForUpload_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -14152,7 +14152,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls** - + @@ -14174,8 +14174,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14184,8 +14184,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. @@ -14196,7 +14196,7 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14204,14 +14204,14 @@ If you do not configure this policy setting, ActiveX controls that cannot be mad > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -14219,7 +14219,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneJavaPermissions** - + @@ -14241,8 +14241,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14251,10 +14251,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14262,14 +14262,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -14277,7 +14277,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME** - + @@ -14299,8 +14299,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14309,10 +14309,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14320,14 +14320,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Launching applications and files in an IFRAME* - GP name: *IZ_PolicyLaunchAppsAndFilesInIFRAME_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -14335,7 +14335,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneLogonOptions** - + @@ -14357,8 +14357,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14367,10 +14367,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14378,14 +14378,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Logon options* - GP name: *IZ_PolicyLogon_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -14393,7 +14393,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames** - + @@ -14415,8 +14415,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14425,8 +14425,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. If you enable this policy setting, users can open additional windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional windows and frames to access applications from other domains. @@ -14435,7 +14435,7 @@ If you disable this policy setting, users cannot open other windows and frames f If you do not configure this policy setting, users cannot open other windows and frames from different domains or access applications from different domains. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14443,14 +14443,14 @@ If you do not configure this policy setting, users cannot open other windows and > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -14458,7 +14458,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins** - + @@ -14480,8 +14480,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14490,10 +14490,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14501,14 +14501,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Run ActiveX controls and plugins* - GP name: *IZ_PolicyRunActiveXControls_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -14516,7 +14516,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode** - + @@ -14538,8 +14538,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14548,10 +14548,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14559,14 +14559,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Run .NET Framework-reliant components signed with Authenticode* - GP name: *IZ_PolicySignedFrameworkComponentsURLaction_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -14574,7 +14574,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting** - + @@ -14596,8 +14596,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14606,10 +14606,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14617,14 +14617,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Script ActiveX controls marked safe for scripting* - GP name: *IZ_PolicyScriptActiveXMarkedSafe_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -14632,7 +14632,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets** - + @@ -14654,8 +14654,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14664,10 +14664,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14675,14 +14675,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Scripting of Java applets* - GP name: *IZ_PolicyScriptingOfJavaApplets_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -14690,7 +14690,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles** - + @@ -14712,8 +14712,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14722,10 +14722,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14733,14 +14733,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Show security warning for potentially unsafe files* - GP name: *IZ_Policy_UnsafeFiles_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -14748,7 +14748,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode** - + @@ -14770,8 +14770,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14780,10 +14780,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14791,14 +14791,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on Protected Mode* - GP name: *IZ_Policy_TurnOnProtectedMode_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -14806,7 +14806,7 @@ ADMX Info: **InternetExplorer/RestrictedSitesZoneUsePopupBlocker** - + @@ -14828,8 +14828,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14838,10 +14838,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14849,14 +14849,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Use Pop-up Blocker* - GP name: *IZ_PolicyBlockPopupWindows_7* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -14864,7 +14864,7 @@ ADMX Info: **InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses** - + @@ -14886,8 +14886,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14896,10 +14896,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14907,14 +14907,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *All Processes* - GP name: *IESF_PolicyAllProcesses_8* - GP path: *Windows Components/Internet Explorer/Security Features/Scripted Window Security Restrictions* - GP ADMX file name: *inetres.admx* - +
    @@ -14922,7 +14922,7 @@ ADMX Info: **InternetExplorer/SearchProviderList** - + @@ -14944,8 +14944,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -14954,15 +14954,15 @@ ADMX Info:
    - - + + This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally, search providers can be added from third-party toolbars or in Setup, but the user can also add them from a search provider's website. If you enable this policy setting, the user cannot configure the list of search providers on his or her computer, and any default providers installed do not appear (including providers installed from other applications). The only providers that appear are those in the list of policy keys for search providers. Note: This list can be created through a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers. If you disable or do not configure this policy setting, the user can configure his or her list of search providers. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -14970,14 +14970,14 @@ If you disable or do not configure this policy setting, the user can configure h > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Restrict search providers to a specific list* - GP name: *SpecificSearchProvider* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -14985,7 +14985,7 @@ ADMX Info: **InternetExplorer/SecurityZonesUseOnlyMachineSettings** - + @@ -15007,8 +15007,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -15016,10 +15016,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15027,14 +15027,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Security Zones: Use only machine settings * - GP name: *Security_HKLM_only* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -15042,7 +15042,7 @@ ADMX Info: **InternetExplorer/SpecifyUseOfActiveXInstallerService** - + @@ -15064,8 +15064,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -15074,10 +15074,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15085,14 +15085,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Specify use of ActiveX Installer Service for installation of ActiveX controls* - GP name: *OnlyUseAXISForActiveXInstall* - GP path: *Windows Components/Internet Explorer* - GP ADMX file name: *inetres.admx* - +
    @@ -15100,7 +15100,7 @@ ADMX Info: **InternetExplorer/TrustedSitesZoneAllowAccessToDataSources** - + @@ -15122,8 +15122,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -15132,8 +15132,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. @@ -15142,7 +15142,7 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15150,14 +15150,14 @@ If you do not configure this policy setting, users can load a page in the zone t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Access data sources across domains* - GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -15165,7 +15165,7 @@ ADMX Info: **InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForActiveXControls** - + @@ -15187,8 +15187,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -15197,8 +15197,8 @@ ADMX Info:
    - - + + This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. @@ -15207,7 +15207,7 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15215,14 +15215,14 @@ If you do not configure this policy setting, users will receive a prompt when a > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for ActiveX controls* - GP name: *IZ_PolicyNotificationBarActiveXURLaction_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -15230,7 +15230,7 @@ ADMX Info: **InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForFileDownloads** - + @@ -15252,8 +15252,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -15262,15 +15262,15 @@ ADMX Info:
    - - + + This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads. If you enable this setting, users will receive a file download dialog for automatic download attempts. If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15278,14 +15278,14 @@ If you disable or do not configure this setting, users will receive a file downl > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Automatic prompting for file downloads* - GP name: *IZ_PolicyNotificationBarDownloadURLaction_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -15293,7 +15293,7 @@ ADMX Info: **InternetExplorer/TrustedSitesZoneAllowFontDownloads** - + @@ -15315,8 +15315,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -15325,8 +15325,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download. @@ -15335,7 +15335,7 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15343,14 +15343,14 @@ If you do not configure this policy setting, HTML fonts can be downloaded automa > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow font downloads* - GP name: *IZ_PolicyFontDownload_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -15358,7 +15358,7 @@ ADMX Info: **InternetExplorer/TrustedSitesZoneAllowLessPrivilegedSites** - + @@ -15380,8 +15380,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -15390,8 +15390,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone. If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. @@ -15400,7 +15400,7 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, a warning is issued to the user that potentially risky navigation is about to occur. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15408,14 +15408,14 @@ If you do not configure this policy setting, a warning is issued to the user tha > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Web sites in less privileged Web content zones can navigate into this zone* - GP name: *IZ_PolicyZoneElevationURLaction_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -15423,7 +15423,7 @@ ADMX Info: **InternetExplorer/TrustedSitesZoneAllowNETFrameworkReliantComponents** - + @@ -15445,8 +15445,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -15455,8 +15455,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. @@ -15465,7 +15465,7 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will execute unsigned managed components. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15473,14 +15473,14 @@ If you do not configure this policy setting, Internet Explorer will execute unsi > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Run .NET Framework-reliant components not signed with Authenticode* - GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -15488,7 +15488,7 @@ ADMX Info: **InternetExplorer/TrustedSitesZoneAllowScriptlets** - + @@ -15510,8 +15510,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -15520,8 +15520,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run scriptlets. @@ -15530,7 +15530,7 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15538,14 +15538,14 @@ If you do not configure this policy setting, the user can enable or disable scri > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow scriptlets* - GP name: *IZ_Policy_AllowScriptlets_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -15553,7 +15553,7 @@ ADMX Info: **InternetExplorer/TrustedSitesZoneAllowSmartScreenIE** - + @@ -15575,8 +15575,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -15585,8 +15585,8 @@ ADMX Info:
    - - + + This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content. @@ -15597,7 +15597,7 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15605,14 +15605,14 @@ Note: In Internet Explorer 7, this policy setting controls whether Phishing Filt > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on SmartScreen Filter scan* - GP name: *IZ_Policy_Phishing_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -15620,7 +15620,7 @@ ADMX Info: **InternetExplorer/TrustedSitesZoneAllowUserDataPersistence** - + @@ -15642,8 +15642,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -15652,8 +15652,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured. If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. @@ -15662,7 +15662,7 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15670,14 +15670,14 @@ If you do not configure this policy setting, users can preserve information in t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -15685,7 +15685,7 @@ ADMX Info: **InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls** - + @@ -15707,8 +15707,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -15717,10 +15717,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15728,14 +15728,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Don't run antimalware programs against ActiveX controls* - GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -15743,7 +15743,7 @@ ADMX Info: **InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls** - + @@ -15765,8 +15765,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -15775,8 +15775,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option. @@ -15787,7 +15787,7 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15795,14 +15795,14 @@ If you do not configure this policy setting, users are queried whether to allow > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -15810,7 +15810,7 @@ ADMX Info: **InternetExplorer/TrustedSitesZoneJavaPermissions** - + @@ -15832,8 +15832,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -15842,10 +15842,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15853,14 +15853,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Java permissions* - GP name: *IZ_PolicyJavaPermissions_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    @@ -15868,7 +15868,7 @@ ADMX Info: **InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames** - + @@ -15890,8 +15890,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -15900,8 +15900,8 @@ ADMX Info:
    - - + + This policy setting allows you to manage the opening of windows and frames and access of applications across different domains. If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains. @@ -15910,7 +15910,7 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -15918,14 +15918,14 @@ If you do not configure this policy setting, users can open windows and frames f > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Navigate windows and frames across different domains* - GP name: *IZ_PolicyNavigateSubframesAcrossDomains_5* - GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone* - GP ADMX file name: *inetres.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md index 322d3801c4..66c8d28294 100644 --- a/windows/client-management/mdm/policy-csp-kerberos.md +++ b/windows/client-management/mdm/policy-csp-kerberos.md @@ -42,7 +42,7 @@ ms.date: 01/29/2018 **Kerberos/AllowForestSearchOrder** - + @@ -64,8 +64,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -73,15 +73,15 @@ ms.date: 01/29/2018
    - - + + This policy setting defines the list of trusting forests that the Kerberos client searches when attempting to resolve two-part service principal names (SPNs). If you enable this policy setting, the Kerberos client searches the forests in this list, if it is unable to resolve a two-part SPN. If a match is found, the Kerberos client requests a referral ticket to the appropriate domain. If you disable or do not configure this policy setting, the Kerberos client does not search the listed forests to resolve the SPN. If the Kerberos client is unable to resolve the SPN because the name is not found, NTLM authentication might be used. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -89,14 +89,14 @@ If you disable or do not configure this policy setting, the Kerberos client does > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Use forest search order* - GP name: *ForestSearch* - GP path: *System/Kerberos* - GP ADMX file name: *Kerberos.admx* - +
    @@ -104,7 +104,7 @@ ADMX Info: **Kerberos/KerberosClientSupportsClaimsCompoundArmor** - + @@ -126,8 +126,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -135,14 +135,14 @@ ADMX Info:
    - - + + This policy setting controls whether a device will request claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication with domains that support these features. If you enable this policy setting, the client computers will request claims, provide information required to create compounded authentication and armor Kerberos messages in domains which support claims and compound authentication for Dynamic Access Control and Kerberos armoring. If you disable or do not configure this policy setting, the client devices will not request claims, provide information required to create compounded authentication and armor Kerberos messages. Services hosted on the device will not be able to retrieve claims for clients using Kerberos protocol transition. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -150,14 +150,14 @@ If you disable or do not configure this policy setting, the client devices will > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Kerberos client support for claims, compound authentication and Kerberos armoring* - GP name: *EnableCbacAndArmor* - GP path: *System/Kerberos* - GP ADMX file name: *Kerberos.admx* - +
    @@ -165,7 +165,7 @@ ADMX Info: **Kerberos/RequireKerberosArmoring** - + @@ -187,8 +187,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -196,8 +196,8 @@ ADMX Info:
    - - + + This policy setting controls whether a computer requires that Kerberos message exchanges be armored when communicating with a domain controller. Warning: When a domain does not support Kerberos armoring by enabling "Support Dynamic Access Control and Kerberos armoring", then all authentication for all its users will fail from computers with this policy setting enabled. @@ -208,7 +208,7 @@ Note: The Kerberos Group Policy "Kerberos client support for claims, compound au If you disable or do not configure this policy setting, the client computers in the domain enforce the use of Kerberos armoring when possible as supported by the target domain. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -216,14 +216,14 @@ If you disable or do not configure this policy setting, the client computers in > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Fail authentication requests when Kerberos armoring is not available* - GP name: *ClientRequireFast* - GP path: *System/Kerberos* - GP ADMX file name: *Kerberos.admx* - +
    @@ -231,7 +231,7 @@ ADMX Info: **Kerberos/RequireStrictKDCValidation** - + @@ -253,8 +253,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -262,15 +262,15 @@ ADMX Info:
    - - + + This policy setting controls the Kerberos client's behavior in validating the KDC certificate for smart card and system certificate logon. If you enable this policy setting, the Kerberos client requires that the KDC's X.509 certificate contains the KDC key purpose object identifier in the Extended Key Usage (EKU) extensions, and that the KDC's X.509 certificate contains a dNSName subjectAltName (SAN) extension that matches the DNS name of the domain. If the computer is joined to a domain, the Kerberos client requires that the KDC's X.509 certificate must be signed by a Certificate Authority (CA) in the NTAuth store. If the computer is not joined to a domain, the Kerberos client allows the root CA certificate on the smart card to be used in the path validation of the KDC's X.509 certificate. If you disable or do not configure this policy setting, the Kerberos client requires only that the KDC certificate contain the Server Authentication purpose object identifier in the EKU extensions which can be issued to any server. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -278,14 +278,14 @@ If you disable or do not configure this policy setting, the Kerberos client requ > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Require strict KDC validation* - GP name: *ValidateKDC* - GP path: *System/Kerberos* - GP ADMX file name: *Kerberos.admx* - +
    @@ -293,7 +293,7 @@ ADMX Info: **Kerberos/SetMaximumContextTokenSize** - + @@ -315,8 +315,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -324,8 +324,8 @@ ADMX Info:
    - - + + This policy setting allows you to set the value returned to applications which request the maximum size of the SSPI context token buffer size. The size of the context token buffer determines the maximum size of SSPI context tokens an application expects and allocates. Depending upon authentication request processing and group memberships, the buffer might be smaller than the actual size of the SSPI context token. @@ -336,7 +336,7 @@ If you disable or do not configure this policy setting, the Kerberos client or s Note: This policy setting configures the existing MaxTokenSize registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters, which was added in Windows XP and Windows Server 2003, with a default value of 12,000 bytes. Beginning with Windows 8 the default is 48,000 bytes. Due to HTTP's base64 encoding of authentication context tokens, it is not advised to set this value more than 48,000 bytes. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -344,14 +344,14 @@ Note: This policy setting configures the existing MaxTokenSize registry value in > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Set maximum Kerberos SSPI context token buffer size* - GP name: *MaxTokenSize* - GP path: *System/Kerberos* - GP ADMX file name: *Kerberos.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md index 3384e28b77..eba4551112 100644 --- a/windows/client-management/mdm/policy-csp-kioskbrowser.md +++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md @@ -47,7 +47,7 @@ ms.date: 01/29/2018 **KioskBrowser/BlockedUrlExceptions** - + @@ -69,8 +69,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -79,11 +79,11 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, next major update. List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. - +
    @@ -91,7 +91,7 @@ Added in Windows 10, next major update. List of exceptions to the blocked websit **KioskBrowser/BlockedUrls** - + @@ -113,8 +113,8 @@ Added in Windows 10, next major update. List of exceptions to the blocked websit
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -123,11 +123,11 @@ Added in Windows 10, next major update. List of exceptions to the blocked websit
    - - + + Added in Windows 10, next major update. List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to. - +
    @@ -135,7 +135,7 @@ Added in Windows 10, next major update. List of blocked website URLs (with wildc **KioskBrowser/DefaultURL** - + @@ -157,8 +157,8 @@ Added in Windows 10, next major update. List of blocked website URLs (with wildc
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -167,11 +167,11 @@ Added in Windows 10, next major update. List of blocked website URLs (with wildc
    - - + + Added in Windows 10, next major update. Configures the default URL kiosk browsers to navigate on launch and restart. - +
    @@ -179,7 +179,7 @@ Added in Windows 10, next major update. Configures the default URL kiosk browser **KioskBrowser/EnableHomeButton** - + @@ -201,8 +201,8 @@ Added in Windows 10, next major update. Configures the default URL kiosk browser
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -211,11 +211,11 @@ Added in Windows 10, next major update. Configures the default URL kiosk browser
    - - + + Added in Windows 10, next major update. Enable/disable kiosk browser's home button. - +
    @@ -223,7 +223,7 @@ Added in Windows 10, next major update. Enable/disable kiosk browser's home butt **KioskBrowser/EnableNavigationButtons** - + @@ -245,8 +245,8 @@ Added in Windows 10, next major update. Enable/disable kiosk browser's home butt
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -255,11 +255,11 @@ Added in Windows 10, next major update. Enable/disable kiosk browser's home butt
    - - + + Added in Windows 10, next major update. Enable/disable kiosk browser's navigation buttons (forward/back). - +
    @@ -267,7 +267,7 @@ Added in Windows 10, next major update. Enable/disable kiosk browser's navigatio **KioskBrowser/RestartOnIdleTime** - + @@ -289,8 +289,8 @@ Added in Windows 10, next major update. Enable/disable kiosk browser's navigatio
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -299,13 +299,13 @@ Added in Windows 10, next major update. Enable/disable kiosk browser's navigatio
    - - + + Added in Windows 10, next major update. Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state. The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser. - +
    diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md index 6d5197aac8..8cd5d7c7a9 100644 --- a/windows/client-management/mdm/policy-csp-licensing.md +++ b/windows/client-management/mdm/policy-csp-licensing.md @@ -33,7 +33,7 @@ ms.date: 01/29/2018 **Licensing/AllowWindowsEntitlementReactivation** - + @@ -55,8 +55,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -64,11 +64,11 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1607. Enables or Disable Windows license reactivation on managed devices. - + The following list shows the supported values: @@ -83,7 +83,7 @@ The following list shows the supported values: **Licensing/DisallowKMSClientOnlineAVSValidation** - + @@ -105,8 +105,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -114,11 +114,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1607. Enabling this setting prevents this computer from sending data to Microsoft regarding its activation state. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index 5bd76c04ea..79fc96e412 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -194,7 +194,7 @@ ms.date: 01/29/2018 **LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts** - + @@ -216,8 +216,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -225,8 +225,8 @@ ms.date: 01/29/2018
    - - + + This policy setting prevents users from adding new Microsoft accounts on this computer. If you select the "Users cannot add Microsoft accounts" option, users will not be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This is the preferred option if you need to limit the use of Microsoft accounts in your enterprise. @@ -237,7 +237,7 @@ If you disable or do not configure this policy (recommended), users will be able Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + The following list shows the supported values: @@ -252,7 +252,7 @@ The following list shows the supported values: **LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus** - + @@ -274,8 +274,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -283,8 +283,8 @@ The following list shows the supported values:
    - - + + This security setting determines whether the local Administrator account is enabled or disabled. If you try to reenable the Administrator account after it has been disabled, and if the current Administrator password does not meet the password requirements, you cannot reenable the account. In this case, an alternative member of the Administrators group must reset the password on the Administrator account. For information about how to reset a password, see To reset a password. @@ -299,7 +299,7 @@ Valid values: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -307,7 +307,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus** - + @@ -329,8 +329,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -338,8 +338,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + This security setting determines if the Guest account is enabled or disabled. Default: Disabled. @@ -351,7 +351,7 @@ Note: If the Guest account is disabled and the security option Network Access: S Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -359,7 +359,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly** - + @@ -381,8 +381,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -390,8 +390,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + Accounts: Limit local account use of blank passwords to console logon only This security setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If enabled, local accounts that are not password protected will only be able to log on at the computer's keyboard. @@ -411,7 +411,7 @@ It is possible for applications that use remote interactive logons to bypass thi Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -419,7 +419,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount** - + @@ -441,8 +441,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -450,8 +450,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + Accounts: Rename administrator account This security setting determines whether a different account name is associated with the security identifier (SID) for the account Administrator. Renaming the well-known Administrator account makes it slightly more difficult for unauthorized persons to guess this privileged user name and password combination. @@ -460,7 +460,7 @@ Default: Administrator. Value type is string. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -468,7 +468,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount** - + @@ -490,8 +490,8 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -499,8 +499,8 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
    - - + + Accounts: Rename guest account This security setting determines whether a different account name is associated with the security identifier (SID) for the account "Guest." Renaming the well-known Guest account makes it slightly more difficult for unauthorized persons to guess this user name and password combination. @@ -509,7 +509,7 @@ Default: Guest. Value type is string. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -517,7 +517,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon** - + @@ -539,8 +539,8 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -548,8 +548,8 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
    - - + + Devices: Allow undock without having to log on. This security setting determines whether a portable computer can be undocked without having to log on. If this policy is enabled, logon is not required and an external hardware eject button can be used to undock the computer. If disabled, a user must log on and have the Remove computer from docking station privilege to undock the computer. @@ -559,7 +559,7 @@ Caution: Disabling this policy may tempt users to try and physically remove the laptop from its docking station using methods other than the external hardware eject button. Since this may cause damage to the hardware, this setting, in general, should only be disabled on laptop configurations that are physically securable. - +
    @@ -567,7 +567,7 @@ Disabling this policy may tempt users to try and physically remove the laptop fr **LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia** - + @@ -589,8 +589,8 @@ Disabling this policy may tempt users to try and physically remove the laptop fr
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -598,8 +598,8 @@ Disabling this policy may tempt users to try and physically remove the laptop fr
    - - + + Devices: Allowed to format and eject removable media This security setting determines who is allowed to format and eject removable NTFS media. This capability can be given to: @@ -609,7 +609,7 @@ This security setting determines who is allowed to format and eject removable NT Default: This policy is not defined and only Administrators have this ability. - +
    @@ -617,7 +617,7 @@ Default: This policy is not defined and only Administrators have this ability. **LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters** - + @@ -639,8 +639,8 @@ Default: This policy is not defined and only Administrators have this ability.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -648,8 +648,8 @@ Default: This policy is not defined and only Administrators have this ability.
    - - + + Devices: Prevent users from installing printer drivers when connecting to shared printers For a computer to print to a shared printer, the driver for that shared printer must be installed on the local computer. This security setting determines who is allowed to install a printer driver as part of connecting to a shared printer. If this setting is enabled, only Administrators can install a printer driver as part of connecting to a shared printer. If this setting is disabled, any user can install a printer driver as part of connecting to a shared printer. @@ -661,7 +661,7 @@ Note This setting does not affect the ability to add a local printer. This setting does not affect Administrators. - +
    @@ -669,7 +669,7 @@ This setting does not affect the ability to add a local printer. This setting do **LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly** - + @@ -691,8 +691,8 @@ This setting does not affect the ability to add a local printer. This setting do
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -700,8 +700,8 @@ This setting does not affect the ability to add a local printer. This setting do
    - - + + Devices: Restrict CD-ROM access to locally logged-on user only This security setting determines whether a CD-ROM is accessible to both local and remote users simultaneously. @@ -710,7 +710,7 @@ If this policy is enabled, it allows only the interactively logged-on user to ac Default: This policy is not defined and CD-ROM access is not restricted to the locally logged-on user. - +
    @@ -718,7 +718,7 @@ Default: This policy is not defined and CD-ROM access is not restricted to the l **LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways** - + @@ -740,8 +740,8 @@ Default: This policy is not defined and CD-ROM access is not restricted to the l
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -749,8 +749,8 @@ Default: This policy is not defined and CD-ROM access is not restricted to the l
    - - + + Domain member: Digitally encrypt or sign secure channel data (always) This security setting determines whether all secure channel traffic initiated by the domain member must be signed or encrypted. @@ -770,7 +770,7 @@ If this policy is enabled, the policy Domain member: Digitally sign secure chann If this policy is enabled, the policy Domain member: Digitally sign secure channel data (when possible) is assumed to be enabled regardless of its current setting. This ensures that the domain member attempts to negotiate at least signing of the secure channel traffic. Logon information transmitted over the secure channel is always encrypted regardless of whether encryption of ALL other secure channel traffic is negotiated or not. - +
    @@ -778,7 +778,7 @@ Logon information transmitted over the secure channel is always encrypted regard **LocalPoliciesSecurityOptions/DomainMember_DigitallyEncryptSecureChannelDataWhenPossible** - + @@ -800,8 +800,8 @@ Logon information transmitted over the secure channel is always encrypted regard
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -809,8 +809,8 @@ Logon information transmitted over the secure channel is always encrypted regard
    - - + + Domain member: Digitally encrypt secure channel data (when possible) This security setting determines whether a domain member attempts to negotiate encryption for all secure channel traffic that it initiates. @@ -827,7 +827,7 @@ There is no known reason for disabling this setting. Besides unnecessarily reduc Note: Domain controllers are also domain members and establish secure channels with other domain controllers in the same domain as well as domain controllers in trusted domains. - +
    @@ -835,7 +835,7 @@ Note: Domain controllers are also domain members and establish secure channels w **LocalPoliciesSecurityOptions/DomainMember_DigitallySignSecureChannelDataWhenPossible** - + @@ -857,8 +857,8 @@ Note: Domain controllers are also domain members and establish secure channels w
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -866,8 +866,8 @@ Note: Domain controllers are also domain members and establish secure channels w
    - - + + Domain member: Digitally sign secure channel data (when possible) This security setting determines whether a domain member attempts to negotiate signing for all secure channel traffic that it initiates. @@ -878,7 +878,7 @@ This setting determines whether or not the domain member attempts to negotiate s Default: Enabled. - +
    @@ -886,7 +886,7 @@ Default: Enabled. **LocalPoliciesSecurityOptions/DomainMember_DisableMachineAccountPasswordChanges** - + @@ -908,8 +908,8 @@ Default: Enabled.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -917,8 +917,8 @@ Default: Enabled.
    - - + + Domain member: Disable machine account password changes Determines whether a domain member periodically changes its computer account password. If this setting is enabled, the domain member does not attempt to change its computer account password. If this setting is disabled, the domain member attempts to change its computer account password as specified by the setting for Domain Member: Maximum age for machine account password, which by default is every 30 days. @@ -930,7 +930,7 @@ Notes This security setting should not be enabled. Computer account passwords are used to establish secure channel communications between members and domain controllers and, within the domain, between the domain controllers themselves. Once it is established, the secure channel is used to transmit sensitive information that is necessary for making authentication and authorization decisions. This setting should not be used in an attempt to support dual-boot scenarios that use the same computer account. If you want to dual-boot two installations that are joined to the same domain, give the two installations different computer names. - +
    @@ -938,7 +938,7 @@ This setting should not be used in an attempt to support dual-boot scenarios tha **LocalPoliciesSecurityOptions/DomainMember_MaximumMachineAccountPasswordAge** - + @@ -960,8 +960,8 @@ This setting should not be used in an attempt to support dual-boot scenarios tha
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -969,8 +969,8 @@ This setting should not be used in an attempt to support dual-boot scenarios tha
    - - + + Domain member: Maximum machine account password age This security setting determines how often a domain member will attempt to change its computer account password. @@ -981,7 +981,7 @@ Important This setting applies to Windows 2000 computers, but it is not available through the Security Configuration Manager tools on these computers. - +
    @@ -989,7 +989,7 @@ This setting applies to Windows 2000 computers, but it is not available through **LocalPoliciesSecurityOptions/DomainMember_RequireStrongSessionKey** - + @@ -1011,8 +1011,8 @@ This setting applies to Windows 2000 computers, but it is not available through
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1020,8 +1020,8 @@ This setting applies to Windows 2000 computers, but it is not available through
    - - + + Domain member: Require strong (Windows 2000 or later) session key This security setting determines whether 128-bit key strength is required for encrypted secure channel data. @@ -1043,7 +1043,7 @@ Important In order to take advantage of this policy on member workstations and servers, all domain controllers that constitute the member's domain must be running Windows 2000 or later. In order to take advantage of this policy on domain controllers, all domain controllers in the same domain as well as all trusted domains must run Windows 2000 or later. - +
    @@ -1051,7 +1051,7 @@ In order to take advantage of this policy on domain controllers, all domain cont **LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked** - + @@ -1073,8 +1073,8 @@ In order to take advantage of this policy on domain controllers, all domain cont
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1082,8 +1082,8 @@ In order to take advantage of this policy on domain controllers, all domain cont
    - - + + Interactive Logon:Display user information when the session is locked Valid values: @@ -1093,7 +1093,7 @@ Valid values: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -1101,7 +1101,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn** - + @@ -1123,8 +1123,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1132,8 +1132,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + Interactive logon: Don't display last signed-in This security setting determines whether the Windows sign-in screen will show the username of the last person who signed in on this PC. @@ -1148,7 +1148,7 @@ Valid values: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -1156,7 +1156,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn** - + @@ -1178,8 +1178,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1187,8 +1187,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + Interactive logon: Don't display username at sign-in This security setting determines whether the username of the person signing in to this PC appears at Windows sign-in, after credentials are entered, and before the PC desktop is shown. @@ -1204,7 +1204,7 @@ Valid values: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -1212,7 +1212,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/InteractiveLogon_DoNotRequireCTRLALTDEL** - + @@ -1234,8 +1234,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1243,8 +1243,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + Interactive logon: Do not require CTRL+ALT+DEL This security setting determines whether pressing CTRL+ALT+DEL is required before a user can log on. @@ -1261,7 +1261,7 @@ Valid values: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -1269,7 +1269,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit** - + @@ -1291,8 +1291,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1300,8 +1300,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + Interactive logon: Machine inactivity limit. Windows notices inactivity of a logon session, and if the amount of inactive time exceeds the inactivity limit, then the screen saver will run, locking the session. @@ -1313,7 +1313,7 @@ Valid values: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -1321,7 +1321,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn** - + @@ -1343,8 +1343,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1352,8 +1352,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + Interactive logon: Message text for users attempting to log on This security setting specifies a text message that is displayed to users when they log on. @@ -1364,7 +1364,7 @@ Default: No message. Value type is string. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -1372,7 +1372,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn** - + @@ -1394,8 +1394,8 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1403,8 +1403,8 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
    - - + + Interactive logon: Message title for users attempting to log on This security setting allows the specification of a title to appear in the title bar of the window that contains the Interactive logon: Message text for users attempting to log on. @@ -1413,7 +1413,7 @@ Default: No message. Value type is string. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -1421,7 +1421,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior** - + @@ -1443,8 +1443,8 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1452,8 +1452,8 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
    - - + + Interactive logon: Smart card removal behavior This security setting determines what happens when the smart card for a logged-on user is removed from the smart card reader. @@ -1477,7 +1477,7 @@ Default: This policy is not defined, which means that the system treats it as No On Windows Vista and above: For this setting to work, the Smart Card Removal Policy service must be started. - +
    @@ -1485,7 +1485,7 @@ On Windows Vista and above: For this setting to work, the Smart Card Removal Pol **LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways** - + @@ -1507,8 +1507,8 @@ On Windows Vista and above: For this setting to work, the Smart Card Removal Pol
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1516,8 +1516,8 @@ On Windows Vista and above: For this setting to work, the Smart Card Removal Pol
    - - + + Microsoft network client: Digitally sign communications (always) This security setting determines whether packet signing is required by the SMB client component. @@ -1542,7 +1542,7 @@ Microsoft network server: Digitally sign communications (if client agrees) - Con SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - +
    @@ -1550,7 +1550,7 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. **LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees** - + @@ -1572,8 +1572,8 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1581,8 +1581,8 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
    - - + + Microsoft network client: Digitally sign communications (if server agrees) This security setting determines whether the SMB client attempts to negotiate SMB packet signing. @@ -1604,7 +1604,7 @@ If both client-side and server-side SMB signing is enabled and the client establ SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections. For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - +
    @@ -1612,7 +1612,7 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. **LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers** - + @@ -1634,8 +1634,8 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1643,8 +1643,8 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
    - - + + Microsoft network client: Send unencrypted password to connect to third-party SMB servers If this security setting is enabled, the Server Message Block (SMB) redirector is allowed to send plaintext passwords to non-Microsoft SMB servers that do not support password encryption during authentication. @@ -1653,7 +1653,7 @@ Sending unencrypted passwords is a security risk. Default: Disabled. - +
    @@ -1661,7 +1661,7 @@ Default: Disabled. **LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession** - + @@ -1683,8 +1683,8 @@ Default: Disabled.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1692,8 +1692,8 @@ Default: Disabled.
    - - + + Microsoft network server: Amount of idle time required before suspending a session This security setting determines the amount of continuous idle time that must pass in a Server Message Block (SMB) session before the session is suspended due to inactivity. @@ -1704,7 +1704,7 @@ For this policy setting, a value of 0 means to disconnect an idle session as qui Default:This policy is not defined, which means that the system treats it as 15 minutes for servers and undefined for workstations. - +
    @@ -1712,7 +1712,7 @@ Default:This policy is not defined, which means that the system treats it as 15 **LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways** - + @@ -1734,8 +1734,8 @@ Default:This policy is not defined, which means that the system treats it as 15
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1743,8 +1743,8 @@ Default:This policy is not defined, which means that the system treats it as 15
    - - + + Microsoft network server: Digitally sign communications (always) This security setting determines whether packet signing is required by the SMB server component. @@ -1778,7 +1778,7 @@ For Windows 2000 servers to negotiate signing with Windows NT 4.0 clients, the f HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\enableW9xsecuritysignature For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - +
    @@ -1786,7 +1786,7 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. **LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees** - + @@ -1808,8 +1808,8 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1817,8 +1817,8 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
    - - + + Microsoft network server: Digitally sign communications (if client agrees) This security setting determines whether the SMB server will negotiate SMB packet signing with clients that request it. @@ -1844,7 +1844,7 @@ If both client-side and server-side SMB signing is enabled and the client establ SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections. For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - +
    @@ -1852,7 +1852,7 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. **LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts** - + @@ -1874,8 +1874,8 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1883,8 +1883,8 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
    - - + + Network access: Do not allow anonymous enumeration of SAM accounts This security setting determines what additional permissions will be granted for anonymous connections to the computer. @@ -1903,7 +1903,7 @@ Important This policy has no impact on domain controllers. - +
    @@ -1911,7 +1911,7 @@ This policy has no impact on domain controllers. **LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares** - + @@ -1933,8 +1933,8 @@ This policy has no impact on domain controllers.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1942,8 +1942,8 @@ This policy has no impact on domain controllers.
    - - + + Network access: Do not allow anonymous enumeration of SAM accounts and shares This security setting determines whether anonymous enumeration of SAM accounts and shares is allowed. @@ -1952,7 +1952,7 @@ Windows allows anonymous users to perform certain activities, such as enumeratin Default: Disabled. - +
    @@ -1960,7 +1960,7 @@ Default: Disabled. **LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers** - + @@ -1982,8 +1982,8 @@ Default: Disabled.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1991,8 +1991,8 @@ Default: Disabled.
    - - + + Network access: Let Everyone permissions apply to anonymous users This security setting determines what additional permissions are granted for anonymous connections to the computer. @@ -2003,7 +2003,7 @@ If this policy is enabled, the Everyone SID is added to the token that is create Default: Disabled. - +
    @@ -2011,7 +2011,7 @@ Default: Disabled. **LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares** - + @@ -2033,8 +2033,8 @@ Default: Disabled.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2042,8 +2042,8 @@ Default: Disabled.
    - - + + Network access: Restrict anonymous access to Named Pipes and Shares When enabled, this security setting restricts anonymous access to shares and pipes to the settings for: @@ -2052,7 +2052,7 @@ Network access: Named pipes that can be accessed anonymously Network access: Shares that can be accessed anonymously Default: Enabled. - +
    @@ -2060,7 +2060,7 @@ Default: Enabled. **LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM** - + @@ -2082,8 +2082,8 @@ Default: Enabled.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2091,8 +2091,8 @@ Default: Enabled.
    - - + + Network access: Restrict clients allowed to make remote calls to SAM This policy setting allows you to restrict remote rpc connections to SAM. @@ -2101,7 +2101,7 @@ If not selected, the default security descriptor will be used. This policy is supported on at least Windows Server 2016. - +
    @@ -2109,7 +2109,7 @@ This policy is supported on at least Windows Server 2016. **LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM** - + @@ -2131,8 +2131,8 @@ This policy is supported on at least Windows Server 2016.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2140,8 +2140,8 @@ This policy is supported on at least Windows Server 2016.
    - - + + Network security: Allow Local System to use computer identity for NTLM This policy setting allows Local System services that use Negotiate to use the computer identity when reverting to NTLM authentication. @@ -2158,7 +2158,7 @@ This policy is supported on at least Windows Vista or Windows Server 2008. Note: Windows Vista or Windows Server 2008 do not expose this setting in Group Policy. - +
    @@ -2166,7 +2166,7 @@ Note: Windows Vista or Windows Server 2008 do not expose this setting in Group P **LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests** - + @@ -2188,8 +2188,8 @@ Note: Windows Vista or Windows Server 2008 do not expose this setting in Group P
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2197,8 +2197,8 @@ Note: Windows Vista or Windows Server 2008 do not expose this setting in Group P
    - - + + Network security: Allow PKU2U authentication requests to this computer to use online identities. This policy will be turned off by default on domain joined machines. This would prevent online identities from authenticating to the domain joined machine. @@ -2209,7 +2209,7 @@ Valid values: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -2217,7 +2217,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange** - + @@ -2239,8 +2239,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2248,8 +2248,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + Network security: Do not store LAN Manager hash value on next password change This security setting determines if, at the next password change, the LAN Manager (LM) hash value for the new password is stored. The LM hash is relatively weak and prone to attack, as compared with the cryptographically stronger Windows NT hash. Since the LM hash is stored on the local computer in the security database the passwords can be compromised if the security database is attacked. @@ -2263,7 +2263,7 @@ Important Windows 2000 Service Pack 2 (SP2) and above offer compatibility with authentication to previous versions of Windows, such as Microsoft Windows NT 4.0. This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP, and the Windows Server 2003 family to communicate with computers running Windows 95 and Windows 98. - +
    @@ -2271,7 +2271,7 @@ This setting can affect the ability of computers running Windows 2000 Server, Wi **LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel** - + @@ -2293,8 +2293,8 @@ This setting can affect the ability of computers running Windows 2000 Server, Wi
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2302,8 +2302,8 @@ This setting can affect the ability of computers running Windows 2000 Server, Wi
    - - + + Network security LAN Manager authentication level This security setting determines which challenge/response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers as follows: @@ -2332,7 +2332,7 @@ Windows Server 2003: Send NTLM response only Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send NTLMv2 response only - +
    @@ -2340,7 +2340,7 @@ Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send **LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients** - + @@ -2362,8 +2362,8 @@ Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2371,8 +2371,8 @@ Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send
    - - + + Network security: Minimum session security for NTLM SSP based (including secure RPC) clients This security setting allows a client to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are: @@ -2386,7 +2386,7 @@ Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Windows 7 and Windows Server 2008 R2: Require 128-bit encryption - +
    @@ -2394,7 +2394,7 @@ Windows 7 and Windows Server 2008 R2: Require 128-bit encryption **LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers** - + @@ -2416,8 +2416,8 @@ Windows 7 and Windows Server 2008 R2: Require 128-bit encryption
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2425,8 +2425,8 @@ Windows 7 and Windows Server 2008 R2: Require 128-bit encryption
    - - + + Network security: Minimum session security for NTLM SSP based (including secure RPC) servers This security setting allows a server to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are: @@ -2440,7 +2440,7 @@ Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Windows 7 and Windows Server 2008 R2: Require 128-bit encryption - +
    @@ -2448,7 +2448,7 @@ Windows 7 and Windows Server 2008 R2: Require 128-bit encryption **LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon** - + @@ -2470,8 +2470,8 @@ Windows 7 and Windows Server 2008 R2: Require 128-bit encryption
    Home
    - - + + Recovery console: Allow automatic administrative logon This security setting determines if the password for the Administrator account must be given before access to the system is granted. If this option is enabled, the Recovery Console does not require you to provide a password, and it automatically logs on to the system. @@ -2483,7 +2483,7 @@ Valid values: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -2491,7 +2491,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn** - + @@ -2513,8 +2513,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2522,8 +2522,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + Shutdown: Allow system to be shut down without having to log on This security setting determines whether a computer can be shut down without having to log on to Windows. @@ -2540,7 +2540,7 @@ Valid values: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -2548,7 +2548,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile** - + @@ -2570,8 +2570,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2579,8 +2579,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + Shutdown: Clear virtual memory pagefile This security setting determines whether the virtual memory pagefile is cleared when the system is shut down. @@ -2591,7 +2591,7 @@ When this policy is enabled, it causes the system pagefile to be cleared upon cl Default: Disabled. - +
    @@ -2599,7 +2599,7 @@ Default: Disabled. **LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems** - + @@ -2621,8 +2621,8 @@ Default: Disabled.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2630,8 +2630,8 @@ Default: Disabled.
    - - + + System objects: Require case insensitivity for non-Windows subsystems This security setting determines whether case insensitivity is enforced for all subsystems. The Win32 subsystem is case insensitive. However, the kernel supports case sensitivity for other subsystems, such as POSIX. @@ -2640,7 +2640,7 @@ If this setting is enabled, case insensitivity is enforced for all directory obj Default: Enabled. - +
    @@ -2648,7 +2648,7 @@ Default: Enabled. **LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation** - + @@ -2670,8 +2670,8 @@ Default: Enabled.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2679,8 +2679,8 @@ Default: Enabled.
    - - + + User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop. This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user. @@ -2696,7 +2696,7 @@ The secure desktop can be disabled only by the user of the interactive desktop o Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -2704,7 +2704,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators** - + @@ -2726,8 +2726,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2735,8 +2735,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode This policy setting controls the behavior of the elevation prompt for administrators. @@ -2757,7 +2757,7 @@ The options are: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -2765,7 +2765,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers** - + @@ -2787,8 +2787,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2796,14 +2796,14 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + User Account Control: Behavior of the elevation prompt for standard users This policy setting controls the behavior of the elevation prompt for standard users. Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + The following list shows the supported values: @@ -2819,7 +2819,7 @@ The following list shows the supported values: **LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation** - + @@ -2841,8 +2841,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2850,8 +2850,8 @@ The following list shows the supported values:
    - - + + User Account Control: Detect application installations and prompt for elevation This policy setting controls the behavior of application installation detection for the computer. @@ -2862,7 +2862,7 @@ Enabled: (Default) When an application installation package is detected that req Disabled: Application installation packages are not detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary. - +
    @@ -2870,7 +2870,7 @@ Disabled: Application installation packages are not detected and prompted for el **LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated** - + @@ -2892,8 +2892,8 @@ Disabled: Application installation packages are not detected and prompted for el
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2901,8 +2901,8 @@ Disabled: Application installation packages are not detected and prompted for el
    - - + + User Account Control: Only elevate executable files that are signed and validated This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local computers. @@ -2913,7 +2913,7 @@ The options are: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -2921,7 +2921,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations** - + @@ -2943,8 +2943,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2952,8 +2952,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + User Account Control: Only elevate UIAccess applications that are installed in secure locations This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following: @@ -2970,7 +2970,7 @@ The options are: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -2978,7 +2978,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode** - + @@ -3000,8 +3000,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3009,8 +3009,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + User Account Control: Turn on Admin Approval Mode This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer. @@ -3022,7 +3022,7 @@ The options are: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -3030,7 +3030,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation** - + @@ -3052,8 +3052,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3061,8 +3061,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + User Account Control: Switch to the secure desktop when prompting for elevation This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop. @@ -3073,7 +3073,7 @@ The options are: Value type is integer. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -3081,7 +3081,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. **LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode** - + @@ -3103,8 +3103,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3112,8 +3112,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
    - - + + User Account Control: Use Admin Approval Mode for the built-in Administrator account This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account. @@ -3124,7 +3124,7 @@ The options are: • Disabled: (Default) The built-in Administrator account runs all applications with full administrative privilege. - +
    @@ -3132,7 +3132,7 @@ The options are: **LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations** - + @@ -3154,8 +3154,8 @@ The options are:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3163,15 +3163,15 @@ The options are:
    - - + + User Account Control: Virtualize file and registry write failures to per-user locations This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\system32, or HKLM\Software. Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-location.md b/windows/client-management/mdm/policy-csp-location.md index 3863b5f6b1..533c3d2f12 100644 --- a/windows/client-management/mdm/policy-csp-location.md +++ b/windows/client-management/mdm/policy-csp-location.md @@ -30,7 +30,7 @@ ms.date: 01/29/2018 **Location/EnableLocation** - + @@ -52,8 +52,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -61,8 +61,8 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1703. Optional policy that allows for IT admin to preconfigure whether or not Location Service's Device Switch is enabled or disabled for the device. Setting this policy is not required for Location Services to function. This policy controls a device wide state that affects all users, apps, and services ability to find the device's latitude and longitude on a map. There is a separate user switch that defines whether the location service is allowed to retrieve a position for the current user. In order to retrieve a position for a specific user, both the Device Switch and the User Switch must be enabled. If either is disabled, positions cannot be retrieved for the user. The user can later change both the User Switch and the Device Switch through the user interface on the Settings -> Privacy -> Location page. > [!IMPORTANT] @@ -78,7 +78,7 @@ To validate on Desktop, do the following: 1. Verify that Settings -> Privacy -> Location -> Location for this device is On/Off as expected. 2. Use Windows Maps Application (or similar) to see if a location can or cannot be obtained. - +
    diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md index e5f5ea3c9f..d42f28adb1 100644 --- a/windows/client-management/mdm/policy-csp-lockdown.md +++ b/windows/client-management/mdm/policy-csp-lockdown.md @@ -30,7 +30,7 @@ ms.date: 01/29/2018 **LockDown/AllowEdgeSwipe** - + @@ -52,8 +52,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -61,13 +61,13 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1607. Allows the user to invoke any system user interface by swiping in from any screen edge using touch. The easiest way to verify the policy is to restart the explorer process or to reboot after the policy is applied. And then try to swipe from the right edge of the screen. The desired result is for Action Center to not be invoked by the swipe. You can also enter tablet mode and attempt to swipe from the top of the screen to rearrange. That will also be disabled. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md index 31f6725776..178bc58f12 100644 --- a/windows/client-management/mdm/policy-csp-maps.md +++ b/windows/client-management/mdm/policy-csp-maps.md @@ -33,7 +33,7 @@ ms.date: 01/29/2018 **Maps/AllowOfflineMapsDownloadOverMeteredConnection** - + @@ -55,8 +55,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -64,13 +64,13 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1607. Allows the download and update of map data over metered connections. After the policy is applied, you can verify the settings in the user interface in **System** > **Offline Maps**. - + The following list shows the supported values: @@ -86,7 +86,7 @@ The following list shows the supported values: **Maps/EnableOfflineMapsAutoUpdate** - + @@ -108,8 +108,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -117,13 +117,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1607. Disables the automatic download and update of map data. After the policy is applied, you can verify the settings in the user interface in **System** > **Offline Maps**. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md index 9d52633f18..a7f3f8050a 100644 --- a/windows/client-management/mdm/policy-csp-messaging.md +++ b/windows/client-management/mdm/policy-csp-messaging.md @@ -36,7 +36,7 @@ ms.date: 01/29/2018 **Messaging/AllowMMS** - + @@ -58,8 +58,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -67,8 +67,8 @@ ms.date: 01/29/2018
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -79,7 +79,7 @@ The following list shows the supported values: - 0 - Disabled. - 1 (default) - Enabled. - +
    @@ -87,7 +87,7 @@ The following list shows the supported values: **Messaging/AllowMessageSync** - + @@ -109,8 +109,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -118,8 +118,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1607. Enables text message back up and restore and Messaging Everywhere. This policy allows an organization to disable these features to avoid information being stored on servers outside of their control. The following list shows the supported values: @@ -127,7 +127,7 @@ The following list shows the supported values: - 0 - message sync is not allowed and cannot be changed by the user. - 1 - message sync is allowed. The user can change this setting. - +
    @@ -135,7 +135,7 @@ The following list shows the supported values: **Messaging/AllowRCS** - + @@ -157,8 +157,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -166,8 +166,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -178,7 +178,7 @@ The following list shows the supported values: - 0 - Disabled. - 1 (default) - Enabled. - +
    diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md index 63b61350a9..bbbe2fb3fa 100644 --- a/windows/client-management/mdm/policy-csp-networkisolation.md +++ b/windows/client-management/mdm/policy-csp-networkisolation.md @@ -51,7 +51,7 @@ ms.date: 01/29/2018 **NetworkIsolation/EnterpriseCloudResources** - + @@ -73,8 +73,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -82,11 +82,11 @@ ms.date: 01/29/2018
    - - + + Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the **EnterpriseInternalProxyServers** policy. This domain list is a pipe-separated list of cloud resources. Each cloud resource can also be paired optionally with an internal proxy server by using a trailing comma followed by the proxy address. For example, **<*cloudresource*>|<*cloudresource*>|<*cloudresource*>,<*proxy*>|<*cloudresource*>|<*cloudresource*>,<*proxy*>|**. - +
    @@ -94,7 +94,7 @@ Contains a list of Enterprise resource domains hosted in the cloud that need to **NetworkIsolation/EnterpriseIPRange** - + @@ -116,8 +116,8 @@ Contains a list of Enterprise resource domains hosted in the cloud that need to
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -125,11 +125,11 @@ Contains a list of Enterprise resource domains hosted in the cloud that need to
    - - + + Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of IPv4 and IPv6 ranges. - + For example: @@ -150,7 +150,7 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff **NetworkIsolation/EnterpriseIPRangesAreAuthoritative** - + @@ -172,8 +172,8 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -181,11 +181,11 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
    - - + + Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. - +
    @@ -193,7 +193,7 @@ Boolean value that tells the client to accept the configured list and not to use **NetworkIsolation/EnterpriseInternalProxyServers** - + @@ -215,8 +215,8 @@ Boolean value that tells the client to accept the configured list and not to use
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -224,11 +224,11 @@ Boolean value that tells the client to accept the configured list and not to use
    - - + + This is the comma-separated list of internal proxy servers. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the **EnterpriseCloudResources** policy to force traffic to the matched cloud resources through these proxies. - +
    @@ -236,7 +236,7 @@ This is the comma-separated list of internal proxy servers. For example "157.54. **NetworkIsolation/EnterpriseNetworkDomainNames** - + @@ -258,8 +258,8 @@ This is the comma-separated list of internal proxy servers. For example "157.54.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -267,8 +267,8 @@ This is the comma-separated list of internal proxy servers. For example "157.54.
    - - + + This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of domains, for example "contoso.sharepoint.com, Fabrikam.com". > [!NOTE] @@ -281,7 +281,7 @@ Here are the steps to create canonical domain names: 2. Call [IdnToAscii](https://msdn.microsoft.com/library/windows/desktop/dd318149.aspx) with IDN\_USE\_STD3\_ASCII\_RULES as the flags. 3. Call [IdnToUnicode](https://msdn.microsoft.com/library/windows/desktop/dd318151.aspx) with no flags set (dwFlags = 0). - +
    @@ -289,7 +289,7 @@ Here are the steps to create canonical domain names: **NetworkIsolation/EnterpriseProxyServers** - + @@ -311,8 +311,8 @@ Here are the steps to create canonical domain names:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -320,11 +320,11 @@ Here are the steps to create canonical domain names:
    - - + + This is a comma-separated list of proxy servers. Any server on this list is considered non-enterprise. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". - +
    @@ -332,7 +332,7 @@ This is a comma-separated list of proxy servers. Any server on this list is cons **NetworkIsolation/EnterpriseProxyServersAreAuthoritative** - + @@ -354,8 +354,8 @@ This is a comma-separated list of proxy servers. Any server on this list is cons
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -363,11 +363,11 @@ This is a comma-separated list of proxy servers. Any server on this list is cons
    - - + + Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies. - +
    @@ -375,7 +375,7 @@ Boolean value that tells the client to accept the configured list of proxies and **NetworkIsolation/NeutralResources** - + @@ -397,8 +397,8 @@ Boolean value that tells the client to accept the configured list of proxies and
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -406,11 +406,11 @@ Boolean value that tells the client to accept the configured list of proxies and
    - - + + List of domain names that can used for work or personal resource. - +
    diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md index 3086806c49..767c680221 100644 --- a/windows/client-management/mdm/policy-csp-notifications.md +++ b/windows/client-management/mdm/policy-csp-notifications.md @@ -30,7 +30,7 @@ ms.date: 01/29/2018 **Notifications/DisallowNotificationMirroring** - + @@ -52,8 +52,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -61,15 +61,15 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1607. Boolean value that turns off notification mirroring. For each user logged into the device, if you enable this policy (set value to 1) the app and system notifications received by this user on this device will not get mirrored to other devices of the same logged in user. If you disable or do not configure this policy (set value to 0) the notifications received by this user on this device will be mirrored to other devices of the same logged in user. This feature can be turned off by apps that do not want to participate in Notification Mirroring. This feature can also be turned off by the user in the Cortana setting page. No reboot or service restart is required for this policy to take effect. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md index ac601b4c93..8de63327aa 100644 --- a/windows/client-management/mdm/policy-csp-power.md +++ b/windows/client-management/mdm/policy-csp-power.md @@ -54,7 +54,7 @@ ms.date: 01/29/2018 **Power/AllowStandbyWhenSleepingPluggedIn** - + @@ -76,8 +76,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -85,15 +85,15 @@ ms.date: 01/29/2018
    - - + + This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state. If you enable or do not configure this policy setting, Windows uses standby states to put the computer in a sleep state. If you disable this policy setting, standby states (S1-S3) are not allowed. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -101,14 +101,14 @@ If you disable this policy setting, standby states (S1-S3) are not allowed. > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow standby states (S1-S3) when sleeping (plugged in)* - GP name: *AllowStandbyStatesAC_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* - +
    @@ -116,7 +116,7 @@ ADMX Info: **Power/DisplayOffTimeoutOnBattery** - + @@ -138,8 +138,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -147,8 +147,8 @@ ADMX Info:
    - - + + Added in Windows 10, version 1709. Turn off the display (on battery). This policy setting allows you to specify the period of inactivity before Windows turns off the display. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display. @@ -157,7 +157,7 @@ If you disable or do not configure this policy setting, users control this setti If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -165,14 +165,14 @@ If the user has configured a slide show to run on the lock screen when the machi > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off the display (on battery)* - GP name: *VideoPowerDownTimeOutDC_2* - GP path: *System/Power Management/Video and Display Settings* - GP ADMX file name: *power.admx* - +
    @@ -180,7 +180,7 @@ ADMX Info: **Power/DisplayOffTimeoutPluggedIn** - + @@ -202,8 +202,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -211,8 +211,8 @@ ADMX Info:
    - - + + Added in Windows 10, version 1709. Turn off the display (plugged in). This policy setting allows you to specify the period of inactivity before Windows turns off the display. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display. @@ -221,7 +221,7 @@ If you disable or do not configure this policy setting, users control this setti If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -229,14 +229,14 @@ If the user has configured a slide show to run on the lock screen when the machi > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off the display (plugged in)* - GP name: *VideoPowerDownTimeOutAC_2* - GP path: *System/Power Management/Video and Display Settings* - GP ADMX file name: *power.admx* - +
    @@ -244,7 +244,7 @@ ADMX Info: **Power/HibernateTimeoutOnBattery** - + @@ -266,8 +266,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -275,8 +275,8 @@ ADMX Info:
    - - + + Added in Windows 10, version 1709. Specify the system hibernate timeout (on battery). This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate. @@ -286,7 +286,7 @@ If you disable or do not configure this policy setting, users control this setti If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -294,14 +294,14 @@ If the user has configured a slide show to run on the lock screen when the machi > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Specify the system hibernate timeout (on battery)* - GP name: *DCHibernateTimeOut_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* - +
    @@ -309,7 +309,7 @@ ADMX Info: **Power/HibernateTimeoutPluggedIn** - + @@ -331,8 +331,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -340,8 +340,8 @@ ADMX Info:
    - - + + Added in Windows 10, version 1709. Specify the system hibernate timeout (plugged in). This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate. @@ -350,7 +350,7 @@ If you disable or do not configure this policy setting, users control this setti If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -358,14 +358,14 @@ If the user has configured a slide show to run on the lock screen when the machi > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Specify the system hibernate timeout (plugged in)* - GP name: *ACHibernateTimeOut_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* - +
    @@ -373,7 +373,7 @@ ADMX Info: **Power/RequirePasswordWhenComputerWakesOnBattery** - + @@ -395,8 +395,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -404,15 +404,15 @@ ADMX Info:
    - - + + This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep. If you enable or do not configure this policy setting, the user is prompted for a password when the system resumes from sleep. If you disable this policy setting, the user is not prompted for a password when the system resumes from sleep. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -420,14 +420,14 @@ If you disable this policy setting, the user is not prompted for a password when > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Require a password when a computer wakes (on battery)* - GP name: *DCPromptForPasswordOnResume_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* - +
    @@ -435,7 +435,7 @@ ADMX Info: **Power/RequirePasswordWhenComputerWakesPluggedIn** - + @@ -457,8 +457,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -466,15 +466,15 @@ ADMX Info:
    - - + + This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep. If you enable or do not configure this policy setting, the user is prompted for a password when the system resumes from sleep. If you disable this policy setting, the user is not prompted for a password when the system resumes from sleep. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -482,14 +482,14 @@ If you disable this policy setting, the user is not prompted for a password when > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Require a password when a computer wakes (plugged in)* - GP name: *ACPromptForPasswordOnResume_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* - +
    @@ -497,7 +497,7 @@ ADMX Info: **Power/StandbyTimeoutOnBattery** - + @@ -519,8 +519,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -528,8 +528,8 @@ ADMX Info:
    - - + + Added in Windows 10, version 1709. Specify the system sleep timeout (on battery). This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep. @@ -538,7 +538,7 @@ If you disable or do not configure this policy setting, users control this setti If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -546,14 +546,14 @@ If the user has configured a slide show to run on the lock screen when the machi > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Specify the system sleep timeout (on battery)* - GP name: *DCStandbyTimeOut_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* - +
    @@ -561,7 +561,7 @@ ADMX Info: **Power/StandbyTimeoutPluggedIn** - + @@ -583,8 +583,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -592,8 +592,8 @@ ADMX Info:
    - - + + Added in Windows 10, version 1709. Specify the system sleep timeout (plugged in). This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep. @@ -602,7 +602,7 @@ If you disable or do not configure this policy setting, users control this setti If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -610,14 +610,14 @@ If the user has configured a slide show to run on the lock screen when the machi > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Specify the system sleep timeout (plugged in)* - GP name: *ACStandbyTimeOut_2* - GP path: *System/Power Management/Sleep Settings* - GP ADMX file name: *power.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md index dc79350f3f..e6535304b1 100644 --- a/windows/client-management/mdm/policy-csp-printers.md +++ b/windows/client-management/mdm/policy-csp-printers.md @@ -36,7 +36,7 @@ ms.date: 01/29/2018 **Printers/PointAndPrintRestrictions** - + @@ -58,8 +58,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -67,8 +67,8 @@ ms.date: 01/29/2018
    - - + + This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain. If you enable this policy setting: @@ -88,7 +88,7 @@ If you disable this policy setting: -Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print. -The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs). - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -96,14 +96,14 @@ If you disable this policy setting: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Point and Print Restrictions* - GP name: *PointAndPrint_Restrictions_Win7* - GP path: *Printers* - GP ADMX file name: *Printing.admx* - +
    @@ -111,7 +111,7 @@ ADMX Info: **Printers/PointAndPrintRestrictions_User** - + @@ -133,8 +133,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -142,8 +142,8 @@ ADMX Info:
    - - + + This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain. If you enable this policy setting: @@ -163,7 +163,7 @@ If you disable this policy setting: -Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print. -The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs). - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -171,14 +171,14 @@ If you disable this policy setting: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Point and Print Restrictions* - GP name: *PointAndPrint_Restrictions* - GP path: *Control Panel/Printers* - GP ADMX file name: *Printing.admx* - +
    @@ -186,7 +186,7 @@ ADMX Info: **Printers/PublishPrinters** - + @@ -208,8 +208,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -217,8 +217,8 @@ ADMX Info:
    - - + + Determines whether the computer's shared printers can be published in Active Directory. If you enable this setting or do not configure it, users can use the "List in directory" option in the Printer's Properties' Sharing tab to publish shared printers in Active Directory. @@ -227,7 +227,7 @@ If you disable this setting, this computer's shared printers cannot be published Note: This settings takes priority over the setting "Automatically publish new printers in the Active Directory". - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -235,14 +235,14 @@ Note: This settings takes priority over the setting "Automatically publish new p > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow printers to be published* - GP name: *PublishPrinters* - GP path: *Printers* - GP ADMX file name: *Printing2.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index 8cc054a89b..79f182b572 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -258,7 +258,7 @@ ms.date: 01/29/2018 **Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts** - + @@ -280,8 +280,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -289,8 +289,8 @@ ms.date: 01/29/2018
    - - + + Allows or disallows the automatic acceptance of the pairing and privacy user consent dialog when launching apps. > [!Note] @@ -299,7 +299,7 @@ Allows or disallows the automatic acceptance of the pairing and privacy user con Most restricted value is 0. - + The following list shows the supported values: @@ -314,7 +314,7 @@ The following list shows the supported values: **Privacy/AllowInputPersonalization** - + @@ -336,8 +336,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -345,13 +345,13 @@ The following list shows the supported values:
    - - + + Updated in Windows 10, version 1709. Allows the usage of cloud based speech services for Cortana, dictation, or Store applications. Setting this policy to 1, lets Microsoft use the user's voice data to improve cloud speech services for all users. Most restricted value is 0. - + The following list shows the supported values: @@ -366,7 +366,7 @@ The following list shows the supported values: **Privacy/DisableAdvertisingId** - + @@ -388,8 +388,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -397,13 +397,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1607. Enables or disables the Advertising ID. Most restricted value is 0. - + The following list shows the supported values: @@ -419,7 +419,7 @@ The following list shows the supported values: **Privacy/EnableActivityFeed** - + @@ -441,8 +441,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -450,11 +450,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. Allows IT Admins to allow Apps/OS to publish to the activity feed. - + The following list shows the supported values: @@ -469,7 +469,7 @@ The following list shows the supported values: **Privacy/LetAppsAccessAccountInfo** - + @@ -491,8 +491,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -500,8 +500,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1607. Specifies whether Windows apps can access account information. The following list shows the supported values: @@ -512,7 +512,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -520,7 +520,7 @@ Most restricted value is 2. **Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps** - + @@ -542,8 +542,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -551,11 +551,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. - +
    @@ -563,7 +563,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps** - + @@ -585,8 +585,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -594,11 +594,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. - +
    @@ -606,7 +606,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps** - + @@ -628,8 +628,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -637,11 +637,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the account information privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps. - +
    @@ -649,7 +649,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessCalendar** - + @@ -671,8 +671,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -680,8 +680,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. Specifies whether Windows apps can access the calendar. The following list shows the supported values: @@ -692,7 +692,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -700,7 +700,7 @@ Most restricted value is 2. **Privacy/LetAppsAccessCalendar_ForceAllowTheseApps** - + @@ -722,8 +722,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -731,11 +731,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. - +
    @@ -743,7 +743,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessCalendar_ForceDenyTheseApps** - + @@ -765,8 +765,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -774,11 +774,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. - +
    @@ -786,7 +786,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessCalendar_UserInControlOfTheseApps** - + @@ -808,8 +808,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -817,11 +817,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the calendar privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps. - +
    @@ -829,7 +829,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessCallHistory** - + @@ -851,8 +851,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -860,8 +860,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. Specifies whether Windows apps can access call history. The following list shows the supported values: @@ -872,7 +872,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -880,7 +880,7 @@ Most restricted value is 2. **Privacy/LetAppsAccessCallHistory_ForceAllowTheseApps** - + @@ -902,8 +902,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -911,11 +911,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. - +
    @@ -923,7 +923,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessCallHistory_ForceDenyTheseApps** - + @@ -945,8 +945,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -954,11 +954,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. - +
    @@ -966,7 +966,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessCallHistory_UserInControlOfTheseApps** - + @@ -988,8 +988,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -997,11 +997,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the call history privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps. - +
    @@ -1009,7 +1009,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessCamera** - + @@ -1031,8 +1031,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1040,8 +1040,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. Specifies whether Windows apps can access the camera. The following list shows the supported values: @@ -1052,7 +1052,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -1060,7 +1060,7 @@ Most restricted value is 2. **Privacy/LetAppsAccessCamera_ForceAllowTheseApps** - + @@ -1082,8 +1082,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1091,11 +1091,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. - +
    @@ -1103,7 +1103,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessCamera_ForceDenyTheseApps** - + @@ -1125,8 +1125,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1134,11 +1134,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. - +
    @@ -1146,7 +1146,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessCamera_UserInControlOfTheseApps** - + @@ -1168,8 +1168,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1177,11 +1177,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps. - +
    @@ -1189,7 +1189,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessContacts** - + @@ -1211,8 +1211,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1220,8 +1220,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. Specifies whether Windows apps can access contacts. The following list shows the supported values: @@ -1232,7 +1232,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -1240,7 +1240,7 @@ Most restricted value is 2. **Privacy/LetAppsAccessContacts_ForceAllowTheseApps** - + @@ -1262,8 +1262,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1271,11 +1271,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. - +
    @@ -1283,7 +1283,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessContacts_ForceDenyTheseApps** - + @@ -1305,8 +1305,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1314,11 +1314,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. - +
    @@ -1326,7 +1326,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessContacts_UserInControlOfTheseApps** - + @@ -1348,8 +1348,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1357,11 +1357,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps. - +
    @@ -1369,7 +1369,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessEmail** - + @@ -1391,8 +1391,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1400,8 +1400,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. Specifies whether Windows apps can access email. The following list shows the supported values: @@ -1412,7 +1412,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -1420,7 +1420,7 @@ Most restricted value is 2. **Privacy/LetAppsAccessEmail_ForceAllowTheseApps** - + @@ -1442,8 +1442,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1451,11 +1451,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. - +
    @@ -1463,7 +1463,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessEmail_ForceDenyTheseApps** - + @@ -1485,8 +1485,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1494,11 +1494,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. - +
    @@ -1506,7 +1506,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessEmail_UserInControlOfTheseApps** - + @@ -1528,8 +1528,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1537,11 +1537,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps. - +
    @@ -1549,7 +1549,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessLocation** - + @@ -1571,8 +1571,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1580,8 +1580,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. Specifies whether Windows apps can access location. The following list shows the supported values: @@ -1592,7 +1592,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -1600,7 +1600,7 @@ Most restricted value is 2. **Privacy/LetAppsAccessLocation_ForceAllowTheseApps** - + @@ -1622,8 +1622,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1631,11 +1631,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. - +
    @@ -1643,7 +1643,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessLocation_ForceDenyTheseApps** - + @@ -1665,8 +1665,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1674,11 +1674,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. - +
    @@ -1686,7 +1686,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessLocation_UserInControlOfTheseApps** - + @@ -1708,8 +1708,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1717,11 +1717,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps. - +
    @@ -1729,7 +1729,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessMessaging** - + @@ -1751,8 +1751,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1760,8 +1760,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. Specifies whether Windows apps can read or send messages (text or MMS). The following list shows the supported values: @@ -1772,7 +1772,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -1780,7 +1780,7 @@ Most restricted value is 2. **Privacy/LetAppsAccessMessaging_ForceAllowTheseApps** - + @@ -1802,8 +1802,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1811,11 +1811,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. - +
    @@ -1823,7 +1823,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessMessaging_ForceDenyTheseApps** - + @@ -1845,8 +1845,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1854,11 +1854,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. - +
    @@ -1866,7 +1866,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessMessaging_UserInControlOfTheseApps** - + @@ -1888,8 +1888,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1897,11 +1897,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps. - +
    @@ -1909,7 +1909,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessMicrophone** - + @@ -1931,8 +1931,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1940,8 +1940,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. Specifies whether Windows apps can access the microphone. The following list shows the supported values: @@ -1952,7 +1952,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -1960,7 +1960,7 @@ Most restricted value is 2. **Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps** - + @@ -1982,8 +1982,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1991,11 +1991,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. - +
    @@ -2003,7 +2003,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps** - + @@ -2025,8 +2025,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2034,11 +2034,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. - +
    @@ -2046,7 +2046,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps** - + @@ -2068,8 +2068,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2077,11 +2077,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps. - +
    @@ -2089,7 +2089,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessMotion** - + @@ -2111,8 +2111,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2120,8 +2120,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. Specifies whether Windows apps can access motion data. The following list shows the supported values: @@ -2132,7 +2132,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -2140,7 +2140,7 @@ Most restricted value is 2. **Privacy/LetAppsAccessMotion_ForceAllowTheseApps** - + @@ -2162,8 +2162,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2171,11 +2171,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. - +
    @@ -2183,7 +2183,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessMotion_ForceDenyTheseApps** - + @@ -2205,8 +2205,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2214,11 +2214,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. - +
    @@ -2226,7 +2226,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessMotion_UserInControlOfTheseApps** - + @@ -2248,8 +2248,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2257,11 +2257,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps. - +
    @@ -2269,7 +2269,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessNotifications** - + @@ -2291,8 +2291,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2300,8 +2300,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. Specifies whether Windows apps can access notifications. The following list shows the supported values: @@ -2312,7 +2312,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -2320,7 +2320,7 @@ Most restricted value is 2. **Privacy/LetAppsAccessNotifications_ForceAllowTheseApps** - + @@ -2342,8 +2342,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2351,11 +2351,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. - +
    @@ -2363,7 +2363,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessNotifications_ForceDenyTheseApps** - + @@ -2385,8 +2385,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2394,11 +2394,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. - +
    @@ -2406,7 +2406,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessNotifications_UserInControlOfTheseApps** - + @@ -2428,8 +2428,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2437,11 +2437,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps. - +
    @@ -2449,7 +2449,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessPhone** - + @@ -2471,8 +2471,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2480,8 +2480,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. Specifies whether Windows apps can make phone calls. The following list shows the supported values: @@ -2492,7 +2492,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -2500,7 +2500,7 @@ Most restricted value is 2. **Privacy/LetAppsAccessPhone_ForceAllowTheseApps** - + @@ -2522,8 +2522,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2531,11 +2531,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. - +
    @@ -2543,7 +2543,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessPhone_ForceDenyTheseApps** - + @@ -2565,8 +2565,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2574,11 +2574,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. - +
    @@ -2586,7 +2586,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessPhone_UserInControlOfTheseApps** - + @@ -2608,8 +2608,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2617,11 +2617,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps. - +
    @@ -2629,7 +2629,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessRadios** - + @@ -2651,8 +2651,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2660,8 +2660,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. Specifies whether Windows apps have access to control radios. The following list shows the supported values: @@ -2672,7 +2672,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -2680,7 +2680,7 @@ Most restricted value is 2. **Privacy/LetAppsAccessRadios_ForceAllowTheseApps** - + @@ -2702,8 +2702,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2711,11 +2711,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. - +
    @@ -2723,7 +2723,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessRadios_ForceDenyTheseApps** - + @@ -2745,8 +2745,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2754,11 +2754,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. - +
    @@ -2766,7 +2766,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessRadios_UserInControlOfTheseApps** - + @@ -2788,8 +2788,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2797,11 +2797,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps. - +
    @@ -2809,7 +2809,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessTasks** - + @@ -2831,8 +2831,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2840,11 +2840,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1703. Specifies whether Windows apps can access tasks. - +
    @@ -2852,7 +2852,7 @@ Added in Windows 10, version 1703. Specifies whether Windows apps can access tas **Privacy/LetAppsAccessTasks_ForceAllowTheseApps** - + @@ -2874,8 +2874,8 @@ Added in Windows 10, version 1703. Specifies whether Windows apps can access tas
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2883,11 +2883,11 @@ Added in Windows 10, version 1703. Specifies whether Windows apps can access tas
    - - + + Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. - +
    @@ -2895,7 +2895,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N **Privacy/LetAppsAccessTasks_ForceDenyTheseApps** - + @@ -2917,8 +2917,8 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2926,11 +2926,11 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N
    - - + + Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. - +
    @@ -2938,7 +2938,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N **Privacy/LetAppsAccessTasks_UserInControlOfTheseApps** - + @@ -2960,8 +2960,8 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2969,11 +2969,11 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N
    - - + + Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps. - +
    @@ -2981,7 +2981,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N **Privacy/LetAppsAccessTrustedDevices** - + @@ -3003,8 +3003,8 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3012,8 +3012,8 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N
    - - + + Added in Windows 10, version 1607. Specifies whether Windows apps can access trusted devices. The following list shows the supported values: @@ -3024,7 +3024,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -3032,7 +3032,7 @@ Most restricted value is 2. **Privacy/LetAppsAccessTrustedDevices_ForceAllowTheseApps** - + @@ -3054,8 +3054,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3063,11 +3063,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. - +
    @@ -3075,7 +3075,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessTrustedDevices_ForceDenyTheseApps** - + @@ -3097,8 +3097,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3106,11 +3106,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. - +
    @@ -3118,7 +3118,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps** - + @@ -3140,8 +3140,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3149,11 +3149,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps. - +
    @@ -3161,7 +3161,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsGetDiagnosticInfo** - + @@ -3183,8 +3183,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3192,8 +3192,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1703. Force allow, force deny or give user control of apps that can get diagnostic information about other running apps. The following list shows the supported values: @@ -3204,7 +3204,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -3212,7 +3212,7 @@ Most restricted value is 2. **Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps** - + @@ -3234,8 +3234,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3243,11 +3243,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps. - +
    @@ -3255,7 +3255,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family **Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps** - + @@ -3277,8 +3277,8 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3286,11 +3286,11 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps. - +
    @@ -3298,7 +3298,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family **Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps** - + @@ -3320,8 +3320,8 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3329,11 +3329,11 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'get diagnostic info' privacy setting for the listed apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps. - +
    @@ -3341,7 +3341,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family **Privacy/LetAppsRunInBackground** - + @@ -3363,8 +3363,8 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3372,8 +3372,8 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1703. Specifies whether Windows apps can run in the background. The following list shows the supported values: @@ -3386,7 +3386,7 @@ Most restricted value is 2. > [!WARNING] > Be careful when determining which apps should have their background activity disabled. Communication apps normally update tiles and notifications through background processes. Turning off background activity for these types of apps could cause text message, email, and voicemail notifications to not function. This could also cause background email syncing to not function properly. - +
    @@ -3394,7 +3394,7 @@ Most restricted value is 2. **Privacy/LetAppsRunInBackground_ForceAllowTheseApps** - + @@ -3416,8 +3416,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3425,11 +3425,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are able to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps. - +
    @@ -3437,7 +3437,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family **Privacy/LetAppsRunInBackground_ForceDenyTheseApps** - + @@ -3459,8 +3459,8 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3468,11 +3468,11 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied the ability to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps. - +
    @@ -3480,7 +3480,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family **Privacy/LetAppsRunInBackground_UserInControlOfTheseApps** - + @@ -3502,8 +3502,8 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3511,11 +3511,11 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the background apps privacy setting for the listed apps. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps. - +
    @@ -3523,7 +3523,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family **Privacy/LetAppsSyncWithDevices** - + @@ -3545,8 +3545,8 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3554,8 +3554,8 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. Specifies whether Windows apps can sync with devices. The following list shows the supported values: @@ -3566,7 +3566,7 @@ The following list shows the supported values: Most restricted value is 2. - +
    @@ -3574,7 +3574,7 @@ Most restricted value is 2. **Privacy/LetAppsSyncWithDevices_ForceAllowTheseApps** - + @@ -3596,8 +3596,8 @@ Most restricted value is 2.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3605,11 +3605,11 @@ Most restricted value is 2.
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. - +
    @@ -3617,7 +3617,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps** - + @@ -3639,8 +3639,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3648,11 +3648,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. - +
    @@ -3660,7 +3660,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps** - + @@ -3682,8 +3682,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3691,11 +3691,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'sync with devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps. - +
    @@ -3703,7 +3703,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family **Privacy/PublishUserActivities** - + @@ -3725,8 +3725,8 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -3734,11 +3734,11 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family
    - - + + Added in Windows 10, version 1709. Allows It Admins to enable publishing of user activities to the activity feed. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md index b0b51ab819..25c6878ae9 100644 --- a/windows/client-management/mdm/policy-csp-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-remoteassistance.md @@ -39,7 +39,7 @@ ms.date: 01/29/2018 **RemoteAssistance/CustomizeWarningMessages** - + @@ -61,8 +61,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -70,8 +70,8 @@ ms.date: 01/29/2018
    - - + + This policy setting lets you customize warning messages. The "Display warning message before sharing control" policy setting allows you to specify a custom message to display before a user shares control of his or her computer. @@ -84,7 +84,7 @@ If you disable this policy setting, the user sees the default warning message. If you do not configure this policy setting, the user sees the default warning message. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -92,14 +92,14 @@ If you do not configure this policy setting, the user sees the default warning m > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Customize warning messages* - GP name: *RA_Options* - GP path: *System/Remote Assistance* - GP ADMX file name: *remoteassistance.admx* - +
    @@ -107,7 +107,7 @@ ADMX Info: **RemoteAssistance/SessionLogging** - + @@ -129,8 +129,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -138,8 +138,8 @@ ADMX Info:
    - - + + This policy setting allows you to turn logging on or off. Log files are located in the user's Documents folder under Remote Assistance. If you enable this policy setting, log files are generated. @@ -148,7 +148,7 @@ If you disable this policy setting, log files are not generated. If you do not configure this setting, application-based settings are used. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -156,14 +156,14 @@ If you do not configure this setting, application-based settings are used. > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn on session logging* - GP name: *RA_Logging* - GP path: *System/Remote Assistance* - GP ADMX file name: *remoteassistance.admx* - +
    @@ -171,7 +171,7 @@ ADMX Info: **RemoteAssistance/SolicitedRemoteAssistance** - + @@ -193,8 +193,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -202,8 +202,8 @@ ADMX Info:
    - - + + This policy setting allows you to turn on or turn off Solicited (Ask for) Remote Assistance on this computer. If you enable this policy setting, users on this computer can use email or file transfer to ask someone for help. Also, users can use instant messaging programs to allow connections to this computer, and you can configure additional Remote Assistance settings. @@ -220,7 +220,7 @@ The "Select the method for sending email invitations" setting specifies which em If you enable this policy setting you should also enable appropriate firewall exceptions to allow Remote Assistance communications. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -228,14 +228,14 @@ If you enable this policy setting you should also enable appropriate firewall ex > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Configure Solicited Remote Assistance* - GP name: *RA_Solicit* - GP path: *System/Remote Assistance* - GP ADMX file name: *remoteassistance.admx* - +
    @@ -243,7 +243,7 @@ ADMX Info: **RemoteAssistance/UnsolicitedRemoteAssistance** - + @@ -265,8 +265,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -274,8 +274,8 @@ ADMX Info:
    - - + + This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote Assistance on this computer. If you enable this policy setting, users on this computer can get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance. @@ -315,7 +315,7 @@ Port 135:TCP %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe Allow Remote Desktop Exception - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -323,14 +323,14 @@ Allow Remote Desktop Exception > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Configure Offer Remote Assistance* - GP name: *RA_Unsolicit* - GP path: *System/Remote Assistance* - GP ADMX file name: *remoteassistance.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md index 782ca41f12..1ff2a93cea 100644 --- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md +++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md @@ -45,7 +45,7 @@ ms.date: 01/29/2018 **RemoteDesktopServices/AllowUsersToConnectRemotely** - + @@ -67,8 +67,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -76,8 +76,8 @@ ms.date: 01/29/2018
    - - + + This policy setting allows you to configure remote access to computers by using Remote Desktop Services. If you enable this policy setting, users who are members of the Remote Desktop Users group on the target computer can connect remotely to the target computer by using Remote Desktop Services. @@ -90,7 +90,7 @@ Note: You can limit which clients are able to connect remotely by using Remote D You can limit the number of users who can connect simultaneously by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Limit number of connections, or by configuring the policy setting Maximum Connections by using the Remote Desktop Session Host WMI Provider. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -98,14 +98,14 @@ You can limit the number of users who can connect simultaneously by configuring > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow users to connect remotely by using Remote Desktop Services* - GP name: *TS_DISABLE_CONNECTIONS* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Connections* - GP ADMX file name: *terminalserver.admx* - +
    @@ -113,7 +113,7 @@ ADMX Info: **RemoteDesktopServices/ClientConnectionEncryptionLevel** - + @@ -135,8 +135,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -144,8 +144,8 @@ ADMX Info:
    - - + + Specifies whether to require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you are using native RDP encryption. However, native RDP encryption (as opposed to SSL encryption) is not recommended. This policy does not apply to SSL encryption. If you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the encryption method specified in this setting. By default, the encryption level is set to High. The following encryption methods are available: @@ -162,7 +162,7 @@ Important FIPS compliance can be configured through the System cryptography. Use FIPS compliant algorithms for encryption, hashing, and signing settings in Group Policy (under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.) The FIPS compliant setting encrypts and decrypts data sent from the client to the server and from the server to the client, with the Federal Information Processing Standard (FIPS) 140 encryption algorithms, by using Microsoft cryptographic modules. Use this encryption level when communications between clients and RD Session Host servers requires the highest level of encryption. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -170,14 +170,14 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Set client connection encryption level* - GP name: *TS_ENCRYPTION_POLICY* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security* - GP ADMX file name: *terminalserver.admx* - +
    @@ -185,7 +185,7 @@ ADMX Info: **RemoteDesktopServices/DoNotAllowDriveRedirection** - + @@ -207,8 +207,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -216,8 +216,8 @@ ADMX Info:
    - - + + This policy setting specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection). By default, an RD Session Host server maps client drives automatically upon connection. Mapped drives appear in the session folder tree in File Explorer or Computer in the format on . You can use this policy setting to override this behavior. @@ -228,7 +228,7 @@ If you disable this policy setting, client drive redirection is always allowed. If you do not configure this policy setting, client drive redirection and Clipboard file copy redirection are not specified at the Group Policy level. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -236,14 +236,14 @@ If you do not configure this policy setting, client drive redirection and Clipbo > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Do not allow drive redirection* - GP name: *TS_CLIENT_DRIVE_M* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Device and Resource Redirection* - GP ADMX file name: *terminalserver.admx* - +
    @@ -251,7 +251,7 @@ ADMX Info: **RemoteDesktopServices/DoNotAllowPasswordSaving** - + @@ -273,8 +273,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -282,15 +282,15 @@ ADMX Info:
    - - + + Controls whether passwords can be saved on this computer from Remote Desktop Connection. If you enable this setting the password saving checkbox in Remote Desktop Connection will be disabled and users will no longer be able to save passwords. When a user opens an RDP file using Remote Desktop Connection and saves his settings, any password that previously existed in the RDP file will be deleted. If you disable this setting or leave it not configured, the user will be able to save passwords using Remote Desktop Connection. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -298,14 +298,14 @@ If you disable this setting or leave it not configured, the user will be able to > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Do not allow passwords to be saved* - GP name: *TS_CLIENT_DISABLE_PASSWORD_SAVING_2* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Connection Client* - GP ADMX file name: *terminalserver.admx* - +
    @@ -313,7 +313,7 @@ ADMX Info: **RemoteDesktopServices/PromptForPasswordUponConnection** - + @@ -335,8 +335,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -344,8 +344,8 @@ ADMX Info:
    - - + + This policy setting specifies whether Remote Desktop Services always prompts the client for a password upon connection. You can use this setting to enforce a password prompt for users logging on to Remote Desktop Services, even if they already provided the password in the Remote Desktop Connection client. @@ -358,7 +358,7 @@ If you disable this policy setting, users can always log on to Remote Desktop Se If you do not configure this policy setting, automatic logon is not specified at the Group Policy level. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -366,14 +366,14 @@ If you do not configure this policy setting, automatic logon is not specified at > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Always prompt for password upon connection* - GP name: *TS_PASSWORD* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security* - GP ADMX file name: *terminalserver.admx* - +
    @@ -381,7 +381,7 @@ ADMX Info: **RemoteDesktopServices/RequireSecureRPCCommunication** - + @@ -403,8 +403,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -412,8 +412,8 @@ ADMX Info:
    - - + + Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication. You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests. @@ -426,7 +426,7 @@ If the status is set to Not Configured, unsecured communication is allowed. Note: The RPC interface is used for administering and configuring Remote Desktop Services. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -434,14 +434,14 @@ Note: The RPC interface is used for administering and configuring Remote Desktop > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Require secure RPC communication* - GP name: *TS_RPC_ENCRYPTION* - GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security* - GP ADMX file name: *terminalserver.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md index 176cd59211..762edfe54e 100644 --- a/windows/client-management/mdm/policy-csp-remotemanagement.md +++ b/windows/client-management/mdm/policy-csp-remotemanagement.md @@ -72,7 +72,7 @@ ms.date: 01/29/2018 **RemoteManagement/AllowBasicAuthentication_Client** - + @@ -94,8 +94,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -103,10 +103,10 @@ ms.date: 01/29/2018
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -114,14 +114,14 @@ ms.date: 01/29/2018 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow Basic authentication* - GP name: *AllowBasic_2* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    @@ -129,7 +129,7 @@ ADMX Info: **RemoteManagement/AllowBasicAuthentication_Service** - + @@ -151,8 +151,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -160,10 +160,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -171,14 +171,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow Basic authentication* - GP name: *AllowBasic_1* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    @@ -186,7 +186,7 @@ ADMX Info: **RemoteManagement/AllowCredSSPAuthenticationClient** - + @@ -208,8 +208,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -217,10 +217,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -228,14 +228,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow CredSSP authentication* - GP name: *AllowCredSSP_2* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    @@ -243,7 +243,7 @@ ADMX Info: **RemoteManagement/AllowCredSSPAuthenticationService** - + @@ -265,8 +265,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -274,10 +274,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -285,14 +285,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow CredSSP authentication* - GP name: *AllowCredSSP_1* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    @@ -300,7 +300,7 @@ ADMX Info: **RemoteManagement/AllowRemoteServerManagement** - + @@ -322,8 +322,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -331,10 +331,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -342,14 +342,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow remote server management through WinRM* - GP name: *AllowAutoConfig* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    @@ -357,7 +357,7 @@ ADMX Info: **RemoteManagement/AllowUnencryptedTraffic_Client** - + @@ -379,8 +379,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -388,10 +388,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -399,14 +399,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow unencrypted traffic* - GP name: *AllowUnencrypted_2* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    @@ -414,7 +414,7 @@ ADMX Info: **RemoteManagement/AllowUnencryptedTraffic_Service** - + @@ -436,8 +436,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -445,10 +445,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -456,14 +456,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow unencrypted traffic* - GP name: *AllowUnencrypted_1* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    @@ -471,7 +471,7 @@ ADMX Info: **RemoteManagement/DisallowDigestAuthentication** - + @@ -493,8 +493,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -502,10 +502,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -513,14 +513,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Disallow Digest authentication* - GP name: *DisallowDigest* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    @@ -528,7 +528,7 @@ ADMX Info: **RemoteManagement/DisallowNegotiateAuthenticationClient** - + @@ -550,8 +550,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -559,10 +559,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -570,14 +570,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Disallow Negotiate authentication* - GP name: *DisallowNegotiate_2* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    @@ -585,7 +585,7 @@ ADMX Info: **RemoteManagement/DisallowNegotiateAuthenticationService** - + @@ -607,8 +607,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -616,10 +616,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -627,14 +627,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Disallow Negotiate authentication* - GP name: *DisallowNegotiate_1* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    @@ -642,7 +642,7 @@ ADMX Info: **RemoteManagement/DisallowStoringOfRunAsCredentials** - + @@ -664,8 +664,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -673,10 +673,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -684,14 +684,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Disallow WinRM from storing RunAs credentials* - GP name: *DisableRunAs* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    @@ -699,7 +699,7 @@ ADMX Info: **RemoteManagement/SpecifyChannelBindingTokenHardeningLevel** - + @@ -721,8 +721,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -730,10 +730,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -741,14 +741,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Specify channel binding token hardening level* - GP name: *CBTHardeningLevel_1* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    @@ -756,7 +756,7 @@ ADMX Info: **RemoteManagement/TrustedHosts** - + @@ -778,8 +778,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -787,10 +787,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -798,14 +798,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Trusted Hosts* - GP name: *TrustedHosts* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client* - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    @@ -813,7 +813,7 @@ ADMX Info: **RemoteManagement/TurnOnCompatibilityHTTPListener** - + @@ -835,8 +835,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -844,10 +844,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -855,14 +855,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn On Compatibility HTTP Listener* - GP name: *HttpCompatibilityListener* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    @@ -870,7 +870,7 @@ ADMX Info: **RemoteManagement/TurnOnCompatibilityHTTPSListener** - + @@ -892,8 +892,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -901,10 +901,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -912,14 +912,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn On Compatibility HTTPS Listener* - GP name: *HttpsCompatibilityListener* - GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service* - GP ADMX file name: *WindowsRemoteManagement.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md index 7f7c9c2e4d..12189ebcb2 100644 --- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md +++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md @@ -33,7 +33,7 @@ ms.date: 01/29/2018 **RemoteProcedureCall/RPCEndpointMapperClientAuthentication** - + @@ -55,8 +55,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -64,8 +64,8 @@ ms.date: 01/29/2018
    - - + + This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in this manner. If you disable this policy setting, RPC clients will not authenticate to the Endpoint Mapper Service, but they will be able to communicate with the Endpoint Mapper Service on Windows NT4 Server. @@ -76,7 +76,7 @@ If you do not configure this policy setting, it remains disabled. RPC clients w Note: This policy will not be applied until the system is rebooted. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -84,14 +84,14 @@ Note: This policy will not be applied until the system is rebooted. > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Enable RPC Endpoint Mapper Client Authentication* - GP name: *RpcEnableAuthEpResolution* - GP path: *System/Remote Procedure Call* - GP ADMX file name: *rpc.admx* - +
    @@ -99,7 +99,7 @@ ADMX Info: **RemoteProcedureCall/RestrictUnauthenticatedRPCClients** - + @@ -121,8 +121,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -130,8 +130,8 @@ ADMX Info:
    - - + + This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers. This policy setting impacts all RPC applications. In a domain environment this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setting should never be applied to a domain controller. @@ -150,7 +150,7 @@ If you enable this policy setting, it directs the RPC server runtime to restrict Note: This policy setting will not be applied until the system is rebooted. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -158,14 +158,14 @@ Note: This policy setting will not be applied until the system is rebooted. > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Restrict Unauthenticated RPC clients* - GP name: *RpcRestrictRemoteClients* - GP path: *System/Remote Procedure Call* - GP ADMX file name: *rpc.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md index 3a66eb8677..bb014aba29 100644 --- a/windows/client-management/mdm/policy-csp-remoteshell.md +++ b/windows/client-management/mdm/policy-csp-remoteshell.md @@ -48,7 +48,7 @@ ms.date: 01/29/2018 **RemoteShell/AllowRemoteShellAccess** - + @@ -70,8 +70,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -79,10 +79,10 @@ ms.date: 01/29/2018
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -90,14 +90,14 @@ ms.date: 01/29/2018 > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Allow Remote Shell Access* - GP name: *AllowRemoteShellAccess* - GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* - +
    @@ -105,7 +105,7 @@ ADMX Info: **RemoteShell/MaxConcurrentUsers** - + @@ -127,8 +127,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -136,10 +136,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -147,14 +147,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *MaxConcurrentUsers* - GP name: *MaxConcurrentUsers* - GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* - +
    @@ -162,7 +162,7 @@ ADMX Info: **RemoteShell/SpecifyIdleTimeout** - + @@ -184,8 +184,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -193,10 +193,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -204,14 +204,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Specify idle Timeout* - GP name: *IdleTimeout* - GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* - +
    @@ -219,7 +219,7 @@ ADMX Info: **RemoteShell/SpecifyMaxMemory** - + @@ -241,8 +241,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -250,10 +250,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -261,14 +261,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Specify maximum amount of memory in MB per Shell* - GP name: *MaxMemoryPerShellMB* - GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* - +
    @@ -276,7 +276,7 @@ ADMX Info: **RemoteShell/SpecifyMaxProcesses** - + @@ -298,8 +298,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -307,10 +307,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -318,14 +318,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Specify maximum number of processes per Shell* - GP name: *MaxProcessesPerShell* - GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* - +
    @@ -333,7 +333,7 @@ ADMX Info: **RemoteShell/SpecifyMaxRemoteShells** - + @@ -355,8 +355,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -364,10 +364,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -375,14 +375,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Specify maximum number of remote shells per user* - GP name: *MaxShellsPerUser* - GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* - +
    @@ -390,7 +390,7 @@ ADMX Info: **RemoteShell/SpecifyShellTimeout** - + @@ -412,8 +412,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -421,10 +421,10 @@ ADMX Info:
    - - + + - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -432,14 +432,14 @@ ADMX Info: > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Specify Shell Timeout* - GP name: *ShellTimeOut* - GP path: *Windows Components/Windows Remote Shell* - GP ADMX file name: *WindowsRemoteShell.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index d992a30b6e..8a9ea5fa7c 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -71,7 +71,7 @@ ms.date: 01/29/2018 **Search/AllowCloudSearch** - + @@ -93,8 +93,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -102,8 +102,8 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1709. Allow search and Cortana to search cloud sources like OneDrive and SharePoint. This policy allows corporate administrators to control whether employees can turn off/on the search of these cloud sources. The default policy value is to allow employees access to the setting that controls search of cloud sources. The following list shows the supported values: @@ -111,7 +111,7 @@ The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
    @@ -119,7 +119,7 @@ The following list shows the supported values: **Search/AllowCortanaInAAD** - + @@ -141,8 +141,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -150,11 +150,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, next major update. This specifies whether the Cortana consent page can appear in the Azure Active Directory (AAD) device out-of-box-experience (OOBE) flow. If this policy is left in its default state, Cortana will not be shown in the AAD OOBE flow. If you opt-in to this policy, then the Cortana consent page will appear in the AAD OOBE flow.. - + The following list shows the supported values: @@ -169,7 +169,7 @@ The following list shows the supported values: **Search/AllowIndexingEncryptedStoresOrItems** - + @@ -191,8 +191,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -200,8 +200,8 @@ The following list shows the supported values:
    - - + + Allows or disallows the indexing of items. This switch is for the Windows Search Indexer, which controls whether it will index items that are encrypted, such as the Windows Information Protection (WIP) protected files. When the policy is enabled, WIP protected items are indexed and the metadata about them are stored in an unencrypted location. The metadata includes things like file path and date modified. @@ -210,7 +210,7 @@ When the policy is disabled, the WIP protected items are not indexed and do not Most restricted value is 0. - + The following list shows the supported values: @@ -225,7 +225,7 @@ The following list shows the supported values: **Search/AllowSearchToUseLocation** - + @@ -247,8 +247,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -256,13 +256,13 @@ The following list shows the supported values:
    - - + + Specifies whether search can leverage location information. Most restricted value is 0. - + The following list shows the supported values: @@ -277,7 +277,7 @@ The following list shows the supported values: **Search/AllowStoringImagesFromVisionSearch** - + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -285,11 +285,11 @@ The following list shows the supported values:
    - - + + This policy has been deprecated. - +
    @@ -297,7 +297,7 @@ This policy has been deprecated. **Search/AllowUsingDiacritics** - + @@ -319,8 +319,8 @@ This policy has been deprecated.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -328,8 +328,8 @@ This policy has been deprecated.
    - - + + Allows the use of diacritics. The following list shows the supported values: @@ -339,7 +339,7 @@ The following list shows the supported values: Most restricted value is 0. - +
    @@ -347,7 +347,7 @@ Most restricted value is 0. **Search/AllowWindowsIndexer** - + @@ -369,8 +369,8 @@ Most restricted value is 0.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -378,11 +378,11 @@ Most restricted value is 0.
    - - + + Allow Windows indexer. Value type is integer. - +
    @@ -390,7 +390,7 @@ Allow Windows indexer. Value type is integer. **Search/AlwaysUseAutoLangDetection** - + @@ -412,8 +412,8 @@ Allow Windows indexer. Value type is integer.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -421,8 +421,8 @@ Allow Windows indexer. Value type is integer.
    - - + + Specifies whether to always use automatic language detection when indexing content and properties. The following list shows the supported values: @@ -432,7 +432,7 @@ The following list shows the supported values: Most restricted value is 0. - +
    @@ -440,7 +440,7 @@ Most restricted value is 0. **Search/DisableBackoff** - + @@ -462,8 +462,8 @@ Most restricted value is 0.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -471,8 +471,8 @@ Most restricted value is 0.
    - - + + If enabled, the search indexer backoff feature will be disabled. Indexing will continue at full speed even when system activity is high. If disabled, backoff logic will be used to throttle back indexing activity when system activity is high. Default is disabled. The following list shows the supported values: @@ -480,7 +480,7 @@ The following list shows the supported values: - 0 (default) – Disable. - 1 – Enable. - +
    @@ -488,7 +488,7 @@ The following list shows the supported values: **Search/DisableRemovableDriveIndexing** - + @@ -510,8 +510,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -519,8 +519,8 @@ The following list shows the supported values:
    - - + + This policy setting configures whether or not locations on removable drives can be added to libraries. If you enable this policy setting, locations on removable drives cannot be added to libraries. In addition, locations on removable drives cannot be indexed. @@ -532,7 +532,7 @@ The following list shows the supported values: - 0 (default) – Disable. - 1 – Enable. - +
    @@ -540,7 +540,7 @@ The following list shows the supported values: **Search/DoNotUseWebResults** - + @@ -562,8 +562,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -571,8 +571,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, next major update. Don't search the web or display web results in Search. This policy setting allows you to control whether or not Search can perform queries on the web, and if the web results are displayed in Search. @@ -580,7 +580,7 @@ If you enable this policy setting, queries won't be performed on the web and web If you disable this policy setting, queries will be performed on the web and web results will be displayed when a user performs a query in Search. - + The following list shows the supported values: @@ -595,7 +595,7 @@ The following list shows the supported values: **Search/PreventIndexingLowDiskSpaceMB** - + @@ -617,8 +617,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -626,8 +626,8 @@ The following list shows the supported values:
    - - + + Enabling this policy prevents indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. Select between 0 and 1. Enable this policy if computers in your environment have extremely limited hard drive space. @@ -639,7 +639,7 @@ The following list shows the supported values: - 0 – Disable. - 1 (default) – Enable. - +
    @@ -647,7 +647,7 @@ The following list shows the supported values: **Search/PreventRemoteQueries** - + @@ -669,8 +669,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -678,8 +678,8 @@ The following list shows the supported values:
    - - + + If enabled, clients will be unable to query this computer's index remotely. Thus, when they are browsing network shares that are stored on this computer, they will not search them using the index. If disabled, client search requests will use this computer's index.. The following list shows the supported values: @@ -687,7 +687,7 @@ The following list shows the supported values: - 0 – Disable. - 1 (default) – Enable. - +
    @@ -695,7 +695,7 @@ The following list shows the supported values: **Search/SafeSearchPermissions** - + @@ -717,8 +717,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -726,8 +726,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -741,7 +741,7 @@ The following list shows the supported values: Most restricted value is 0. - +
    diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md index 7da2bfbe1c..ac48498127 100644 --- a/windows/client-management/mdm/policy-csp-security.md +++ b/windows/client-management/mdm/policy-csp-security.md @@ -62,7 +62,7 @@ ms.date: 01/29/2018 **Security/AllowAddProvisioningPackage** - + @@ -84,8 +84,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -93,11 +93,11 @@ ms.date: 01/29/2018
    - - + + Specifies whether to allow the runtime configuration agent to install provisioning packages. - + The following list shows the supported values: @@ -112,7 +112,7 @@ The following list shows the supported values: **Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices** - + @@ -134,8 +134,8 @@ The following list shows the supported values:
    Home
    - - + + > [!NOTE] > This policy has been deprecated in Windows 10, version 1607 @@ -152,7 +152,7 @@ The following list shows the supported values: - 0 – Not allowed. - 1 (default) – Allowed. - +
    @@ -160,7 +160,7 @@ The following list shows the supported values: **Security/AllowManualRootCertificateInstallation** - + @@ -182,8 +182,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -191,8 +191,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -201,7 +201,7 @@ Specifies whether the user is allowed to manually install root and intermediate Most restricted value is 0. - + The following list shows the supported values: @@ -216,7 +216,7 @@ The following list shows the supported values: **Security/AllowRemoveProvisioningPackage** - + @@ -238,8 +238,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -247,11 +247,11 @@ The following list shows the supported values:
    - - + + Specifies whether to allow the runtime configuration agent to remove provisioning packages. - + The following list shows the supported values: @@ -266,7 +266,7 @@ The following list shows the supported values: **Security/AntiTheftMode** - + @@ -288,8 +288,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -297,15 +297,15 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.   Allows or disallow Anti Theft Mode on the device. - + The following list shows the supported values: @@ -320,7 +320,7 @@ The following list shows the supported values: **Security/ClearTPMIfNotReady** - + @@ -342,8 +342,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -351,14 +351,14 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. Added in Windows 10, version 1709. Admin access is required. The prompt will appear on first admin logon after a reboot when the TPM is in a non-ready state that can be remediated with a TPM Clear. The prompt will have a description of what clearing the TPM does and that it requires a reboot. The user can dismiss it, but it will appear on next admin logon after restart. - + The following list shows the supported values: @@ -373,7 +373,7 @@ The following list shows the supported values: **Security/ConfigureWindowsPasswords** - + @@ -395,8 +395,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -404,14 +404,14 @@ The following list shows the supported values:
    - - + + Added in Windows 10, next major update. Configures the use of passwords for Windows features. > [!Note] > This policy is only supported in Windows 10 S. - + The following list shows the supported values: @@ -427,7 +427,7 @@ The following list shows the supported values: **Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices** - + @@ -449,8 +449,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -458,8 +458,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -473,7 +473,7 @@ The following list shows the supported values: - 0 (default) – Encryption enabled. - 1 – Encryption disabled. - +
    @@ -481,7 +481,7 @@ The following list shows the supported values: **Security/RequireDeviceEncryption** - + @@ -503,8 +503,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -512,8 +512,8 @@ The following list shows the supported values:
    - - + + Allows enterprise to turn on internal storage encryption. The following list shows the supported values: @@ -526,7 +526,7 @@ Most restricted value is 1. > [!IMPORTANT] > If encryption has been enabled, it cannot be turned off by using this policy. - +
    @@ -534,7 +534,7 @@ Most restricted value is 1. **Security/RequireProvisioningPackageSignature** - + @@ -556,8 +556,8 @@ Most restricted value is 1.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -565,8 +565,8 @@ Most restricted value is 1.
    - - + + Specifies whether provisioning packages must have a certificate signed by a device trusted authority. The following list shows the supported values: @@ -574,7 +574,7 @@ The following list shows the supported values: - 0 (default) – Not required. - 1 – Required. - +
    @@ -582,7 +582,7 @@ The following list shows the supported values: **Security/RequireRetrieveHealthCertificateOnBoot** - + @@ -604,8 +604,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -613,8 +613,8 @@ The following list shows the supported values:
    - - + + Specifies whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service (HAS) when a device boots or reboots. The following list shows the supported values: @@ -633,7 +633,7 @@ Setting this policy to 1 (Required): Most restricted value is 1. - +
    diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index b21b911cc1..f80b9cac01 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -71,7 +71,7 @@ ms.date: 01/29/2018 **Settings/AllowAutoPlay** - + @@ -93,8 +93,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -102,8 +102,8 @@ ms.date: 01/29/2018
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -113,7 +113,7 @@ Allows the user to change Auto Play settings. > [!NOTE] > Setting this policy to 0 (Not allowed) does not affect the autoplay dialog box that appears when a device is connected. - + The following list shows the supported values: @@ -128,7 +128,7 @@ The following list shows the supported values: **Settings/AllowDataSense** - + @@ -150,8 +150,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -159,11 +159,11 @@ The following list shows the supported values:
    - - + + Allows the user to change Data Sense settings. - + The following list shows the supported values: @@ -178,7 +178,7 @@ The following list shows the supported values: **Settings/AllowDateTime** - + @@ -200,8 +200,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -209,11 +209,11 @@ The following list shows the supported values:
    - - + + Allows the user to change date and time settings. - + The following list shows the supported values: @@ -228,7 +228,7 @@ The following list shows the supported values: **Settings/AllowEditDeviceName** - + @@ -250,8 +250,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -259,11 +259,11 @@ The following list shows the supported values:
    - - + + Allows editing of the device name. - + The following list shows the supported values: @@ -278,7 +278,7 @@ The following list shows the supported values: **Settings/AllowLanguage** - + @@ -300,8 +300,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -309,15 +309,15 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. Allows the user to change the language settings. - + The following list shows the supported values: @@ -332,7 +332,7 @@ The following list shows the supported values: **Settings/AllowOnlineTips** - + @@ -354,8 +354,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -363,13 +363,13 @@ The following list shows the supported values:
    - - + + Enables or disables the retrieval of online tips and help for the Settings app. If disabled, Settings will not contact Microsoft content services to retrieve tips and help content. - +
    @@ -377,7 +377,7 @@ If disabled, Settings will not contact Microsoft content services to retrieve ti **Settings/AllowPowerSleep** - + @@ -399,8 +399,8 @@ If disabled, Settings will not contact Microsoft content services to retrieve ti
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -408,15 +408,15 @@ If disabled, Settings will not contact Microsoft content services to retrieve ti
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. Allows the user to change power and sleep settings. - + The following list shows the supported values: @@ -431,7 +431,7 @@ The following list shows the supported values: **Settings/AllowRegion** - + @@ -453,8 +453,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -462,15 +462,15 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. Allows the user to change the region settings. - + The following list shows the supported values: @@ -485,7 +485,7 @@ The following list shows the supported values: **Settings/AllowSignInOptions** - + @@ -507,8 +507,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -516,15 +516,15 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. Allows the user to change sign-in options. - + The following list shows the supported values: @@ -539,7 +539,7 @@ The following list shows the supported values: **Settings/AllowVPN** - + @@ -561,8 +561,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -570,11 +570,11 @@ The following list shows the supported values:
    - - + + Allows the user to change VPN settings. - + The following list shows the supported values: @@ -589,7 +589,7 @@ The following list shows the supported values: **Settings/AllowWorkplace** - + @@ -611,8 +611,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -620,15 +620,15 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. Allows user to change workplace settings. - + The following list shows the supported values: @@ -643,7 +643,7 @@ The following list shows the supported values: **Settings/AllowYourAccount** - + @@ -665,8 +665,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -674,11 +674,11 @@ The following list shows the supported values:
    - - + + Allows user to change account settings. - + The following list shows the supported values: @@ -693,7 +693,7 @@ The following list shows the supported values: **Settings/ConfigureTaskbarCalendar** - + @@ -715,8 +715,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -724,8 +724,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Allows IT Admins to configure the default setting for showing additional calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. In this version of Windows 10, supported additional calendars are: Simplified or Traditional Chinese lunar calendar. Turning on one of these calendars will display Chinese lunar dates below the default calendar for the locale. Select "Don't show additional calendars" to prevent showing other calendars besides the default calendar for the locale. The following list shows the supported values: @@ -735,7 +735,7 @@ The following list shows the supported values: - 2 - Simplified Chinese (Lunar). - 3 - Traditional Chinese (Lunar). - +
    @@ -743,7 +743,7 @@ The following list shows the supported values: **Settings/PageVisibilityList** - + @@ -765,8 +765,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -774,8 +774,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Allows IT Admins to either prevent specific pages in the System Settings app from being visible or accessible, or to do so for all pages except those specified. The mode will be specified by the policy string beginning with either the string "showonly:" or "hide:".  Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:foo", the page identifier used in the policy will be just "foo". Multiple page identifiers are separated by semicolons. The following example illustrates a policy that would allow access only to the about and bluetooth pages, which have URI "ms-settings:about" and "ms-settings:bluetooth" respectively: @@ -808,7 +808,7 @@ To validate on Desktop, do the following: 2. Configure the policy with the following string: "hide:about". 3. Open System Settings again and verify that the About page is no longer accessible. - +
    diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md index 4aeb3007f6..c487c7699c 100644 --- a/windows/client-management/mdm/policy-csp-smartscreen.md +++ b/windows/client-management/mdm/policy-csp-smartscreen.md @@ -36,7 +36,7 @@ ms.date: 01/29/2018 **SmartScreen/EnableAppInstallControl** - + @@ -58,8 +58,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -67,11 +67,11 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1703. Allows IT Admins to control whether users are allowed to install apps from places other than the Store. - + The following list shows the supported values: @@ -86,7 +86,7 @@ The following list shows the supported values: **SmartScreen/EnableSmartScreenInShell** - + @@ -108,8 +108,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -117,11 +117,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Allows IT Admins to configure SmartScreen for Windows. - + The following list shows the supported values: @@ -136,7 +136,7 @@ The following list shows the supported values: **SmartScreen/PreventOverrideForFilesInShell** - + @@ -158,8 +158,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -167,11 +167,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Allows IT Admins to control whether users can can ignore SmartScreen warnings and run malicious files. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md index eb15267764..6da3005afa 100644 --- a/windows/client-management/mdm/policy-csp-speech.md +++ b/windows/client-management/mdm/policy-csp-speech.md @@ -30,7 +30,7 @@ ms.date: 01/29/2018 **Speech/AllowSpeechModelUpdate** - + @@ -52,8 +52,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -61,11 +61,11 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1607. Specifies whether the device will receive updates to the speech recognition and speech synthesis models. A speech model contains data used by the speech engine to convert audio to text (or vice-versa). The models are periodically updated to improve accuracy and performance. Models are non-executable data files. If enabled, the device will periodically check for updated speech models and then download them from a Microsoft service using the Background Internet Transfer Service (BITS). - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index 6dbef99ae1..af43f0bf48 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -114,7 +114,7 @@ ms.date: 01/29/2018 **Start/AllowPinnedFolderDocuments** - + @@ -136,8 +136,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -145,11 +145,11 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1703. This policy controls the visibility of the Documents shortcut on the Start menu. - + The following list shows the supported values: @@ -165,7 +165,7 @@ The following list shows the supported values: **Start/AllowPinnedFolderDownloads** - + @@ -187,8 +187,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -196,11 +196,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. This policy controls the visibility of the Downloads shortcut on the Start menu. - + The following list shows the supported values: @@ -216,7 +216,7 @@ The following list shows the supported values: **Start/AllowPinnedFolderFileExplorer** - + @@ -238,8 +238,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -247,11 +247,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. This policy controls the visibility of the File Explorer shortcut on the Start menu. - + The following list shows the supported values: @@ -267,7 +267,7 @@ The following list shows the supported values: **Start/AllowPinnedFolderHomeGroup** - + @@ -289,8 +289,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -298,11 +298,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. This policy controls the visibility of the HomeGroup shortcut on the Start menu. - + The following list shows the supported values: @@ -318,7 +318,7 @@ The following list shows the supported values: **Start/AllowPinnedFolderMusic** - + @@ -340,8 +340,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -349,11 +349,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. This policy controls the visibility of the Music shortcut on the Start menu. - + The following list shows the supported values: @@ -369,7 +369,7 @@ The following list shows the supported values: **Start/AllowPinnedFolderNetwork** - + @@ -391,8 +391,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -400,11 +400,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. This policy controls the visibility of the Network shortcut on the Start menu. - + The following list shows the supported values: @@ -420,7 +420,7 @@ The following list shows the supported values: **Start/AllowPinnedFolderPersonalFolder** - + @@ -442,8 +442,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -451,11 +451,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. This policy controls the visibility of the PersonalFolder shortcut on the Start menu. - + The following list shows the supported values: @@ -471,7 +471,7 @@ The following list shows the supported values: **Start/AllowPinnedFolderPictures** - + @@ -493,8 +493,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -502,11 +502,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. This policy controls the visibility of the Pictures shortcut on the Start menu. - + The following list shows the supported values: @@ -522,7 +522,7 @@ The following list shows the supported values: **Start/AllowPinnedFolderSettings** - + @@ -544,8 +544,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -553,11 +553,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. This policy controls the visibility of the Settings shortcut on the Start menu. - + The following list shows the supported values: @@ -573,7 +573,7 @@ The following list shows the supported values: **Start/AllowPinnedFolderVideos** - + @@ -595,8 +595,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -604,11 +604,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. This policy controls the visibility of the Videos shortcut on the Start menu. - + The following list shows the supported values: @@ -624,7 +624,7 @@ The following list shows the supported values: **Start/ForceStartSize** - + @@ -646,8 +646,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -655,8 +655,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -671,7 +671,7 @@ The following list shows the supported values: If there is policy configuration conflict, the latest configuration request is applied to the device. - +
    @@ -679,7 +679,7 @@ If there is policy configuration conflict, the latest configuration request is a **Start/HideAppList** - + @@ -701,8 +701,8 @@ If there is policy configuration conflict, the latest configuration request is a
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -710,8 +710,8 @@ If there is policy configuration conflict, the latest configuration request is a
    - - + + > [!NOTE] > This policy requires reboot to take effect. @@ -734,7 +734,7 @@ To validate on Desktop, do the following: - 2b - If set to '2': Verify that the all apps list is collapsed, and that the Settings toggle is grayed out. - 2c - If set to '3': Verify that there is no way of opening the all apps list from Start, and that the Settings toggle is grayed out. - +
    @@ -742,7 +742,7 @@ To validate on Desktop, do the following: **Start/HideChangeAccountSettings** - + @@ -764,8 +764,8 @@ To validate on Desktop, do the following:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -773,8 +773,8 @@ To validate on Desktop, do the following:
    - - + + Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Change account settings" from appearing in the user tile. To validate on Desktop, do the following: @@ -782,7 +782,7 @@ To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, click on the user tile, and verify that "Change account settings" is not available. - + The following list shows the supported values: @@ -797,7 +797,7 @@ The following list shows the supported values: **Start/HideFrequentlyUsedApps** - + @@ -819,8 +819,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -828,8 +828,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy requires reboot to take effect. @@ -844,7 +844,7 @@ To validate on Desktop, do the following: 5. Check that "Show most used apps" Settings toggle is grayed out. 6. Check that most used apps do not appear in Start. - + The following list shows the supported values: @@ -859,7 +859,7 @@ The following list shows the supported values: **Start/HideHibernate** - + @@ -881,8 +881,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -890,8 +890,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Hibernate" from appearing in the Power button. To validate on Laptop, do the following: @@ -902,7 +902,7 @@ To validate on Laptop, do the following: > [!NOTE] > This policy can only be verified on laptops as "Hibernate" does not appear on regular PC's. - + The following list shows the supported values: @@ -917,7 +917,7 @@ The following list shows the supported values: **Start/HideLock** - + @@ -939,8 +939,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -948,8 +948,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Lock" from appearing in the user tile. To validate on Desktop, do the following: @@ -957,7 +957,7 @@ To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, click on the user tile, and verify "Lock" is not available. - + The following list shows the supported values: @@ -972,7 +972,7 @@ The following list shows the supported values: **Start/HidePeopleBar** - + @@ -994,8 +994,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1003,13 +1003,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. Enabling this policy removes the people icon from the taskbar as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar. Value type is integer. - +
    @@ -1017,7 +1017,7 @@ Value type is integer. **Start/HidePowerButton** - + @@ -1039,8 +1039,8 @@ Value type is integer.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1048,8 +1048,8 @@ Value type is integer.
    - - + + > [!NOTE] > This policy requires reboot to take effect. @@ -1060,7 +1060,7 @@ To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, and verify the power button is not available. - + The following list shows the supported values: @@ -1075,7 +1075,7 @@ The following list shows the supported values: **Start/HideRecentJumplists** - + @@ -1097,8 +1097,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1106,8 +1106,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy requires reboot to take effect. @@ -1125,7 +1125,7 @@ To validate on Desktop, do the following: 8. Repeat Step 2. 9. Right Click pinned photos app and verify that there is no jumplist of recent items. - + The following list shows the supported values: @@ -1140,7 +1140,7 @@ The following list shows the supported values: **Start/HideRecentlyAddedApps** - + @@ -1162,8 +1162,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1171,8 +1171,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy requires reboot to take effect. @@ -1187,7 +1187,7 @@ To validate on Desktop, do the following: 5. Check that "Show recently added apps" Settings toggle is grayed out. 6. Check that recently added apps do not appear in Start. - + The following list shows the supported values: @@ -1202,7 +1202,7 @@ The following list shows the supported values: **Start/HideRestart** - + @@ -1224,8 +1224,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1233,8 +1233,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Restart" and "Update and restart" from appearing in the Power button. To validate on Desktop, do the following: @@ -1242,7 +1242,7 @@ To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, click on the Power button, and verify "Restart" and "Update and restart" are not available. - + The following list shows the supported values: @@ -1257,7 +1257,7 @@ The following list shows the supported values: **Start/HideShutDown** - + @@ -1279,8 +1279,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1288,8 +1288,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Shut down" and "Update and shut down" from appearing in the Power button. To validate on Desktop, do the following: @@ -1297,7 +1297,7 @@ To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, click on the Power button, and verify "Shut down" and "Update and shut down" are not available. - + The following list shows the supported values: @@ -1312,7 +1312,7 @@ The following list shows the supported values: **Start/HideSignOut** - + @@ -1334,8 +1334,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1343,8 +1343,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Sign out" from appearing in the user tile. To validate on Desktop, do the following: @@ -1352,7 +1352,7 @@ To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, click on the user tile, and verify "Sign out" is not available. - + The following list shows the supported values: @@ -1367,7 +1367,7 @@ The following list shows the supported values: **Start/HideSleep** - + @@ -1389,8 +1389,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1398,8 +1398,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Sleep" from appearing in the Power button. To validate on Desktop, do the following: @@ -1407,7 +1407,7 @@ To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, click on the Power button, and verify that "Sleep" is not available. - + The following list shows the supported values: @@ -1422,7 +1422,7 @@ The following list shows the supported values: **Start/HideSwitchAccount** - + @@ -1444,8 +1444,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1453,8 +1453,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Switch account" from appearing in the user tile. To validate on Desktop, do the following: @@ -1462,7 +1462,7 @@ To validate on Desktop, do the following: 1. Enable policy. 2. Open Start, click on the user tile, and verify that "Switch account" is not available. - + The following list shows the supported values: @@ -1477,7 +1477,7 @@ The following list shows the supported values: **Start/HideUserTile** - + @@ -1499,8 +1499,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1508,8 +1508,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy requires reboot to take effect. @@ -1521,7 +1521,7 @@ To validate on Desktop, do the following: 2. Log off. 3. Log in, and verify that the user tile is gone from Start. - + The following list shows the supported values: @@ -1536,7 +1536,7 @@ The following list shows the supported values: **Start/ImportEdgeAssets** - + @@ -1558,8 +1558,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1567,8 +1567,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy requires reboot to take effect. @@ -1586,7 +1586,7 @@ To validate on Desktop, do the following: 3. Sign out/in. 4. Verify that all Edge assets defined in XML show up in %LOCALAPPDATA%\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState path. - +
    @@ -1594,7 +1594,7 @@ To validate on Desktop, do the following: **Start/NoPinningToTaskbar** - + @@ -1616,8 +1616,8 @@ To validate on Desktop, do the following:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1625,8 +1625,8 @@ To validate on Desktop, do the following:
    - - + + Added in Windows 10, version 1703. Allows IT Admins to configure the taskbar by disabling pinning and unpinning apps on the taskbar. To validate on Desktop, do the following: @@ -1637,7 +1637,7 @@ To validate on Desktop, do the following: 4. Open Start and right click on one of the app list icons. 5. Verify that More->Pin to taskbar menu does not show. - + The following list shows the supported values: @@ -1652,7 +1652,7 @@ The following list shows the supported values: **Start/StartLayout** - + @@ -1674,8 +1674,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1684,8 +1684,8 @@ The following list shows the supported values:
    - - + + > [!IMPORTANT] > Added in Windows 10 version 1703: In addition to being able to set this node on a per user-basis, it can now also be set on a per-device basis. For more information, see [Policy scope](./policy-configuration-service-provider.md#policy-scope) @@ -1693,7 +1693,7 @@ Allows you to override the default Start layout and prevents the user from chang For further details on how to customize the Start layout, please see [Customize and export Start layout](https://docs.microsoft.com/en-us/windows/configuration/customize-and-export-start-layout) and [Configure Windows 10 taskbar](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-10-taskbar). - +
    diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index a14fd22cb2..f7c55ff050 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -33,7 +33,7 @@ ms.date: 01/29/2018 **Storage/AllowDiskHealthModelUpdates** - + @@ -55,8 +55,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -64,8 +64,8 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1709. Allows disk health model updates. @@ -76,7 +76,7 @@ The following list shows the supported values: Value type is integer. - +
    @@ -84,7 +84,7 @@ Value type is integer. **Storage/EnhancedStorageDevices** - + @@ -106,8 +106,8 @@ Value type is integer.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -115,15 +115,15 @@ Value type is integer.
    - - + + This policy setting configures whether or not Windows will activate an Enhanced Storage device. If you enable this policy setting, Windows will not activate unactivated Enhanced Storage devices. If you disable or do not configure this policy setting, Windows will activate unactivated Enhanced Storage devices. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -131,14 +131,14 @@ If you disable or do not configure this policy setting, Windows will activate un > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Do not allow Windows to activate Enhanced Storage devices* - GP name: *TCGSecurityActivationDisabled* - GP path: *System/Enhanced Storage Access* - GP ADMX file name: *enhancedstorage.admx* - +
    diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index e9d50d3359..eb2ff5cb90 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -74,7 +74,7 @@ ms.date: 01/29/2018 **System/AllowBuildPreview** - + @@ -96,8 +96,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -105,8 +105,8 @@ ms.date: 01/29/2018
    - - + + > [!NOTE] > This policy setting applies only to devices running Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, Windows 10 Mobile, and Windows 10 Mobile Enterprise. @@ -121,7 +121,7 @@ The following list shows the supported values: - 1 – Allowed. Users can make their devices available for downloading and installing preview software. - 2 (default) – Not configured. Users can make their devices available for downloading and installing preview software. - +
    @@ -129,7 +129,7 @@ The following list shows the supported values: **System/AllowEmbeddedMode** - + @@ -151,8 +151,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -160,13 +160,13 @@ The following list shows the supported values:
    - - + + Specifies whether set general purpose device to be in embedded mode. Most restricted value is 0. - + The following list shows the supported values: @@ -181,7 +181,7 @@ The following list shows the supported values: **System/AllowExperimentation** - + @@ -203,8 +203,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -212,8 +212,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > This policy is not supported in Windows 10, version 1607. @@ -227,7 +227,7 @@ The following list shows the supported values: Most restricted value is 0. - +
    @@ -235,7 +235,7 @@ Most restricted value is 0. **System/AllowFontProviders** - + @@ -257,8 +257,8 @@ Most restricted value is 0.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -266,8 +266,8 @@ Most restricted value is 0.
    - - + + Added in Windows 10, version 1703. Boolean policy setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. If you disable this policy setting, Windows does not connect to an online font provider and only enumerates locally-installed fonts. This MDM setting corresponds to the EnableFontProviders Group Policy setting. If both the Group Policy and the MDM settings are configured, the group policy setting takes precedence. If neither is configured, the behavior depends on a DisableFontProviders registry value. In server editions, this registry value is set to 1 by default, so the default behavior is false (disabled). In all other editions, the registry value is not set by default, so the default behavior is true (enabled). @@ -277,7 +277,7 @@ This setting is used by lower-level components for text display and fond handlin > [!Note] > Reboot is required after setting the policy; alternatively you can stop and restart the FontCache service. - + The following list shows the supported values: @@ -298,7 +298,7 @@ To verify if System/AllowFontProviders is set to true: **System/AllowLocation** - + @@ -320,8 +320,8 @@ To verify if System/AllowFontProviders is set to true:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -329,8 +329,8 @@ To verify if System/AllowFontProviders is set to true:
    - - + + Specifies whether to allow app access to the Location service. The following list shows the supported values: @@ -347,7 +347,7 @@ When switching the policy back from 0 (Force Location Off) or 2 (Force Location For example, an app's original Location setting is Off. The administrator then sets the **AllowLocation** policy to 2 (Force Location On.) The Location service starts working for that app, overriding the original setting. Later, if the administrator switches the **AllowLocation** policy back to 1 (User Control), the app will revert to using its original setting of Off. - +
    @@ -355,7 +355,7 @@ For example, an app's original Location setting is Off. The administrator then s **System/AllowStorageCard** - + @@ -377,8 +377,8 @@ For example, an app's original Location setting is Off. The administrator then s
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -386,13 +386,13 @@ For example, an app's original Location setting is Off. The administrator then s
    - - + + Controls whether the user is allowed to use the storage card for device storage. This setting prevents programmatic access to the storage card. Most restricted value is 0. - + The following list shows the supported values: @@ -407,7 +407,7 @@ The following list shows the supported values: **System/AllowTelemetry** - + @@ -429,8 +429,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -439,8 +439,8 @@ The following list shows the supported values:
    - - + + Allow the device to send diagnostic and usage telemetry data, such as Watson. The following tables describe the supported values: @@ -518,7 +518,7 @@ Windows 10 Values: Most restricted value is 0. - +
    @@ -526,7 +526,7 @@ Most restricted value is 0. **System/AllowUserToResetPhone** - + @@ -548,8 +548,8 @@ Most restricted value is 0.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -557,13 +557,13 @@ Most restricted value is 0.
    - - + + Specifies whether to allow the user to factory reset the phone by using control panel and hardware key combination. Most restricted value is 0. - + The following list shows the supported values: orted values: @@ -579,7 +579,7 @@ orted values: **System/BootStartDriverInitialization** - + @@ -601,8 +601,8 @@ orted values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -610,11 +610,11 @@ orted values:
    - - + + N/A - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -622,12 +622,12 @@ N/A > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP name: *POL_DriverLoadPolicy_Name* - GP ADMX file name: *earlylauncham.admx* - +
    @@ -635,7 +635,7 @@ ADMX Info: **System/DisableEnterpriseAuthProxy** - + @@ -657,8 +657,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -666,11 +666,11 @@ ADMX Info:
    - - + + This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or do not configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy. - +
    @@ -678,7 +678,7 @@ This policy setting blocks the Connected User Experience and Telemetry service f **System/DisableOneDriveFileSync** - + @@ -700,8 +700,8 @@ This policy setting blocks the Connected User Experience and Telemetry service f
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -709,8 +709,8 @@ This policy setting blocks the Connected User Experience and Telemetry service f
    - - + + Added in Windows 10, version 1703. Allows IT Admins to prevent apps and features from working with files on OneDrive. If you enable this policy setting: * Users cannot access OneDrive from the OneDrive app or file picker. @@ -727,7 +727,7 @@ To validate on Desktop, do the following: 2. Restart machine. 3. Verify that OneDrive.exe is not running in Task Manager. - + The following list shows the supported values: @@ -742,7 +742,7 @@ The following list shows the supported values: **System/DisableSystemRestore** - + @@ -764,8 +764,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -773,8 +773,8 @@ The following list shows the supported values:
    - - + + Allows you to disable System Restore. This policy setting allows you to turn off System Restore. @@ -787,7 +787,7 @@ If you disable or do not configure this policy setting, users can perform System Also, see the "Turn off System Restore configuration" policy setting. If the "Turn off System Restore" policy setting is disabled or not configured, the "Turn off System Restore configuration" policy setting is used to determine whether the option to configure System Restore is available. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -795,14 +795,14 @@ Also, see the "Turn off System Restore configuration" policy setting. If the "Tu > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off System Restore* - GP name: *SR_DisableSR* - GP path: *System/System Restore* - GP ADMX file name: *systemrestore.admx* - +
    @@ -810,7 +810,7 @@ ADMX Info: **System/FeedbackHubAlwaysSaveDiagnosticsLocally** - + @@ -832,8 +832,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -841,11 +841,11 @@ ADMX Info:
    - - + + Added in Windows 10, next major update. When filing feedback in the Feedback Hub, diagnostic logs are collected for certain types of feedback. We now offer the option for users to save it locally, in addition to sending it to Microsoft. This policy will allow enterprises to mandate that all diagnostics are saved locally for use in internal investigations. - + The following list shows the supported values: @@ -860,7 +860,7 @@ The following list shows the supported values: **System/LimitEnhancedDiagnosticDataWindowsAnalytics** - + @@ -882,8 +882,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -891,8 +891,8 @@ The following list shows the supported values:
    - - + + This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. @@ -908,7 +908,7 @@ Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combina If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. - +
    @@ -916,7 +916,7 @@ If you disable or do not configure this policy setting, then the level of diagno **System/TelemetryProxy** - + @@ -938,8 +938,8 @@ If you disable or do not configure this policy setting, then the level of diagno
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -947,13 +947,13 @@ If you disable or do not configure this policy setting, then the level of diagno
    - - + + Allows you to specify the fully qualified domain name (FQDN) or IP address of a proxy server to forward Connected User Experiences and Telemetry requests. The format for this setting is *<server>:<port>*. The connection is made over a Secure Sockets Layer (SSL) connection. If the named proxy fails, or if there is no proxy specified when this policy is enabled, the Connected User Experiences and Telemetry data will not be transmitted and will remain on the local device. If you disable or do not configure this policy setting, Connected User Experiences and Telemetry will go to Microsoft using the default proxy configuration. - +
    diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md index cdee24bf7c..121c82b0ca 100644 --- a/windows/client-management/mdm/policy-csp-systemservices.md +++ b/windows/client-management/mdm/policy-csp-systemservices.md @@ -47,7 +47,7 @@ ms.date: 01/29/2018 **SystemServices/ConfigureHomeGroupListenerServiceStartupMode** - + @@ -69,8 +69,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -78,11 +78,11 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - +
    @@ -90,7 +90,7 @@ Added in Windows 10, next major update. This setting determines whether the serv **SystemServices/ConfigureHomeGroupProviderServiceStartupMode** - + @@ -112,8 +112,8 @@ Added in Windows 10, next major update. This setting determines whether the serv
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -121,11 +121,11 @@ Added in Windows 10, next major update. This setting determines whether the serv
    - - + + Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - +
    @@ -133,7 +133,7 @@ Added in Windows 10, next major update. This setting determines whether the serv **SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode** - + @@ -155,8 +155,8 @@ Added in Windows 10, next major update. This setting determines whether the serv
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -164,11 +164,11 @@ Added in Windows 10, next major update. This setting determines whether the serv
    - - + + Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - +
    @@ -176,7 +176,7 @@ Added in Windows 10, next major update. This setting determines whether the serv **SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode** - + @@ -198,8 +198,8 @@ Added in Windows 10, next major update. This setting determines whether the serv
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -207,11 +207,11 @@ Added in Windows 10, next major update. This setting determines whether the serv
    - - + + Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - +
    @@ -219,7 +219,7 @@ Added in Windows 10, next major update. This setting determines whether the serv **SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode** - + @@ -241,8 +241,8 @@ Added in Windows 10, next major update. This setting determines whether the serv
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -250,11 +250,11 @@ Added in Windows 10, next major update. This setting determines whether the serv
    - - + + Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - +
    @@ -262,7 +262,7 @@ Added in Windows 10, next major update. This setting determines whether the serv **SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode** - + @@ -284,8 +284,8 @@ Added in Windows 10, next major update. This setting determines whether the serv
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -293,11 +293,11 @@ Added in Windows 10, next major update. This setting determines whether the serv
    - - + + Added in Windows 10, next major update. This setting determines whether the service's start type is Automaic(2), Manual(3), Disabled(4). Default: Manual. - +
    diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md index 71e1d6c905..9f01af6518 100644 --- a/windows/client-management/mdm/policy-csp-taskscheduler.md +++ b/windows/client-management/mdm/policy-csp-taskscheduler.md @@ -32,7 +32,7 @@ ms.date: 01/29/2018 **TaskScheduler/EnableXboxGameSaveTask** - + @@ -54,8 +54,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -63,11 +63,11 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, next major update. This setting determines whether the specific task is enabled (1) or disabled (0). Default: Enabled. - +
    diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index d345d4add2..c9ef2af75d 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -71,7 +71,7 @@ ms.date: 01/29/2018 **TextInput/AllowIMELogging** - + @@ -93,8 +93,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -102,8 +102,8 @@ ms.date: 01/29/2018
    - - + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -112,7 +112,7 @@ Allows the user to turn on and off the logging for incorrect conversion and savi Most restricted value is 0. - + The following list shows the supported values: @@ -127,7 +127,7 @@ The following list shows the supported values: **TextInput/AllowIMENetworkAccess** - + @@ -149,8 +149,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -158,8 +158,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -168,7 +168,7 @@ Allows the user to turn on Open Extended Dictionary, Internet search integration Most restricted value is 0. - + The following list shows the supported values: @@ -183,7 +183,7 @@ The following list shows the supported values: **TextInput/AllowInputPanel** - + @@ -205,8 +205,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -214,8 +214,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -224,7 +224,7 @@ Allows the IT admin to disable the touch/handwriting keyboard on Windows. Most restricted value is 0. - + The following list shows the supported values: @@ -239,7 +239,7 @@ The following list shows the supported values: **TextInput/AllowJapaneseIMESurrogatePairCharacters** - + @@ -261,8 +261,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -270,8 +270,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -285,7 +285,7 @@ The following list shows the supported values: Most restricted value is 0. - +
    @@ -293,7 +293,7 @@ Most restricted value is 0. **TextInput/AllowJapaneseIVSCharacters** - + @@ -315,8 +315,8 @@ Most restricted value is 0.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -324,8 +324,8 @@ Most restricted value is 0.
    - - + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -334,7 +334,7 @@ Allows Japanese Ideographic Variation Sequence (IVS) characters. Most restricted value is 0. - + The following list shows the supported values: @@ -349,7 +349,7 @@ The following list shows the supported values: **TextInput/AllowJapaneseNonPublishingStandardGlyph** - + @@ -371,8 +371,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -380,8 +380,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -390,7 +390,7 @@ Allows the Japanese non-publishing standard glyph. Most restricted value is 0. - + The following list shows the supported values: @@ -405,7 +405,7 @@ The following list shows the supported values: **TextInput/AllowJapaneseUserDictionary** - + @@ -427,8 +427,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -436,8 +436,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -446,7 +446,7 @@ Allows the Japanese user dictionary. Most restricted value is 0. - + The following list shows the supported values: @@ -461,7 +461,7 @@ The following list shows the supported values: **TextInput/AllowKeyboardTextSuggestions** - + @@ -483,8 +483,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -492,8 +492,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -507,7 +507,7 @@ To validate that text prediction is disabled on Windows 10 for desktop, do the f 2. Launch the input panel/touch keyboard by touching a text input field or launching it from the taskbar. Verify that text prediction is disabled by typing some text. Text prediction on the keyboard will be disabled even if the “Show text suggestions as I type” setting is enabled in the Settings app. 3. Launch the handwriting tool from the touch keyboard. Verify that text prediction is disabled when you write using the tool. - + The following list shows the supported values: @@ -522,10 +522,10 @@ The following list shows the supported values: **TextInput/AllowKoreanExtendedHanja** - + This policy has been deprecated. - +
    @@ -533,7 +533,7 @@ This policy has been deprecated. **TextInput/AllowLanguageFeaturesUninstall** - + @@ -555,8 +555,8 @@ This policy has been deprecated.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -564,8 +564,8 @@ This policy has been deprecated.
    - - + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -574,7 +574,7 @@ Allows the uninstall of language features, such as spell checkers, on a device. Most restricted value is 0. - + The following list shows the supported values: @@ -589,7 +589,7 @@ The following list shows the supported values: **TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode** - + @@ -611,8 +611,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -620,8 +620,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, next major update. This policy allows the IT admin to enable the touch keyboard to automatically show up when the device is in the desktop mode. The touch keyboard is enabled in both the tablet and desktop mode. In the tablet mode, when you touch a textbox, the touch keyboard automatically shows up. @@ -630,7 +630,7 @@ When this policy is enabled, the touch keyboard automatically shows up when the This policy corresponds to "Show the touch keyboard when not in tablet mode and there's no keyboard attached" in the Settings app. - + The following list shows the supported values: @@ -645,7 +645,7 @@ The following list shows the supported values: **TextInput/ExcludeJapaneseIMEExceptJIS0208** - + @@ -667,8 +667,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -676,8 +676,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -689,7 +689,7 @@ The following list shows the supported values: - 0 (default) – No characters are filtered. - 1 – All characters except JIS0208 are filtered. - +
    @@ -697,7 +697,7 @@ The following list shows the supported values: **TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC** - + @@ -719,8 +719,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -728,8 +728,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -741,7 +741,7 @@ The following list shows the supported values: - 0 (default) – No characters are filtered. - 1 – All characters except JIS0208 and EUDC are filtered. - +
    @@ -749,7 +749,7 @@ The following list shows the supported values: **TextInput/ExcludeJapaneseIMEExceptShiftJIS** - + @@ -771,8 +771,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -780,8 +780,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > The policy is only enforced in Windows 10 for desktop. @@ -793,7 +793,7 @@ The following list shows the supported values: - 0 (default) – No characters are filtered. - 1 – All characters except ShiftJIS are filtered. - +
    diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md index fedf2c5380..ae92f571db 100644 --- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md +++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md @@ -30,7 +30,7 @@ ms.date: 01/29/2018 **TimeLanguageSettings/AllowSet24HourClock** - + @@ -52,8 +52,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -61,11 +61,11 @@ ms.date: 01/29/2018
    - - + + Allows for the configuration of the default clock setting to be the 24 hour format. Selecting 'Set 24 hour Clock' enables this setting. Selecting 'Locale default setting' uses the default clock as prescribed by the current locale setting. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 66e08b3185..2b7ed79caf 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -173,7 +173,7 @@ ms.date: 01/29/2018 **Update/ActiveHoursEnd** - + @@ -195,8 +195,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -204,8 +204,8 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots are not scheduled. This value sets the end time. There is a 12 hour maximum from start time. > [!NOTE] @@ -215,7 +215,7 @@ Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc. The default is 17 (5 PM). - +
    @@ -223,7 +223,7 @@ The default is 17 (5 PM). **Update/ActiveHoursMaxRange** - + @@ -245,8 +245,8 @@ The default is 17 (5 PM).
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -254,15 +254,15 @@ The default is 17 (5 PM).
    - - + + Added in Windows 10, version 1703. Allows the IT admin to specify the max active hours range. This value sets max number of active hours from start time. Supported values are 8-18. The default value is 18 (hours). - +
    @@ -270,7 +270,7 @@ The default value is 18 (hours). **Update/ActiveHoursStart** - + @@ -292,8 +292,8 @@ The default value is 18 (hours).
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -301,8 +301,8 @@ The default value is 18 (hours).
    - - + + Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursEnd**) to manage a range of hours where update reboots are not scheduled. This value sets the start time. There is a 12 hour maximum from end time. > [!NOTE] @@ -312,7 +312,7 @@ Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc. The default value is 8 (8 AM). - +
    @@ -320,7 +320,7 @@ The default value is 8 (8 AM). **Update/AllowAutoUpdate** - + @@ -342,8 +342,8 @@ The default value is 8 (8 AM).
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -351,8 +351,8 @@ The default value is 8 (8 AM).
    - - + + Enables the IT admin to manage automatic update behavior to scan, download, and install updates. Supported operations are Get and Replace. @@ -372,7 +372,7 @@ The following list shows the supported values: If the policy is not configured, end-users get the default behavior (Auto install and restart). - +
    @@ -380,7 +380,7 @@ If the policy is not configured, end-users get the default behavior (Auto instal **Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork** - + @@ -402,8 +402,8 @@ If the policy is not configured, end-users get the default behavior (Auto instal
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -411,15 +411,15 @@ If the policy is not configured, end-users get the default behavior (Auto instal
    - - + + Added in Windows 10, version 1709. Option to download updates automatically over metered connections (off by default). Value type is integer. A significant number of devices primarily use cellular data and do not have Wi-Fi access, which leads to a lower number of devices getting updates. Since a large number of devices have large data plans or unlimited data, this policy can unblock devices from getting updates. This policy is accessible through the Update setting in the user interface or Group Policy. - + The following list shows the supported values: @@ -434,7 +434,7 @@ The following list shows the supported values: **Update/AllowMUUpdateService** - + @@ -456,8 +456,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -465,8 +465,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1607. Allows the IT admin to manage whether to scan for app updates from Microsoft Update. The following list shows the supported values: @@ -474,7 +474,7 @@ The following list shows the supported values: - 0 – Not allowed or not configured. - 1 – Allowed. Accepts updates received through Microsoft Update. - +
    @@ -482,7 +482,7 @@ The following list shows the supported values: **Update/AllowNonMicrosoftSignedUpdate** - + @@ -504,8 +504,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -513,15 +513,15 @@ The following list shows the supported values:
    - - + + Allows the IT admin to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for 3rd party software and patch distribution. Supported operations are Get and Replace. This policy is specific to desktop and local publishing via WSUS for 3rd party updates (binaries and updates not hosted on Microsoft Update) and allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location. - + The following list shows the supported values: @@ -536,7 +536,7 @@ The following list shows the supported values: **Update/AllowUpdateService** - + @@ -558,8 +558,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -567,8 +567,8 @@ The following list shows the supported values:
    - - + + Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Microsoft Store @@ -578,7 +578,7 @@ Enabling this policy will disable that functionality, and may cause connection t > [!NOTE] > This policy applies only when the desktop or device is configured to connect to an intranet update service using the "Specify intranet Microsoft update service location" policy. - + The following list shows the supported values: @@ -593,7 +593,7 @@ The following list shows the supported values: **Update/AutoRestartDeadlinePeriodInDays** - + @@ -615,8 +615,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -624,15 +624,15 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. This policy defines the deadline in days after which a reboot for updates will become mandatory. Supported values are 2-30 days. The default value is 7 days. - +
    @@ -640,7 +640,7 @@ The default value is 7 days. **Update/AutoRestartNotificationSchedule** - + @@ -662,8 +662,8 @@ The default value is 7 days.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -671,13 +671,13 @@ The default value is 7 days.
    - - + + Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart reminder notifications. The default value is 15 (minutes). - + Supported values are 15, 30, 60, 120, and 240 (minutes). @@ -689,7 +689,7 @@ Supported values are 15, 30, 60, 120, and 240 (minutes). **Update/AutoRestartRequiredNotificationDismissal** - + @@ -711,8 +711,8 @@ Supported values are 15, 30, 60, 120, and 240 (minutes).
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -720,8 +720,8 @@ Supported values are 15, 30, 60, 120, and 240 (minutes).
    - - + + Added in Windows 10, version 1703. Allows the IT Admin to specify the method by which the auto-restart required notification is dismissed. The following list shows the supported values: @@ -729,7 +729,7 @@ The following list shows the supported values: - 1 (default) – Auto Dismissal. - 2 – User Dismissal. - +
    @@ -737,7 +737,7 @@ The following list shows the supported values: **Update/BranchReadinessLevel** - + @@ -759,8 +759,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -768,11 +768,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from. - + The following list shows the supported values: @@ -790,7 +790,7 @@ The following list shows the supported values: **Update/ConfigureFeatureUpdateUninstallPeriod** - + @@ -812,11 +812,11 @@ The following list shows the supported values:
    Home
    - - + + Added in Windows 10, next major update. Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days. - +
    @@ -824,7 +824,7 @@ Added in Windows 10, next major update. Enable IT admin to configure feature up **Update/DeferFeatureUpdatesPeriodInDays** - + @@ -846,8 +846,8 @@ Added in Windows 10, next major update. Enable IT admin to configure feature up
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -855,8 +855,8 @@ Added in Windows 10, next major update. Enable IT admin to configure feature up
    - - + + Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. Added in Windows 10, version 1607. Defers Feature Updates for the specified number of days. @@ -866,7 +866,7 @@ Supported values are 0-365 days. > [!IMPORTANT] > The default maximum number of days to defer an update has been increased from 180 (Windows 10, version 1607) to 365 in Windows 10, version 1703. - +
    @@ -874,7 +874,7 @@ Supported values are 0-365 days. **Update/DeferQualityUpdatesPeriodInDays** - + @@ -896,8 +896,8 @@ Supported values are 0-365 days.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -905,13 +905,13 @@ Supported values are 0-365 days.
    - - + + Added in Windows 10, version 1607. Defers Quality Updates for the specified number of days. Supported values are 0-30. - +
    @@ -919,7 +919,7 @@ Supported values are 0-30. **Update/DeferUpdatePeriod** - + @@ -941,8 +941,8 @@ Supported values are 0-30.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -950,8 +950,8 @@ Supported values are 0-30.
    - - + + > [!NOTE] > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpdatePeriod for Windows 10, version 1511 devices. @@ -1047,7 +1047,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego --> - +
    @@ -1055,7 +1055,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego **Update/DeferUpgradePeriod** - + @@ -1077,8 +1077,8 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1086,8 +1086,8 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
    - - + + > [!NOTE] > Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. > @@ -1102,7 +1102,7 @@ If the "Specify intranet Microsoft update service location" policy is enabled, t If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. - +
    @@ -1110,7 +1110,7 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th **Update/DetectionFrequency** - + @@ -1132,8 +1132,8 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1141,11 +1141,11 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th
    - - + + Added in Windows 10, version 1703. Specifies the scan frequency from every 1 - 22 hours. Default is 22 hours. - +
    @@ -1153,7 +1153,7 @@ Added in Windows 10, version 1703. Specifies the scan frequency from every 1 - 2 **Update/DisableDualScan** - + @@ -1175,8 +1175,8 @@ Added in Windows 10, version 1703. Specifies the scan frequency from every 1 - 2
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1184,8 +1184,8 @@ Added in Windows 10, version 1703. Specifies the scan frequency from every 1 - 2
    - - + + Added in Windows 10, version 1709, but was added to 1607 and 1703 service releases. Do not allow update deferral policies to cause scans against Windows Update. If this policy is not enabled, then configuring deferral policies will result in the client unexpectedly scanning Windows update. With the policy enabled, those scans are prevented, and users can configure deferral policies as much as they like. For more information about dual scan, see [Demystifying "Dual Scan"](https://blogs.technet.microsoft.com/wsus/2017/05/05/demystifying-dual-scan/) and [Improving Dual Scan on 1607](https://blogs.technet.microsoft.com/wsus/2017/08/04/improving-dual-scan-on-1607/). @@ -1194,7 +1194,7 @@ This is the same as the Group Policy in Windows Components > Window Update "Do n Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + The following list shows the supported values: @@ -1209,7 +1209,7 @@ The following list shows the supported values: **Update/EngagedRestartDeadline** - + @@ -1231,8 +1231,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1240,15 +1240,15 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Allows the IT Admin to specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be automatically executed within the specified period. If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (pending user scheduling). Supported values are 2-30 days. The default value is 0 days (not specified). - +
    @@ -1256,7 +1256,7 @@ The default value is 0 days (not specified). **Update/EngagedRestartSnoozeSchedule** - + @@ -1278,8 +1278,8 @@ The default value is 0 days (not specified).
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1287,15 +1287,15 @@ The default value is 0 days (not specified).
    - - + + Added in Windows 10, version 1703. Allows the IT Admin to control the number of days a user can snooze Engaged restart reminder notifications. Supported values are 1-3 days. The default value is 3 days. - +
    @@ -1303,7 +1303,7 @@ The default value is 3 days. **Update/EngagedRestartTransitionSchedule** - + @@ -1325,8 +1325,8 @@ The default value is 3 days.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1334,15 +1334,15 @@ The default value is 3 days.
    - - + + Added in Windows 10, version 1703. Allows the IT Admin to control the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending. Supported values are 2-30 days. The default value is 7 days. - +
    @@ -1350,7 +1350,7 @@ The default value is 7 days. **Update/ExcludeWUDriversInQualityUpdate** - + @@ -1372,8 +1372,8 @@ The default value is 7 days.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1381,8 +1381,8 @@ The default value is 7 days.
    - - + + > [!NOTE] > Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. @@ -1393,7 +1393,7 @@ The following list shows the supported values: - 0 (default) – Allow Windows Update drivers. - 1 – Exclude Windows Update drivers. - +
    @@ -1401,7 +1401,7 @@ The following list shows the supported values: **Update/FillEmptyContentUrls** - + @@ -1423,8 +1423,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1432,8 +1432,8 @@ The following list shows the supported values:
    - - + + Added in the April service release of Windows 10, version 1607. Allows Windows Update Agent to determine the download URL when it is missing from the metadata. This scenario will occur when intranet update service stores the metadata files but the download contents are stored in the ISV file cache (specified as the alternate download URL). > [!NOTE] @@ -1444,7 +1444,7 @@ The following list shows the supported values: - 0 (default) – Disabled. - 1 – Enabled. - +
    @@ -1452,7 +1452,7 @@ The following list shows the supported values: **Update/IgnoreMOAppDownloadLimit** - + @@ -1474,8 +1474,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1483,14 +1483,14 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for apps and their updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. > [!WARNING] > Setting this policy might cause devices to incur costs from MO operators. - + The following list shows the supported values: @@ -1517,7 +1517,7 @@ To validate this policy: **Update/IgnoreMOUpdateDownloadLimit** - + @@ -1539,8 +1539,8 @@ To validate this policy:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1548,8 +1548,8 @@ To validate this policy:
    - - + + Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for OS updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. > [!WARNING] @@ -1564,7 +1564,7 @@ To validate this policy: 3. Verify that any downloads that are above the download size limit will complete without being paused. - + The following list shows the supported values: @@ -1579,7 +1579,7 @@ The following list shows the supported values: **Update/ManagePreviewBuilds** - + @@ -1601,8 +1601,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1610,8 +1610,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. Used to manage Windows 10 Insider Preview builds. Value type is integer. The following list shows the supported values: @@ -1620,7 +1620,7 @@ The following list shows the supported values: - 1 - Disable Preview builds once the next release is public - 2 - Enable Preview builds - +
    @@ -1628,7 +1628,7 @@ The following list shows the supported values: **Update/PauseDeferrals** - + @@ -1650,8 +1650,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1659,8 +1659,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use PauseDeferrals for Windows 10, version 1511 devices. @@ -1676,7 +1676,7 @@ If the "Specify intranet Microsoft update service location" policy is enabled, t If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. - +
    @@ -1684,7 +1684,7 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th **Update/PauseFeatureUpdates** - + @@ -1706,8 +1706,8 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1715,8 +1715,8 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th
    - - + + Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect. @@ -1727,7 +1727,7 @@ The following list shows the supported values: - 0 (default) – Feature Updates are not paused. - 1 – Feature Updates are paused for 60 days or until value set to back to 0, whichever is sooner. - +
    @@ -1735,7 +1735,7 @@ The following list shows the supported values: **Update/PauseFeatureUpdatesStartTime** - + @@ -1757,8 +1757,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1766,13 +1766,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Specifies the date and time when the IT admin wants to start pausing the Feature Updates. Value type is string. Supported operations are Add, Get, Delete, and Replace. - +
    @@ -1780,7 +1780,7 @@ Value type is string. Supported operations are Add, Get, Delete, and Replace. **Update/PauseQualityUpdates** - + @@ -1802,8 +1802,8 @@ Value type is string. Supported operations are Add, Get, Delete, and Replace.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1811,8 +1811,8 @@ Value type is string. Supported operations are Add, Get, Delete, and Replace.
    - - + + Added in Windows 10, version 1607. Allows IT Admins to pause Quality Updates. The following list shows the supported values: @@ -1820,7 +1820,7 @@ The following list shows the supported values: - 0 (default) – Quality Updates are not paused. - 1 – Quality Updates are paused for 35 days or until value set back to 0, whichever is sooner. - +
    @@ -1828,7 +1828,7 @@ The following list shows the supported values: **Update/PauseQualityUpdatesStartTime** - + @@ -1850,8 +1850,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1859,13 +1859,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Specifies the date and time when the IT admin wants to start pausing the Quality Updates. Value type is string. Supported operations are Add, Get, Delete, and Replace. - +
    @@ -1873,10 +1873,10 @@ Value type is string. Supported operations are Add, Get, Delete, and Replace. **Update/PhoneUpdateRestrictions** - + This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupdateapproval) instead. - +
    @@ -1884,7 +1884,7 @@ This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupd **Update/RequireDeferUpgrade** - + @@ -1906,8 +1906,8 @@ This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupd
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1915,8 +1915,8 @@ This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupd
    - - + + > [!NOTE] > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use RequireDeferUpgrade for Windows 10, version 1511 devices. @@ -1928,7 +1928,7 @@ The following list shows the supported values: - 0 (default) – User gets upgrades from Semi-Annual Channel (Targeted). - 1 – User gets upgrades from Semi-Annual Channel. - +
    @@ -1936,7 +1936,7 @@ The following list shows the supported values: **Update/RequireUpdateApproval** - + @@ -1958,8 +1958,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1967,8 +1967,8 @@ The following list shows the supported values:
    - - + + > [!NOTE] > If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead. @@ -1982,7 +1982,7 @@ The following list shows the supported values: - 0 – Not configured. The device installs all applicable updates. - 1 – The device only installs updates that are both applicable and on the Approved Updates list. Set this policy to 1 if IT wants to control the deployment of updates on devices, such as when testing is required prior to deployment. - +
    @@ -1990,7 +1990,7 @@ The following list shows the supported values: **Update/ScheduleImminentRestartWarning** - + @@ -2012,8 +2012,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2021,13 +2021,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart imminent warning notifications. The default value is 15 (minutes). - + Supported values are 15, 30, or 60 (minutes). @@ -2039,7 +2039,7 @@ Supported values are 15, 30, or 60 (minutes). **Update/ScheduleRestartWarning** - + @@ -2061,8 +2061,8 @@ Supported values are 15, 30, or 60 (minutes).
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2070,8 +2070,8 @@ Supported values are 15, 30, or 60 (minutes).
    - - + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -2080,7 +2080,7 @@ Added in Windows 10, version 1703. Allows the IT Admin to specify the period fo The default value is 4 (hours). - + Supported values are 2, 4, 8, 12, or 24 (hours). @@ -2092,7 +2092,7 @@ Supported values are 2, 4, 8, 12, or 24 (hours). **Update/ScheduledInstallDay** - + @@ -2114,8 +2114,8 @@ Supported values are 2, 4, 8, 12, or 24 (hours).
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2123,8 +2123,8 @@ Supported values are 2, 4, 8, 12, or 24 (hours).
    - - + + Enables the IT admin to schedule the day of the update installation. The data type is a integer. @@ -2142,7 +2142,7 @@ The following list shows the supported values: - 6 – Friday - 7 – Saturday - +
    @@ -2150,7 +2150,7 @@ The following list shows the supported values: **Update/ScheduledInstallEveryWeek** - + @@ -2172,8 +2172,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2181,15 +2181,15 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the every week. Value type is integer. Supported values:
    • 0 - no update in the schedule
    • 1 - update is scheduled every week
    - +
    @@ -2197,7 +2197,7 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i **Update/ScheduledInstallFirstWeek** - + @@ -2219,8 +2219,8 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2228,15 +2228,15 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
    - - + + Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the first week of the month. Value type is integer. Supported values:
    • 0 - no update in the schedule
    • 1 - update is scheduled every first week of the month
    - +
    @@ -2244,7 +2244,7 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i **Update/ScheduledInstallFourthWeek** - + @@ -2266,8 +2266,8 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2275,15 +2275,15 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
    - - + + Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the fourth week of the month. Value type is integer. Supported values:
    • 0 - no update in the schedule
    • 1 - update is scheduled every fourth week of the month
    - +
    @@ -2291,7 +2291,7 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i **Update/ScheduledInstallSecondWeek** - + @@ -2313,8 +2313,8 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2322,15 +2322,15 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
    - - + + Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the second week of the month. Value type is integer. Supported values:
    • 0 - no update in the schedule
    • 1 - update is scheduled every second week of the month
    - +
    @@ -2338,7 +2338,7 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i **Update/ScheduledInstallThirdWeek** - + @@ -2360,8 +2360,8 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2369,15 +2369,15 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
    - - + + Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the third week of the month. Value type is integer. Supported values:
    • 0 - no update in the schedule
    • 1 - update is scheduled every third week of the month
    - +
    @@ -2385,7 +2385,7 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i **Update/ScheduledInstallTime** - + @@ -2407,8 +2407,8 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2416,8 +2416,8 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i
    - - + + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -2432,7 +2432,7 @@ Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM. The default value is 3. - +
    @@ -2440,7 +2440,7 @@ The default value is 3. **Update/SetAutoRestartNotificationDisable** - + @@ -2462,8 +2462,8 @@ The default value is 3.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2471,8 +2471,8 @@ The default value is 3.
    - - + + Added in Windows 10, version 1703. Allows the IT Admin to disable auto-restart notifications for update installations. The following list shows the supported values: @@ -2480,7 +2480,7 @@ The following list shows the supported values: - 0 (default) – Enabled - 1 – Disabled - +
    @@ -2488,7 +2488,7 @@ The following list shows the supported values: **Update/SetEDURestart** - + @@ -2510,8 +2510,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2519,8 +2519,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. For devices in a cart, this policy skips all restart checks to ensure that the reboot will happen at ScheduledInstallTime. The following list shows the supported values: @@ -2528,7 +2528,7 @@ The following list shows the supported values: - 0 - not configured - 1 - configured - +
    @@ -2536,7 +2536,7 @@ The following list shows the supported values: **Update/UpdateServiceUrl** - + @@ -2558,8 +2558,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2567,8 +2567,8 @@ The following list shows the supported values:
    - - + + > [!Important] > Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enteprise and IoT Mobile. @@ -2599,7 +2599,7 @@ Example ``` - +
    @@ -2607,7 +2607,7 @@ Example **Update/UpdateServiceUrlAlternate** - + @@ -2629,8 +2629,8 @@ Example
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -2638,8 +2638,8 @@ Example
    - - + + Added in the January service release of Windows 10, version 1607. Specifies an alternate intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network. This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network. @@ -2653,7 +2653,7 @@ Value type is string and the default value is an empty string, "". If the settin > If the "Alternate Download Server" Group Policy is not set, it will use the WSUS server by default to download updates. > This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs. - +
    diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index 7ebe88f286..6e21e25c40 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -116,7 +116,7 @@ ms.date: 01/29/2018 **UserRights/AccessCredentialManagerAsTrustedCaller** - + @@ -138,8 +138,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -147,11 +147,11 @@ ms.date: 01/29/2018
    - - + + This user right is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users' saved credentials might be compromised if this privilege is given to other entities. - +
    @@ -159,7 +159,7 @@ This user right is used by Credential Manager during Backup/Restore. No accounts **UserRights/AccessFromNetwork** - + @@ -181,8 +181,8 @@ This user right is used by Credential Manager during Backup/Restore. No accounts
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -190,11 +190,11 @@ This user right is used by Credential Manager during Backup/Restore. No accounts
    - - + + This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services are not affected by this user right.Note: Remote Desktop Services was called Terminal Services in previous versions of Windows Server. - +
    @@ -202,7 +202,7 @@ This user right determines which users and groups are allowed to connect to the **UserRights/ActAsPartOfTheOperatingSystem** - + @@ -224,8 +224,8 @@ This user right determines which users and groups are allowed to connect to the
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -233,11 +233,11 @@ This user right determines which users and groups are allowed to connect to the
    - - + + This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. Processes that require this privilege should use the LocalSystem account, which already includes this privilege, rather than using a separate user account with this privilege specially assigned. Caution:Assigning this user right can be a security risk. Only assign this user right to trusted users. - +
    @@ -245,7 +245,7 @@ This user right allows a process to impersonate any user without authentication. **UserRights/AllowLocalLogOn** - + @@ -267,8 +267,8 @@ This user right allows a process to impersonate any user without authentication.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -276,11 +276,11 @@ This user right allows a process to impersonate any user without authentication.
    - - + + This user right determines which users can log on to the computer. Note: Modifying this setting may affect compatibility with clients, services, and applications. For compatibility information about this setting, see Allow log on locally (https://go.microsoft.com/fwlink/?LinkId=24268 ) at the Microsoft website. - +
    @@ -288,7 +288,7 @@ This user right determines which users can log on to the computer. Note: Modifyi **UserRights/BackupFilesAndDirectories** - + @@ -310,8 +310,8 @@ This user right determines which users can log on to the computer. Note: Modifyi
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -319,11 +319,11 @@ This user right determines which users can log on to the computer. Note: Modifyi
    - - + + This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when backing up files and directories.Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system:Traverse Folder/Execute File, Read. Caution: Assigning this user right can be a security risk. Since users with this user right can read any registry settings and files, only assign this user right to trusted users - +
    @@ -331,7 +331,7 @@ This user right determines which users can bypass file, directory, registry, and **UserRights/ChangeSystemTime** - + @@ -353,8 +353,8 @@ This user right determines which users can bypass file, directory, registry, and
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -362,11 +362,11 @@ This user right determines which users can bypass file, directory, registry, and
    - - + + This user right determines which users and groups can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred. - +
    @@ -374,7 +374,7 @@ This user right determines which users and groups can change the time and date o **UserRights/CreateGlobalObjects** - + @@ -396,8 +396,8 @@ This user right determines which users and groups can change the time and date o
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -405,11 +405,11 @@ This user right determines which users and groups can change the time and date o
    - - + + This security setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right. Users who can create global objects could affect processes that run under other users' sessions, which could lead to application failure or data corruption. Caution: Assigning this user right can be a security risk. Assign this user right only to trusted users. - +
    @@ -417,7 +417,7 @@ This security setting determines whether users can create global objects that ar **UserRights/CreatePageFile** - + @@ -439,8 +439,8 @@ This security setting determines whether users can create global objects that ar
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -448,11 +448,11 @@ This security setting determines whether users can create global objects that ar
    - - + + This user right determines which users and groups can call an internal application programming interface (API) to create and change the size of a page file. This user right is used internally by the operating system and usually does not need to be assigned to any users - +
    @@ -460,7 +460,7 @@ This user right determines which users and groups can call an internal applicati **UserRights/CreatePermanentSharedObjects** - + @@ -482,8 +482,8 @@ This user right determines which users and groups can call an internal applicati
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -491,11 +491,11 @@ This user right determines which users and groups can call an internal applicati
    - - + + This user right determines which accounts can be used by processes to create a directory object using the object manager. This user right is used internally by the operating system and is useful to kernel-mode components that extend the object namespace. Because components that are running in kernel mode already have this user right assigned to them, it is not necessary to specifically assign it. - +
    @@ -503,7 +503,7 @@ This user right determines which accounts can be used by processes to create a d **UserRights/CreateSymbolicLinks** - + @@ -525,8 +525,8 @@ This user right determines which accounts can be used by processes to create a d
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -534,11 +534,11 @@ This user right determines which accounts can be used by processes to create a d
    - - + + This user right determines if the user can create a symbolic link from the computer he is logged on to. Caution: This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that aren't designed to handle them. Note: This setting can be used in conjunction a symlink filesystem setting that can be manipulated with the command line utility to control the kinds of symlinks that are allowed on the machine. Type 'fsutil behavior set symlinkevaluation /?' at the command line to get more information about fsutil and symbolic links. - +
    @@ -546,7 +546,7 @@ This user right determines if the user can create a symbolic link from the compu **UserRights/CreateToken** - + @@ -568,8 +568,8 @@ This user right determines if the user can create a symbolic link from the compu
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -577,11 +577,11 @@ This user right determines if the user can create a symbolic link from the compu
    - - + + This user right determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token. This user right is used internally by the operating system. Unless it is necessary, do not assign this user right to a user, group, or process other than Local System. Caution: Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system. - +
    @@ -589,7 +589,7 @@ This user right determines which accounts can be used by processes to create a t **UserRights/DebugPrograms** - + @@ -611,8 +611,8 @@ This user right determines which accounts can be used by processes to create a t
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -620,11 +620,11 @@ This user right determines which accounts can be used by processes to create a t
    - - + + This user right determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need to be assigned this user right. Developers who are debugging new system components will need this user right to be able to do so. This user right provides complete access to sensitive and critical operating system components. Caution:Assigning this user right can be a security risk. Only assign this user right to trusted users. - +
    @@ -632,7 +632,7 @@ This user right determines which users can attach a debugger to any process or t **UserRights/DenyAccessFromNetwork** - + @@ -654,8 +654,8 @@ This user right determines which users can attach a debugger to any process or t
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -663,11 +663,11 @@ This user right determines which users can attach a debugger to any process or t
    - - + + This user right determines which users are prevented from accessing a computer over the network. This policy setting supersedes the Access this computer from the network policy setting if a user account is subject to both policies. - +
    @@ -675,7 +675,7 @@ This user right determines which users are prevented from accessing a computer o **UserRights/DenyLocalLogOn** - + @@ -697,8 +697,8 @@ This user right determines which users are prevented from accessing a computer o
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -706,11 +706,11 @@ This user right determines which users are prevented from accessing a computer o
    - - + + This security setting determines which service accounts are prevented from registering a process as a service. Note: This security setting does not apply to the System, Local Service, or Network Service accounts. - +
    @@ -718,7 +718,7 @@ This security setting determines which service accounts are prevented from regis **UserRights/DenyRemoteDesktopServicesLogOn** - + @@ -740,8 +740,8 @@ This security setting determines which service accounts are prevented from regis
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -749,11 +749,11 @@ This security setting determines which service accounts are prevented from regis
    - - + + This user right determines which users and groups are prohibited from logging on as a Remote Desktop Services client. - +
    @@ -761,7 +761,7 @@ This user right determines which users and groups are prohibited from logging on **UserRights/EnableDelegation** - + @@ -783,8 +783,8 @@ This user right determines which users and groups are prohibited from logging on
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -792,11 +792,11 @@ This user right determines which users and groups are prohibited from logging on
    - - + + This user right determines which users can set the Trusted for Delegation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using delegated credentials of a client, as long as the client account does not have the Account cannot be delegated account control flag set. Caution: Misuse of this user right, or of the Trusted for Delegation setting, could make the network vulnerable to sophisticated attacks using Trojan horse programs that impersonate incoming clients and use their credentials to gain access to network resources. - +
    @@ -804,7 +804,7 @@ This user right determines which users can set the Trusted for Delegation settin **UserRights/GenerateSecurityAudits** - + @@ -826,8 +826,8 @@ This user right determines which users can set the Trusted for Delegation settin
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -835,11 +835,11 @@ This user right determines which users can set the Trusted for Delegation settin
    - - + + This user right determines which accounts can be used by a process to add entries to the security log. The security log is used to trace unauthorized system access. Misuse of this user right can result in the generation of many auditing events, potentially hiding evidence of an attack or causing a denial of service. Shut down system immediately if unable to log security audits security policy setting is enabled. - +
    @@ -847,7 +847,7 @@ This user right determines which accounts can be used by a process to add entrie **UserRights/ImpersonateClient** - + @@ -869,8 +869,8 @@ This user right determines which accounts can be used by a process to add entrie
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -878,15 +878,15 @@ This user right determines which accounts can be used by a process to add entrie
    - - + + Assigning this user right to a user allows programs running on behalf of that user to impersonate a client. Requiring this user right for this kind of impersonation prevents an unauthorized user from convincing a client to connect (for example, by remote procedure call (RPC) or named pipes) to a service that they have created and then impersonating that client, which can elevate the unauthorized user's permissions to administrative or system levels. Caution: Assigning this user right can be a security risk. Only assign this user right to trusted users. Note: By default, services that are started by the Service Control Manager have the built-in Service group added to their access tokens. Component Object Model (COM) servers that are started by the COM infrastructure and that are configured to run under a specific account also have the Service group added to their access tokens. As a result, these services get this user right when they are started. In addition, a user can also impersonate an access token if any of the following conditions exist. 1) The access token that is being impersonated is for this user. 2) The user, in this logon session, created the access token by logging on to the network with explicit credentials. 3) The requested level is less than Impersonate, such as Anonymous or Identify. Because of these factors, users do not usually need this user right. Warning: If you enable this setting, programs that previously had the Impersonate privilege may lose it, and they may not run. - +
    @@ -894,7 +894,7 @@ Because of these factors, users do not usually need this user right. Warning: If **UserRights/IncreaseSchedulingPriority** - + @@ -916,8 +916,8 @@ Because of these factors, users do not usually need this user right. Warning: If
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -925,11 +925,11 @@ Because of these factors, users do not usually need this user right. Warning: If
    - - + + This user right determines which accounts can use a process with Write Property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface. - +
    @@ -937,7 +937,7 @@ This user right determines which accounts can use a process with Write Property **UserRights/LoadUnloadDeviceDrivers** - + @@ -959,8 +959,8 @@ This user right determines which accounts can use a process with Write Property
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -968,11 +968,11 @@ This user right determines which accounts can use a process with Write Property
    - - + + This user right determines which users can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. It is recommended that you do not assign this privilege to other users. Caution: Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system. - +
    @@ -980,7 +980,7 @@ This user right determines which users can dynamically load and unload device dr **UserRights/LockMemory** - + @@ -1002,8 +1002,8 @@ This user right determines which users can dynamically load and unload device dr
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1011,11 +1011,11 @@ This user right determines which users can dynamically load and unload device dr
    - - + + This user right determines which accounts can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM). - +
    @@ -1023,7 +1023,7 @@ This user right determines which accounts can use a process to keep data in phys **UserRights/ManageAuditingAndSecurityLog** - + @@ -1045,8 +1045,8 @@ This user right determines which accounts can use a process to keep data in phys
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1054,11 +1054,11 @@ This user right determines which accounts can use a process to keep data in phys
    - - + + This user right determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. This security setting does not allow a user to enable file and object access auditing in general. You can view audited events in the security log of the Event Viewer. A user with this privilege can also view and clear the security log. - +
    @@ -1066,7 +1066,7 @@ This user right determines which users can specify object access auditing option **UserRights/ManageVolume** - + @@ -1088,8 +1088,8 @@ This user right determines which users can specify object access auditing option
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1097,11 +1097,11 @@ This user right determines which users can specify object access auditing option
    - - + + This user right determines which users and groups can run maintenance tasks on a volume, such as remote defragmentation. Use caution when assigning this user right. Users with this user right can explore disks and extend files in to memory that contains other data. When the extended files are opened, the user might be able to read and modify the acquired data. - +
    @@ -1109,7 +1109,7 @@ This user right determines which users and groups can run maintenance tasks on a **UserRights/ModifyFirmwareEnvironment** - + @@ -1131,8 +1131,8 @@ This user right determines which users and groups can run maintenance tasks on a
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1140,11 +1140,11 @@ This user right determines which users and groups can run maintenance tasks on a
    - - + + This user right determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor.On x86-based computers, the only firmware environment value that can be modified by assigning this user right is the Last Known Good Configuration setting, which should only be modified by the system. On Itanium-based computers, boot information is stored in nonvolatile RAM. Users must be assigned this user right to run bootcfg.exe and to change the Default Operating System setting on Startup and Recovery in System Properties. On all computers, this user right is required to install or upgrade Windows.Note: This security setting does not affect who can modify the system environment variables and user environment variables that are displayed on the Advanced tab of System Properties. - +
    @@ -1152,7 +1152,7 @@ This user right determines who can modify firmware environment values. Firmware **UserRights/ModifyObjectLabel** - + @@ -1174,8 +1174,8 @@ This user right determines who can modify firmware environment values. Firmware
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1183,11 +1183,11 @@ This user right determines who can modify firmware environment values. Firmware
    - - + + This user right determines which user accounts can modify the integrity label of objects, such as files, registry keys, or processes owned by other users. Processes running under a user account can modify the label of an object owned by that user to a lower level without this privilege. - +
    @@ -1195,7 +1195,7 @@ This user right determines which user accounts can modify the integrity label of **UserRights/ProfileSingleProcess** - + @@ -1217,8 +1217,8 @@ This user right determines which user accounts can modify the integrity label of
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1226,11 +1226,11 @@ This user right determines which user accounts can modify the integrity label of
    - - + + This user right determines which users can use performance monitoring tools to monitor the performance of system processes. - +
    @@ -1238,7 +1238,7 @@ This user right determines which users can use performance monitoring tools to m **UserRights/RemoteShutdown** - + @@ -1260,8 +1260,8 @@ This user right determines which users can use performance monitoring tools to m
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1269,11 +1269,11 @@ This user right determines which users can use performance monitoring tools to m
    - - + + This user right determines which users are allowed to shut down a computer from a remote location on the network. Misuse of this user right can result in a denial of service. - +
    @@ -1281,7 +1281,7 @@ This user right determines which users are allowed to shut down a computer from **UserRights/RestoreFilesAndDirectories** - + @@ -1303,8 +1303,8 @@ This user right determines which users are allowed to shut down a computer from
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1312,11 +1312,11 @@ This user right determines which users are allowed to shut down a computer from
    - - + + This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories, and determines which users can set any valid security principal as the owner of an object. Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system:Traverse Folder/Execute File, Write. Caution: Assigning this user right can be a security risk. Since users with this user right can overwrite registry settings, hide data, and gain ownership of system objects, only assign this user right to trusted users. - +
    @@ -1324,7 +1324,7 @@ This user right determines which users can bypass file, directory, registry, and **UserRights/TakeOwnership** - + @@ -1346,8 +1346,8 @@ This user right determines which users can bypass file, directory, registry, and
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1355,11 +1355,11 @@ This user right determines which users can bypass file, directory, registry, and
    - - + + This user right determines which users can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads. Caution: Assigning this user right can be a security risk. Since owners of objects have full control of them, only assign this user right to trusted users. - +
    diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md index 7416d833f4..75609b7de1 100644 --- a/windows/client-management/mdm/policy-csp-wifi.md +++ b/windows/client-management/mdm/policy-csp-wifi.md @@ -48,10 +48,10 @@ ms.date: 01/29/2018 **WiFi/AllowWiFiHotSpotReporting** - + This policy has been deprecated. - +
    @@ -59,7 +59,7 @@ This policy has been deprecated. **Wifi/AllowAutoConnectToWiFiSenseHotspots** - + @@ -81,8 +81,8 @@ This policy has been deprecated.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -90,13 +90,13 @@ This policy has been deprecated.
    - - + + Allow or disallow the device to automatically connect to Wi-Fi hotspots. Most restricted value is 0. - + The following list shows the supported values: @@ -111,7 +111,7 @@ The following list shows the supported values: **Wifi/AllowInternetSharing** - + @@ -133,8 +133,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -142,13 +142,13 @@ The following list shows the supported values:
    - - + + Allow or disallow internet sharing. Most restricted value is 0. - + The following list shows the supported values: @@ -163,7 +163,7 @@ The following list shows the supported values: **Wifi/AllowManualWiFiConfiguration** - + @@ -185,8 +185,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -194,8 +194,8 @@ The following list shows the supported values:
    - - + + Allow or disallow connecting to Wi-Fi outside of MDM server-installed networks. Most restricted value is 0. @@ -203,7 +203,7 @@ Most restricted value is 0. > [!NOTE] > Setting this policy deletes any previously installed user-configured and Wi-Fi sense Wi-Fi profiles from the device. Certain Wi-Fi profiles that are not user configured nor Wi-Fi sense might not be deleted. In addition, not all non-MDM profiles are completely deleted. - + The following list shows the supported values: @@ -218,7 +218,7 @@ The following list shows the supported values: **Wifi/AllowWiFi** - + @@ -240,8 +240,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -249,13 +249,13 @@ The following list shows the supported values:
    - - + + Allow or disallow WiFi connection. Most restricted value is 0. - + The following list shows the supported values: @@ -270,7 +270,7 @@ The following list shows the supported values: **Wifi/AllowWiFiDirect** - + @@ -292,8 +292,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -301,11 +301,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Allow WiFi Direct connection.. - + The following list shows the supported values: @@ -320,7 +320,7 @@ The following list shows the supported values: **Wifi/WLANScanMode** - + @@ -342,8 +342,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -351,8 +351,8 @@ The following list shows the supported values:
    - - + + Allow an enterprise to control the WLAN scanning behavior and how aggressively devices should be actively scanning for Wi-Fi networks to get devices connected. Supported values are 0-500, where 100 = normal scan frequency and 500 = low scan frequency. @@ -361,7 +361,7 @@ The default value is 0. Supported operations are Add, Delete, Get, and Replace. - +
    diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md index 4c421859f2..084f29982c 100644 --- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md +++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md @@ -86,7 +86,7 @@ ms.date: 01/29/2018 **WindowsDefenderSecurityCenter/CompanyName** - + @@ -108,8 +108,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -117,13 +117,13 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1709. The company name that is displayed to the users. CompanyName is required for both EnableCustomizedToasts and EnableInAppCustomization. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display the contact options. Value type is string. Supported operations are Add, Get, Replace and Delete. - +
    @@ -131,7 +131,7 @@ Value type is string. Supported operations are Add, Get, Replace and Delete. **WindowsDefenderSecurityCenter/DisableAccountProtectionUI** - + @@ -153,8 +153,8 @@ Value type is string. Supported operations are Add, Get, Replace and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -162,8 +162,8 @@ Value type is string. Supported operations are Add, Get, Replace and Delete.
    - - + + Added in Windows 10, next major release. Use this policy setting to specify if to display the Account protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area. Valid values: @@ -171,7 +171,7 @@ Valid values: - 0 - (Disable) The users can see the display of the Account protection area in Windows Defender Security Center. - 1 - (Enable) The users cannot see the display of the Account protection area in Windows Defender Security Center. - +
    @@ -179,7 +179,7 @@ Valid values: **WindowsDefenderSecurityCenter/DisableAppBrowserUI** - + @@ -201,8 +201,8 @@ Valid values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -210,13 +210,13 @@ Valid values:
    - - + + Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area. Value type is integer. Supported operations are Add, Get, Replace and Delete. - + The following list shows the supported values: @@ -231,7 +231,7 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisableDeviceSecurityUI** - + @@ -253,8 +253,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -262,8 +262,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, next major release. Use this policy setting if you want to disable the display of the Device security area in the Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area. Valid values: @@ -271,7 +271,7 @@ Valid values: - 0 - (Disable) The users can see the display of the Device security area in Windows Defender Security Center. - 1 - (Enable) The users cannot see the display of the Device secuirty area in Windows Defender Security Center. - +
    @@ -279,7 +279,7 @@ Valid values: **WindowsDefenderSecurityCenter/DisableEnhancedNotifications** - + @@ -301,8 +301,8 @@ Valid values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -310,8 +310,8 @@ Valid values:
    - - + + Added in Windows 10, version 1709. Use this policy if you want Windows Defender Security Center to only display notifications which are considered critical. If you disable or do not configure this setting, Windows Defender Security Center will display critical and non-critical notifications to users. > [!Note] @@ -319,7 +319,7 @@ Added in Windows 10, version 1709. Use this policy if you want Windows Defender Value type is integer. Supported operations are Add, Get, Replace and Delete. - + The following list shows the supported values: @@ -334,7 +334,7 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisableFamilyUI** - + @@ -356,8 +356,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -365,13 +365,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area. Value type is integer. Supported operations are Add, Get, Replace and Delete. - + The following list shows the supported values: @@ -386,7 +386,7 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisableHealthUI** - + @@ -408,8 +408,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -417,13 +417,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area. Value type is integer. Supported operations are Add, Get, Replace and Delete. - + The following list shows the supported values: @@ -438,7 +438,7 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisableNetworkUI** - + @@ -460,8 +460,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -469,13 +469,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area. Value type is integer. Supported operations are Add, Get, Replace and Delete. - + The following list shows the supported values: @@ -490,7 +490,7 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisableNotifications** - + @@ -512,8 +512,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -521,13 +521,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of Windows Defender Security Center notifications. If you disable or do not configure this setting, Windows Defender Security Center notifications will display on devices. Value type is integer. Supported operations are Add, Get, Replace and Delete. - + The following list shows the supported values: @@ -542,7 +542,7 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisableVirusUI** - + @@ -564,8 +564,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -573,13 +573,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area. Value type is integer. Supported operations are Add, Get, Replace and Delete. - + The following list shows the supported values: @@ -594,7 +594,7 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride** - + @@ -616,8 +616,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -625,13 +625,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. Prevent users from making changes to the exploit protection settings area in the Windows Defender Security Center. If you disable or do not configure this setting, local users can make changes in the exploit protection settings area. Value type is integer. Supported operations are Add, Get, Replace and Delete. - + The following list shows the supported values: @@ -646,7 +646,7 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/Email** - + @@ -668,8 +668,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -677,13 +677,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. The email address that is displayed to users.  The default mail application is used to initiate email actions. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display contact options. Value type is string. Supported operations are Add, Get, Replace and Delete. - +
    @@ -691,7 +691,7 @@ Value type is string. Supported operations are Add, Get, Replace and Delete. **WindowsDefenderSecurityCenter/EnableCustomizedToasts** - + @@ -713,8 +713,8 @@ Value type is string. Supported operations are Add, Get, Replace and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -722,13 +722,13 @@ Value type is string. Supported operations are Add, Get, Replace and Delete.
    - - + + Added in Windows 10, version 1709. Enable this policy to display your company name and contact options in the notifications. If you disable or do not configure this setting, or do not provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will display a default notification text. Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + The following list shows the supported values: @@ -743,7 +743,7 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/EnableInAppCustomization** - + @@ -765,8 +765,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -774,13 +774,13 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. Enable this policy to have your company name and contact options displayed in a contact card fly out in Windows Defender Security Center. If you disable or do not configure this setting, or do not provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will not display the contact card fly out notification. Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + The following list shows the supported values: @@ -795,7 +795,7 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/HideRansomwareDataRecovery** - + @@ -817,8 +817,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -826,8 +826,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, next major update. Use this policy setting to hide the Ransomware data recovery area in Windows Defender Security Center. Valid values: @@ -835,7 +835,7 @@ Valid values: - 0 - (Disable or not configured) The Ransomware data recovery area will be visible. - 1 - (Enable) The Ransomware data recovery area is hidden. - +
    @@ -843,7 +843,7 @@ Valid values: **WindowsDefenderSecurityCenter/HideSecureBoot** - + @@ -865,8 +865,8 @@ Valid values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -874,8 +874,8 @@ Valid values:
    - - + + Added in Windows 10, next major update. Use this policy to hide the Secure boot area in the Windows Defender Security Center. Valid values: @@ -883,7 +883,7 @@ Valid values: - 0 - (Disable or not configured) The Secure boot area is displayed. - 1 - (Enable) The Secure boot area is hidden. - +
    @@ -891,7 +891,7 @@ Valid values: **WindowsDefenderSecurityCenter/HideTPMTroubleshooting** - + @@ -913,8 +913,8 @@ Valid values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -922,8 +922,8 @@ Valid values:
    - - + + Added in Windows 10, next major update. Use this policy to hide the Security processor (TPM) troubleshooting area in the Windows Defender Security Center. Valid values: @@ -931,7 +931,7 @@ Valid values: - 0 - (Disable or not configured) The Security processor (TPM) troubleshooting area is displayed. - 1 - (Enable) The Security processor (TPM) troubleshooting area is hidden. - +
    @@ -939,7 +939,7 @@ Valid values: **WindowsDefenderSecurityCenter/Phone** - + @@ -961,8 +961,8 @@ Valid values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -970,13 +970,13 @@ Valid values:
    - - + + Added in Windows 10, version 1709. The phone number or Skype ID that is displayed to users.  Skype is used to initiate the call. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display contact options. Value type is string. Supported operations are Add, Get, Replace, and Delete. - +
    @@ -984,7 +984,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. **WindowsDefenderSecurityCenter/URL** - + @@ -1006,8 +1006,8 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -1015,13 +1015,13 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
    - - + + Added in Windows 10, version 1709. The help portal URL this is displayed to users. The default browser is used to initiate this action. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then the device will not display contact options. Value type is Value type is string. Supported operations are Add, Get, Replace, and Delete. - +
    diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md index 1ddb435ce8..11511b33b1 100644 --- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md +++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md @@ -33,7 +33,7 @@ ms.date: 01/29/2018 **WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace** - + @@ -55,8 +55,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -64,11 +64,11 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1607. Show recommended app suggestions in the ink workspace. - + The following list shows the supported values: @@ -83,7 +83,7 @@ The following list shows the supported values: **WindowsInkWorkspace/AllowWindowsInkWorkspace** - + @@ -105,8 +105,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -114,8 +114,8 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1607. Specifies whether to allow the user to access the ink workspace. Value type is int. The following list shows the supported values: @@ -124,7 +124,7 @@ Value type is int. The following list shows the supported values: - 1 - ink workspace is enabled (feature is turned on), but the user cannot access it above the lock screen. - 2 (default) - ink workspace is enabled (feature is turned on), and the user is allowed to use it above the lock screen. - +
    diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index 62e9c0003c..685f5e228e 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -36,7 +36,7 @@ ms.date: 01/29/2018 **WindowsLogon/DisableLockScreenAppNotifications** - + @@ -58,8 +58,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -67,15 +67,15 @@ ms.date: 01/29/2018
    - - + + This policy setting allows you to prevent app notifications from appearing on the lock screen. If you enable this policy setting, no app notifications are displayed on the lock screen. If you disable or do not configure this policy setting, users can choose which apps display notifications on the lock screen. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -83,14 +83,14 @@ If you disable or do not configure this policy setting, users can choose which a > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Turn off app notifications on the lock screen* - GP name: *DisableLockScreenAppNotifications* - GP path: *System/Logon* - GP ADMX file name: *logon.admx* - +
    @@ -98,7 +98,7 @@ ADMX Info: **WindowsLogon/DontDisplayNetworkSelectionUI** - + @@ -120,8 +120,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -129,15 +129,15 @@ ADMX Info:
    - - + + This policy setting allows you to control whether anyone can interact with available networks UI on the logon screen. If you enable this policy setting, the PC's network connectivity state cannot be changed without signing into Windows. If you disable or don't configure this policy setting, any user can disconnect the PC from the network or can connect the PC to other available networks without signing into Windows. - + > [!TIP] > This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). @@ -145,14 +145,14 @@ If you disable or don't configure this policy setting, any user can disconnect t > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - + ADMX Info: - GP English name: *Do not display network selection UI* - GP name: *DontDisplayNetworkSelectionUI* - GP path: *System/Logon* - GP ADMX file name: *logon.admx* - +
    @@ -160,7 +160,7 @@ ADMX Info: **WindowsLogon/HideFastUserSwitching** - + @@ -182,8 +182,8 @@ ADMX Info:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -191,8 +191,8 @@ ADMX Info:
    - - + + Added in Windows 10, version 1703. This policy setting allows you to hide the Switch account button on the sign-in screen, Start, and the Task Manager. If you enable this policy setting, the Switch account button is hidden from the user who is attempting to sign-in or is signed in to the computer that has this policy applied. If you disable or do not configure this policy setting, the Switch account button is accessible to the user in the three locations. To validate on Desktop, do the following: @@ -200,7 +200,7 @@ To validate on Desktop, do the following: 1. Enable policy. 2. Verify that the Switch account button in Start is hidden. - + The following list shows the supported values: diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index 4e120a73e2..0ef62935e1 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -51,7 +51,7 @@ ms.date: 01/29/2018 **WirelessDisplay/AllowMdnsAdvertisement** - + @@ -73,8 +73,8 @@ ms.date: 01/29/2018
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -82,11 +82,11 @@ ms.date: 01/29/2018
    - - + + Added in Windows 10, version 1709. This policy setting allows you to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver. If the network administrator is concerned about network congestion, they may set this policy to 0, disabling mDNS advertisement. - + The following list shows the supported values: @@ -101,7 +101,7 @@ The following list shows the supported values: **WirelessDisplay/AllowMdnsDiscovery** - + @@ -123,8 +123,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -132,11 +132,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1709. This policy setting allows you to turn off discovering the display service advertised over multicast DNS by a Wireless Display receiver. If the network administrator is concerned about network congestion, they may set this policy to 0, disabling mDNS discovery. - + The following list shows the supported values: @@ -151,7 +151,7 @@ The following list shows the supported values: **WirelessDisplay/AllowProjectionFromPC** - + @@ -173,8 +173,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -182,11 +182,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. This policy allows you to turn off projection from a PC. - + The following list shows the supported values: @@ -201,7 +201,7 @@ The following list shows the supported values: **WirelessDisplay/AllowProjectionFromPCOverInfrastructure** - + @@ -223,8 +223,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -232,11 +232,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. This policy allows you to turn off projection from a PC over infrastructure. - + The following list shows the supported values: @@ -251,7 +251,7 @@ The following list shows the supported values: **WirelessDisplay/AllowProjectionToPC** - + @@ -273,8 +273,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -282,15 +282,15 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1607. Allow or disallow turning off the projection to a PC. If you set it to 0 (zero), your PC is not discoverable and you cannot project to it. If you set it to 1, your PC is discoverable and you can project to it above the lock screen. The user has an option to turn it always on or always off except for manual launch. In PCs that support Miracast, after the policy is applied you can verify the setting from the user interface in **Settings** > **System** > **Projecting to this PC**. Value type is integer. - + The following list shows the supported values: @@ -305,7 +305,7 @@ The following list shows the supported values: **WirelessDisplay/AllowProjectionToPCOverInfrastructure** - + @@ -327,8 +327,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -336,11 +336,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. This policy setting allows you to turn off projection to a PC over infrastructure. - + The following list shows the supported values: @@ -355,7 +355,7 @@ The following list shows the supported values: **WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver** - + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -363,11 +363,11 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1703. Setting this policy controls whether or not the wireless display can send input—keyboard, mouse, pen, and touch input if the display supports it—back to the source device. - + The following list shows the supported values: @@ -382,7 +382,7 @@ The following list shows the supported values: **WirelessDisplay/RequirePinForPairing** - + @@ -404,8 +404,8 @@ The following list shows the supported values:
    Home
    - - + + [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] @@ -413,15 +413,15 @@ The following list shows the supported values:
    - - + + Added in Windows 10, version 1607. Allow or disallow requirement for a PIN for pairing. If you turn this on, the pairing ceremony for new devices will always require a PIN. If you turn this off or do not configure it, a PIN is not required for pairing. In PCs that support Miracast, after the policy is applied you can verify the setting from the user interface in **Settings** > **System** > **Projecting to this PC**. Value type is integer. - + The following list shows the supported values: From 33595c56f8f3a328c730dca8b38b405116fefde1 Mon Sep 17 00:00:00 2001 From: Tara Meyer Date: Mon, 29 Jan 2018 21:10:08 +0000 Subject: [PATCH 6/8] Initialize open publishing repository: https://cpubwin.visualstudio.com/DefaultCollection/it-client/_git/it-client of branch master --- .openpublishing.publish.config.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index 75b0bd92c0..7754fdf882 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -125,6 +125,7 @@ "build_output_subfolder": "microsoft-365", "locale": "en-us", "monikers": [], + "moniker_ranges": [], "open_to_public_contributors": false, "type_mapping": { "Conceptual": "Content", @@ -483,7 +484,8 @@ "branches_to_filter": [ "" ], - "git_repository_url_open_to_public_contributors": "https://cpubwin.visualstudio.com/_git/it-client", + "git_repository_url_open_to_public_contributors": "https://github.com/MicrosoftDocs/windows-itpro-docs", + "git_repository_branch_open_to_public_contributors": "master", "skip_source_output_uploading": false, "need_preview_pull_request": true, "resolve_user_profile_using_github": true, From ce9fbfa8a437e6a2a34f44f2eefb9e6bf56c7b52 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Mon, 29 Jan 2018 13:57:16 -0800 Subject: [PATCH 7/8] updating repo url --- .openpublishing.publish.config.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index 7754fdf882..430506237d 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -484,8 +484,7 @@ "branches_to_filter": [ "" ], - "git_repository_url_open_to_public_contributors": "https://github.com/MicrosoftDocs/windows-itpro-docs", - "git_repository_branch_open_to_public_contributors": "master", + "git_repository_url_open_to_public_contributors": "https://cpubwin.visualstudio.com/_git/it-client", "skip_source_output_uploading": false, "need_preview_pull_request": true, "resolve_user_profile_using_github": true, From 7c9a90989a3e8c4413e5d4a6fc58c597eae5df96 Mon Sep 17 00:00:00 2001 From: Nicholas Brower Date: Mon, 29 Jan 2018 23:15:06 +0000 Subject: [PATCH 8/8] Merged PR 5559: fixing typo in SupportedSKUs end tag --- .../mdm/policy-csp-abovelock.md | 6 +- ...csp-accountpoliciesaccountlockoutpolicy.md | 6 +- .../mdm/policy-csp-accounts.md | 8 +- .../mdm/policy-csp-activexcontrols.md | 2 +- .../mdm/policy-csp-applicationdefaults.md | 2 +- .../mdm/policy-csp-applicationmanagement.md | 22 +- .../mdm/policy-csp-appvirtualization.md | 56 +- .../mdm/policy-csp-attachmentmanager.md | 6 +- .../mdm/policy-csp-authentication.md | 10 +- .../mdm/policy-csp-autoplay.md | 6 +- .../mdm/policy-csp-bitlocker.md | 2 +- .../mdm/policy-csp-bluetooth.md | 10 +- .../mdm/policy-csp-browser.md | 76 +-- .../mdm/policy-csp-camera.md | 2 +- .../mdm/policy-csp-cellular.md | 10 +- .../mdm/policy-csp-connectivity.md | 28 +- .../mdm/policy-csp-controlpolicyconflict.md | 2 +- .../mdm/policy-csp-credentialproviders.md | 6 +- .../mdm/policy-csp-credentialsui.md | 4 +- .../mdm/policy-csp-cryptography.md | 4 +- .../mdm/policy-csp-dataprotection.md | 4 +- .../mdm/policy-csp-datausage.md | 4 +- .../mdm/policy-csp-defender.md | 70 +-- .../mdm/policy-csp-deliveryoptimization.md | 46 +- .../mdm/policy-csp-desktop.md | 2 +- .../mdm/policy-csp-deviceguard.md | 6 +- .../mdm/policy-csp-deviceinstallation.md | 4 +- .../mdm/policy-csp-devicelock.md | 34 +- .../mdm/policy-csp-display.md | 4 +- .../mdm/policy-csp-education.md | 6 +- .../mdm/policy-csp-enterprisecloudprint.md | 12 +- .../mdm/policy-csp-errorreporting.md | 10 +- .../mdm/policy-csp-eventlogservice.md | 8 +- .../mdm/policy-csp-experience.md | 38 +- .../mdm/policy-csp-exploitguard.md | 2 +- .../client-management/mdm/policy-csp-games.md | 2 +- .../mdm/policy-csp-handwriting.md | 2 +- .../mdm/policy-csp-internetexplorer.md | 486 +++++++++--------- .../mdm/policy-csp-kerberos.md | 10 +- .../mdm/policy-csp-kioskbrowser.md | 12 +- .../mdm/policy-csp-licensing.md | 4 +- ...policy-csp-localpoliciessecurityoptions.md | 110 ++-- .../mdm/policy-csp-location.md | 2 +- .../mdm/policy-csp-lockdown.md | 2 +- .../client-management/mdm/policy-csp-maps.md | 4 +- .../mdm/policy-csp-messaging.md | 6 +- .../mdm/policy-csp-networkisolation.md | 16 +- .../mdm/policy-csp-notifications.md | 2 +- .../client-management/mdm/policy-csp-power.md | 18 +- .../mdm/policy-csp-printers.md | 6 +- .../mdm/policy-csp-privacy.md | 154 +++--- .../mdm/policy-csp-remoteassistance.md | 8 +- .../mdm/policy-csp-remotedesktopservices.md | 12 +- .../mdm/policy-csp-remotemanagement.md | 30 +- .../mdm/policy-csp-remoteprocedurecall.md | 4 +- .../mdm/policy-csp-remoteshell.md | 14 +- .../mdm/policy-csp-search.md | 26 +- .../mdm/policy-csp-security.md | 22 +- .../mdm/policy-csp-settings.md | 28 +- .../mdm/policy-csp-smartscreen.md | 6 +- .../mdm/policy-csp-speech.md | 2 +- .../client-management/mdm/policy-csp-start.md | 58 +-- .../mdm/policy-csp-storage.md | 4 +- .../mdm/policy-csp-system.md | 30 +- .../mdm/policy-csp-systemservices.md | 12 +- .../mdm/policy-csp-taskscheduler.md | 2 +- .../mdm/policy-csp-textinput.md | 26 +- .../mdm/policy-csp-timelanguagesettings.md | 2 +- .../mdm/policy-csp-update.md | 94 ++-- .../mdm/policy-csp-userrights.md | 58 +-- .../client-management/mdm/policy-csp-wifi.md | 12 +- ...olicy-csp-windowsdefendersecuritycenter.md | 38 +- .../mdm/policy-csp-windowsinkworkspace.md | 4 +- .../mdm/policy-csp-windowslogon.md | 6 +- .../mdm/policy-csp-wirelessdisplay.md | 14 +- 75 files changed, 933 insertions(+), 933 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md index 8a9ab9e4cd..09bab6143a 100644 --- a/windows/client-management/mdm/policy-csp-abovelock.md +++ b/windows/client-management/mdm/policy-csp-abovelock.md @@ -58,7 +58,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -113,7 +113,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -163,7 +163,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md b/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md index fef93c8458..e74c715473 100644 --- a/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md +++ b/windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md @@ -60,7 +60,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -107,7 +107,7 @@ Default: None, because this policy setting only has meaning when an Account lock - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -154,7 +154,7 @@ Default: 0. - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md index 8bfbafa470..14b5d262f0 100644 --- a/windows/client-management/mdm/policy-csp-accounts.md +++ b/windows/client-management/mdm/policy-csp-accounts.md @@ -61,7 +61,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -116,7 +116,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -168,7 +168,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -218,7 +218,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md index c8facbef8f..6b16327ccb 100644 --- a/windows/client-management/mdm/policy-csp-activexcontrols.md +++ b/windows/client-management/mdm/policy-csp-activexcontrols.md @@ -52,7 +52,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index a2454f2ffd..9016bca75e 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -52,7 +52,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index 024a22b95c..a28201a263 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -82,7 +82,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -135,7 +135,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -185,7 +185,7 @@ Most restricted value is 0. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -238,7 +238,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -293,7 +293,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -345,7 +345,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -397,7 +397,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -462,7 +462,7 @@ Value evaluation rule - The information for PolicyManager is opaque. There is no - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -512,7 +512,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -562,7 +562,7 @@ Most restricted value is 1. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -614,7 +614,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md index b30da5cc6a..f1bfd67657 100644 --- a/windows/client-management/mdm/policy-csp-appvirtualization.md +++ b/windows/client-management/mdm/policy-csp-appvirtualization.md @@ -133,7 +133,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -191,7 +191,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -249,7 +249,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -307,7 +307,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -365,7 +365,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -423,7 +423,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -491,7 +491,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -549,7 +549,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -607,7 +607,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -665,7 +665,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -723,7 +723,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -781,7 +781,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -839,7 +839,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -915,7 +915,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -991,7 +991,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1067,7 +1067,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1143,7 +1143,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1219,7 +1219,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1277,7 +1277,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1335,7 +1335,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1393,7 +1393,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1451,7 +1451,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1509,7 +1509,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1567,7 +1567,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1625,7 +1625,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1683,7 +1683,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1741,7 +1741,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1799,7 +1799,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md index 257d3f313a..b23d0fec1c 100644 --- a/windows/client-management/mdm/policy-csp-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md @@ -58,7 +58,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -122,7 +122,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -186,7 +186,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index d030e6f423..6755d07861 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -64,7 +64,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -114,7 +114,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -164,7 +164,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -216,7 +216,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -270,7 +270,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md index 0c38facc2f..1691a0fce0 100644 --- a/windows/client-management/mdm/policy-csp-autoplay.md +++ b/windows/client-management/mdm/policy-csp-autoplay.md @@ -58,7 +58,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -121,7 +121,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -193,7 +193,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md index ab5e371656..35eb61f9df 100644 --- a/windows/client-management/mdm/policy-csp-bitlocker.md +++ b/windows/client-management/mdm/policy-csp-bitlocker.md @@ -52,7 +52,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index 4cc182b25a..dc992781e7 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -64,7 +64,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -118,7 +118,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -172,7 +172,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -222,7 +222,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -269,7 +269,7 @@ If this policy is not set or it is deleted, the default local radio name is used - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index cb2b6f9db3..07b993c521 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -165,7 +165,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -221,7 +221,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -281,7 +281,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -340,7 +340,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -398,7 +398,7 @@ To verify AllowCookies is set to 0 (not allowed): - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -455,7 +455,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -515,7 +515,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -566,7 +566,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -617,7 +617,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -668,7 +668,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -721,7 +721,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -777,7 +777,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -837,7 +837,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -897,7 +897,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -952,7 +952,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1005,7 +1005,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1065,7 +1065,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1116,7 +1116,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1175,7 +1175,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1234,7 +1234,7 @@ Most restricted value is 0. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1293,7 +1293,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1346,7 +1346,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1399,7 +1399,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1444,7 +1444,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1496,7 +1496,7 @@ The default value is an empty string. Otherwise, the string should contain the U - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1550,7 +1550,7 @@ Starting in Windows 10, version 1703, if you don’t want to send traffic to Mi - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1610,7 +1610,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1661,7 +1661,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1714,7 +1714,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1767,7 +1767,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1820,7 +1820,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1871,7 +1871,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1926,7 +1926,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1983,7 +1983,7 @@ Data type is string. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2040,7 +2040,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2098,7 +2098,7 @@ Most restricted value is 0. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2155,7 +2155,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2219,7 +2219,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md index d92acc51af..fc227b1f17 100644 --- a/windows/client-management/mdm/policy-csp-camera.md +++ b/windows/client-management/mdm/policy-csp-camera.md @@ -52,7 +52,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md index 8fd91336fe..db8f20499e 100644 --- a/windows/client-management/mdm/policy-csp-cellular.md +++ b/windows/client-management/mdm/policy-csp-cellular.md @@ -64,7 +64,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -127,7 +127,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -170,7 +170,7 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -213,7 +213,7 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -256,7 +256,7 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index 537f8beffa..c4e91457b4 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -91,7 +91,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -149,7 +149,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -200,7 +200,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -263,7 +263,7 @@ To validate on mobile devices, do the following: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -316,7 +316,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -372,7 +372,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -430,7 +430,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -482,7 +482,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -534,7 +534,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -591,7 +591,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -648,7 +648,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -705,7 +705,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -750,7 +750,7 @@ Value type is integer. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -810,7 +810,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md index 2adc69c9bb..421980c7b1 100644 --- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md +++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md @@ -54,7 +54,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md index 7b5579ff02..20a5e4fc8d 100644 --- a/windows/client-management/mdm/policy-csp-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-credentialproviders.md @@ -58,7 +58,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -124,7 +124,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -188,7 +188,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md index f8e1d19c97..29395b9209 100644 --- a/windows/client-management/mdm/policy-csp-credentialsui.md +++ b/windows/client-management/mdm/policy-csp-credentialsui.md @@ -55,7 +55,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -122,7 +122,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md index 4908b2af8e..e35c21d6ee 100644 --- a/windows/client-management/mdm/policy-csp-cryptography.md +++ b/windows/client-management/mdm/policy-csp-cryptography.md @@ -55,7 +55,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -103,7 +103,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md index c1a23ddc73..0a497016a1 100644 --- a/windows/client-management/mdm/policy-csp-dataprotection.md +++ b/windows/client-management/mdm/policy-csp-dataprotection.md @@ -55,7 +55,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -107,7 +107,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md index da3f7e483a..736ad17532 100644 --- a/windows/client-management/mdm/policy-csp-datausage.md +++ b/windows/client-management/mdm/policy-csp-datausage.md @@ -55,7 +55,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -123,7 +123,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index f8ca333a92..1324fc9bf1 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -154,7 +154,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -206,7 +206,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -258,7 +258,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -310,7 +310,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -362,7 +362,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -414,7 +414,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -466,7 +466,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -518,7 +518,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -570,7 +570,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -622,7 +622,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -674,7 +674,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -726,7 +726,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -778,7 +778,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -830,7 +830,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -879,7 +879,7 @@ Value type is string. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -930,7 +930,7 @@ Value type is string. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -981,7 +981,7 @@ The default value is 50. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1044,7 +1044,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1097,7 +1097,7 @@ For example, if the desired timeout is 60 seconds, specify 50 seconds in this se - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1143,7 +1143,7 @@ Added in Windows 10, version 1709. This policy setting allows user-specified app - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1189,7 +1189,7 @@ Added in Windows 10, version 1709. This policy settings allows adding user-speci - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1240,7 +1240,7 @@ The default value is 0, which keeps items in quarantine, and does not automatica - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1294,7 +1294,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1354,7 +1354,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1401,7 +1401,7 @@ Allows an administrator to specify a list of file type extensions to ignore duri - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1448,7 +1448,7 @@ Allows an administrator to specify a list of directory paths to ignore during a - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1501,7 +1501,7 @@ Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\E - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1554,7 +1554,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1611,7 +1611,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1663,7 +1663,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1720,7 +1720,7 @@ The default value is 120 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1783,7 +1783,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1840,7 +1840,7 @@ The default value is 120. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1893,7 +1893,7 @@ The default value is 8. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1947,7 +1947,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index 44763626f4..066c6de874 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -123,7 +123,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -172,7 +172,7 @@ The default value is 10. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -226,7 +226,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -271,7 +271,7 @@ After the max delay is reached, the download will resume using HTTP, either down - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -328,7 +328,7 @@ The following list shows the supported values as number of seconds: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -386,7 +386,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -436,7 +436,7 @@ This Policy specifies an arbitrary group ID that the device belongs to. Use this - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -496,7 +496,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -545,7 +545,7 @@ The default value is 259200 seconds (3 days). - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -594,7 +594,7 @@ The default value is 20. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -643,7 +643,7 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -692,7 +692,7 @@ The default value is 0, which permits unlimited possible bandwidth (optimized fo - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -741,7 +741,7 @@ The default value is 500. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -789,7 +789,7 @@ The default value is 0. The value 0 (zero) means "not limited" and the cloud ser - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -841,7 +841,7 @@ The default value is 32 GB. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -890,7 +890,7 @@ The default value is 100 MB. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -939,7 +939,7 @@ The default value is 4 GB. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -988,7 +988,7 @@ By default, %SystemDrive% is used to store the cache. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1039,7 +1039,7 @@ The default value is 20. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1095,7 +1095,7 @@ This policy is deprecated. Use [DOPercentageMaxForeDownloadBandwidth](#deliveryo - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1140,7 +1140,7 @@ Note that downloads from LAN peers will not be throttled even when this policy i - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1192,7 +1192,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1245,7 +1245,7 @@ This policy allows an IT Admin to define the following: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md index fbbf63681d..009265655e 100644 --- a/windows/client-management/mdm/policy-csp-desktop.md +++ b/windows/client-management/mdm/policy-csp-desktop.md @@ -52,7 +52,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md index decc360200..d2cc249634 100644 --- a/windows/client-management/mdm/policy-csp-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-deviceguard.md @@ -58,7 +58,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -108,7 +108,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -159,7 +159,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md index 212324e984..d104e70a92 100644 --- a/windows/client-management/mdm/policy-csp-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md @@ -55,7 +55,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -117,7 +117,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index 8b22ded5b4..97297f2da1 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -102,7 +102,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -159,7 +159,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -218,7 +218,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -272,7 +272,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -332,7 +332,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -420,7 +420,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -476,7 +476,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -534,7 +534,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -583,7 +583,7 @@ Value type is a string, which is the full image filepath and filename. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -632,7 +632,7 @@ Value type is a string, which is the AppID. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -695,7 +695,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -749,7 +749,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -801,7 +801,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -915,7 +915,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -974,7 +974,7 @@ For additional information about this policy, see [Exchange ActiveSync Policy En - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1021,7 +1021,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1083,7 +1083,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md index 3921cace6c..395598e623 100644 --- a/windows/client-management/mdm/policy-csp-display.md +++ b/windows/client-management/mdm/policy-csp-display.md @@ -55,7 +55,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -111,7 +111,7 @@ To validate on Desktop, do the following: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md index 6889a52380..70e051604f 100644 --- a/windows/client-management/mdm/policy-csp-education.md +++ b/windows/client-management/mdm/policy-csp-education.md @@ -58,7 +58,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -103,7 +103,7 @@ The policy value is expected to be the name (network host name) of an installed - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -153,7 +153,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md index 38c3886970..635152c9cc 100644 --- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md +++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md @@ -67,7 +67,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -114,7 +114,7 @@ The default value is an empty string. Otherwise, the value should contain the UR - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -161,7 +161,7 @@ The default value is an empty string. Otherwise, the value should contain a GUID - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -208,7 +208,7 @@ The default value is an empty string. Otherwise, the value should contain a URL. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -255,7 +255,7 @@ The default value is an empty string. Otherwise, the value should contain the UR - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -302,7 +302,7 @@ For Windows Mobile, the default value is 20. - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md index 4f957acf78..8b4deb16d5 100644 --- a/windows/client-management/mdm/policy-csp-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-errorreporting.md @@ -64,7 +64,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -136,7 +136,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -198,7 +198,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -264,7 +264,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -326,7 +326,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md index 961555b8fe..b531654651 100644 --- a/windows/client-management/mdm/policy-csp-eventlogservice.md +++ b/windows/client-management/mdm/policy-csp-eventlogservice.md @@ -61,7 +61,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -125,7 +125,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -187,7 +187,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -249,7 +249,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index 1ee67cf404..08a7c01d46 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -114,7 +114,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -169,7 +169,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -221,7 +221,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -275,7 +275,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -329,7 +329,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -385,7 +385,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -450,7 +450,7 @@ This policy is deprecated. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -517,7 +517,7 @@ This policy is deprecated. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -567,7 +567,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -626,7 +626,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -680,7 +680,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -734,7 +734,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -790,7 +790,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -846,7 +846,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -902,7 +902,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -957,7 +957,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1013,7 +1013,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1063,7 +1063,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1116,7 +1116,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md index ba0ff86d79..421c1c41e8 100644 --- a/windows/client-management/mdm/policy-csp-exploitguard.md +++ b/windows/client-management/mdm/policy-csp-exploitguard.md @@ -52,7 +52,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md index 51f293f7b8..233f091ce6 100644 --- a/windows/client-management/mdm/policy-csp-games.md +++ b/windows/client-management/mdm/policy-csp-games.md @@ -52,7 +52,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md index 15016063fb..ac276081cf 100644 --- a/windows/client-management/mdm/policy-csp-handwriting.md +++ b/windows/client-management/mdm/policy-csp-handwriting.md @@ -52,7 +52,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index 2b29a32684..ba26acd4fc 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -778,7 +778,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -841,7 +841,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -904,7 +904,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -973,7 +973,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1030,7 +1030,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1088,7 +1088,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1146,7 +1146,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1211,7 +1211,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1274,7 +1274,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1337,7 +1337,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1394,7 +1394,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1457,7 +1457,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1522,7 +1522,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1591,7 +1591,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1660,7 +1660,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1729,7 +1729,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1798,7 +1798,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1867,7 +1867,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1936,7 +1936,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2005,7 +2005,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2068,7 +2068,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2137,7 +2137,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2195,7 +2195,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2260,7 +2260,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2329,7 +2329,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2398,7 +2398,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2467,7 +2467,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2525,7 +2525,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2583,7 +2583,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2641,7 +2641,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2706,7 +2706,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2769,7 +2769,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2832,7 +2832,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2890,7 +2890,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2948,7 +2948,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3013,7 +3013,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3071,7 +3071,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3134,7 +3134,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3199,7 +3199,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3266,7 +3266,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3333,7 +3333,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3395,7 +3395,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3453,7 +3453,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3511,7 +3511,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3569,7 +3569,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3632,7 +3632,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3695,7 +3695,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3760,7 +3760,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3818,7 +3818,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3882,7 +3882,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3940,7 +3940,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4008,7 +4008,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4076,7 +4076,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4141,7 +4141,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4210,7 +4210,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4275,7 +4275,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4340,7 +4340,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4405,7 +4405,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4470,7 +4470,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4533,7 +4533,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4591,7 +4591,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4649,7 +4649,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4714,7 +4714,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4779,7 +4779,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4837,7 +4837,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4902,7 +4902,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -4960,7 +4960,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5018,7 +5018,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5076,7 +5076,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5134,7 +5134,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5199,7 +5199,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5266,7 +5266,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5324,7 +5324,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5389,7 +5389,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5447,7 +5447,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5505,7 +5505,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5563,7 +5563,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5621,7 +5621,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5679,7 +5679,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5737,7 +5737,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5795,7 +5795,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5853,7 +5853,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5911,7 +5911,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -5978,7 +5978,7 @@ ADMX Info: - + @@ -6011,7 +6011,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -6069,7 +6069,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -6127,7 +6127,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -6185,7 +6185,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -6250,7 +6250,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -6308,7 +6308,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -6366,7 +6366,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -6424,7 +6424,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -6489,7 +6489,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -6554,7 +6554,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -6617,7 +6617,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -6682,7 +6682,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -6747,7 +6747,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -6812,7 +6812,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -6877,7 +6877,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -6944,7 +6944,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7009,7 +7009,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7067,7 +7067,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7134,7 +7134,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7192,7 +7192,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7257,7 +7257,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7322,7 +7322,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7387,7 +7387,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7450,7 +7450,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7515,7 +7515,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7580,7 +7580,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7645,7 +7645,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7710,7 +7710,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7777,7 +7777,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7842,7 +7842,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7900,7 +7900,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -7967,7 +7967,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8025,7 +8025,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8090,7 +8090,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8155,7 +8155,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8220,7 +8220,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8283,7 +8283,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8348,7 +8348,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8413,7 +8413,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8478,7 +8478,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8543,7 +8543,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8610,7 +8610,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8675,7 +8675,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8742,7 +8742,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8800,7 +8800,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8865,7 +8865,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8930,7 +8930,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -8995,7 +8995,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9058,7 +9058,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9123,7 +9123,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9188,7 +9188,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9253,7 +9253,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9318,7 +9318,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9385,7 +9385,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9450,7 +9450,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9517,7 +9517,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9582,7 +9582,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9647,7 +9647,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9712,7 +9712,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9775,7 +9775,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9840,7 +9840,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9905,7 +9905,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -9970,7 +9970,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -10035,7 +10035,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -10102,7 +10102,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -10167,7 +10167,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -10234,7 +10234,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -10292,7 +10292,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -10357,7 +10357,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -10422,7 +10422,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -10487,7 +10487,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -10550,7 +10550,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -10615,7 +10615,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -10680,7 +10680,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -10745,7 +10745,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -10810,7 +10810,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -10877,7 +10877,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -10942,7 +10942,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11009,7 +11009,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11067,7 +11067,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11132,7 +11132,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11197,7 +11197,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11262,7 +11262,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11325,7 +11325,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11390,7 +11390,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11455,7 +11455,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11520,7 +11520,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11585,7 +11585,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11652,7 +11652,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11717,7 +11717,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11784,7 +11784,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11842,7 +11842,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11907,7 +11907,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -11965,7 +11965,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12023,7 +12023,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12081,7 +12081,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12139,7 +12139,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12197,7 +12197,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12255,7 +12255,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12313,7 +12313,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12371,7 +12371,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12429,7 +12429,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12494,7 +12494,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12552,7 +12552,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12617,7 +12617,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12680,7 +12680,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12738,7 +12738,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12796,7 +12796,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12854,7 +12854,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12912,7 +12912,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -12977,7 +12977,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13042,7 +13042,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13100,7 +13100,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13158,7 +13158,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13223,7 +13223,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13281,7 +13281,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13339,7 +13339,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13397,7 +13397,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13455,7 +13455,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13520,7 +13520,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13587,7 +13587,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13645,7 +13645,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13710,7 +13710,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13768,7 +13768,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13826,7 +13826,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13884,7 +13884,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -13942,7 +13942,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14000,7 +14000,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14058,7 +14058,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14116,7 +14116,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14174,7 +14174,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14241,7 +14241,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14299,7 +14299,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14357,7 +14357,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14415,7 +14415,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14480,7 +14480,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14538,7 +14538,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14596,7 +14596,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14654,7 +14654,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14712,7 +14712,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14770,7 +14770,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14828,7 +14828,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14886,7 +14886,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -14944,7 +14944,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -15007,7 +15007,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -15064,7 +15064,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -15122,7 +15122,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -15187,7 +15187,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -15252,7 +15252,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -15315,7 +15315,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -15380,7 +15380,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -15445,7 +15445,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -15510,7 +15510,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -15575,7 +15575,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -15642,7 +15642,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -15707,7 +15707,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -15765,7 +15765,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -15832,7 +15832,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -15890,7 +15890,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md index 66c8d28294..7a2e9f901b 100644 --- a/windows/client-management/mdm/policy-csp-kerberos.md +++ b/windows/client-management/mdm/policy-csp-kerberos.md @@ -64,7 +64,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -126,7 +126,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -187,7 +187,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -253,7 +253,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -315,7 +315,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md index eba4551112..769c55b3dd 100644 --- a/windows/client-management/mdm/policy-csp-kioskbrowser.md +++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md @@ -69,7 +69,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -113,7 +113,7 @@ Added in Windows 10, next major update. List of exceptions to the blocked websit - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -157,7 +157,7 @@ Added in Windows 10, next major update. List of blocked website URLs (with wildc - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -201,7 +201,7 @@ Added in Windows 10, next major update. Configures the default URL kiosk browser - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -245,7 +245,7 @@ Added in Windows 10, next major update. Enable/disable kiosk browser's home butt - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -289,7 +289,7 @@ Added in Windows 10, next major update. Enable/disable kiosk browser's navigatio - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md index 8cd5d7c7a9..28751d2800 100644 --- a/windows/client-management/mdm/policy-csp-licensing.md +++ b/windows/client-management/mdm/policy-csp-licensing.md @@ -55,7 +55,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -105,7 +105,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index 79fc96e412..d142ceb56a 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -216,7 +216,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -274,7 +274,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -329,7 +329,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -381,7 +381,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -441,7 +441,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -490,7 +490,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -539,7 +539,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -589,7 +589,7 @@ Disabling this policy may tempt users to try and physically remove the laptop fr - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -639,7 +639,7 @@ Default: This policy is not defined and only Administrators have this ability. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -691,7 +691,7 @@ This setting does not affect the ability to add a local printer. This setting do - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -740,7 +740,7 @@ Default: This policy is not defined and CD-ROM access is not restricted to the l - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -800,7 +800,7 @@ Logon information transmitted over the secure channel is always encrypted regard - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -857,7 +857,7 @@ Note: Domain controllers are also domain members and establish secure channels w - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -908,7 +908,7 @@ Default: Enabled. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -960,7 +960,7 @@ This setting should not be used in an attempt to support dual-boot scenarios tha - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1011,7 +1011,7 @@ This setting applies to Windows 2000 computers, but it is not available through - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1073,7 +1073,7 @@ In order to take advantage of this policy on domain controllers, all domain cont - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1123,7 +1123,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1178,7 +1178,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1234,7 +1234,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1291,7 +1291,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1343,7 +1343,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1394,7 +1394,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1443,7 +1443,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1507,7 +1507,7 @@ On Windows Vista and above: For this setting to work, the Smart Card Removal Pol - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1572,7 +1572,7 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1634,7 +1634,7 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1683,7 +1683,7 @@ Default: Disabled. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1734,7 +1734,7 @@ Default:This policy is not defined, which means that the system treats it as 15 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1808,7 +1808,7 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1874,7 +1874,7 @@ For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1933,7 +1933,7 @@ This policy has no impact on domain controllers. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1982,7 +1982,7 @@ Default: Disabled. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2033,7 +2033,7 @@ Default: Disabled. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2082,7 +2082,7 @@ Default: Enabled. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2131,7 +2131,7 @@ This policy is supported on at least Windows Server 2016. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2188,7 +2188,7 @@ Note: Windows Vista or Windows Server 2008 do not expose this setting in Group P - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2239,7 +2239,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2293,7 +2293,7 @@ This setting can affect the ability of computers running Windows 2000 Server, Wi - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2362,7 +2362,7 @@ Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2416,7 +2416,7 @@ Windows 7 and Windows Server 2008 R2: Require 128-bit encryption - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2470,7 +2470,7 @@ Windows 7 and Windows Server 2008 R2: Require 128-bit encryption - + Recovery console: Allow automatic administrative logon @@ -2513,7 +2513,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2570,7 +2570,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2621,7 +2621,7 @@ Default: Disabled. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2670,7 +2670,7 @@ Default: Enabled. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2726,7 +2726,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2787,7 +2787,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2841,7 +2841,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2892,7 +2892,7 @@ Disabled: Application installation packages are not detected and prompted for el - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2943,7 +2943,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3000,7 +3000,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3052,7 +3052,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3103,7 +3103,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3154,7 +3154,7 @@ The options are: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-location.md b/windows/client-management/mdm/policy-csp-location.md index 533c3d2f12..f5a62a9471 100644 --- a/windows/client-management/mdm/policy-csp-location.md +++ b/windows/client-management/mdm/policy-csp-location.md @@ -52,7 +52,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md index d42f28adb1..38165bb182 100644 --- a/windows/client-management/mdm/policy-csp-lockdown.md +++ b/windows/client-management/mdm/policy-csp-lockdown.md @@ -52,7 +52,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md index 178bc58f12..d4c5ac8af2 100644 --- a/windows/client-management/mdm/policy-csp-maps.md +++ b/windows/client-management/mdm/policy-csp-maps.md @@ -55,7 +55,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -108,7 +108,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md index a7f3f8050a..a10d85a033 100644 --- a/windows/client-management/mdm/policy-csp-messaging.md +++ b/windows/client-management/mdm/policy-csp-messaging.md @@ -58,7 +58,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -109,7 +109,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -157,7 +157,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md index bbbe2fb3fa..1e104d4c8a 100644 --- a/windows/client-management/mdm/policy-csp-networkisolation.md +++ b/windows/client-management/mdm/policy-csp-networkisolation.md @@ -73,7 +73,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -116,7 +116,7 @@ Contains a list of Enterprise resource domains hosted in the cloud that need to - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -172,7 +172,7 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -215,7 +215,7 @@ Boolean value that tells the client to accept the configured list and not to use - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -258,7 +258,7 @@ This is the comma-separated list of internal proxy servers. For example "157.54. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -311,7 +311,7 @@ Here are the steps to create canonical domain names: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -354,7 +354,7 @@ This is a comma-separated list of proxy servers. Any server on this list is cons - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -397,7 +397,7 @@ Boolean value that tells the client to accept the configured list of proxies and - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md index 767c680221..d9bb95050c 100644 --- a/windows/client-management/mdm/policy-csp-notifications.md +++ b/windows/client-management/mdm/policy-csp-notifications.md @@ -52,7 +52,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md index 8de63327aa..7ea180fcf7 100644 --- a/windows/client-management/mdm/policy-csp-power.md +++ b/windows/client-management/mdm/policy-csp-power.md @@ -76,7 +76,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -138,7 +138,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -202,7 +202,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -266,7 +266,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -331,7 +331,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -395,7 +395,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -457,7 +457,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -519,7 +519,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -583,7 +583,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md index e6535304b1..709afa0ddb 100644 --- a/windows/client-management/mdm/policy-csp-printers.md +++ b/windows/client-management/mdm/policy-csp-printers.md @@ -58,7 +58,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -133,7 +133,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -208,7 +208,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index 79f182b572..8ab600b9d8 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -280,7 +280,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -336,7 +336,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -388,7 +388,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -441,7 +441,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -491,7 +491,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -542,7 +542,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -585,7 +585,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -628,7 +628,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -671,7 +671,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -722,7 +722,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -765,7 +765,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -808,7 +808,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -851,7 +851,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -902,7 +902,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -945,7 +945,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -988,7 +988,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1031,7 +1031,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1082,7 +1082,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1125,7 +1125,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1168,7 +1168,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1211,7 +1211,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1262,7 +1262,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1305,7 +1305,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1348,7 +1348,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1391,7 +1391,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1442,7 +1442,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1485,7 +1485,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1528,7 +1528,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1571,7 +1571,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1622,7 +1622,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1665,7 +1665,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1708,7 +1708,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1751,7 +1751,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1802,7 +1802,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1845,7 +1845,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1888,7 +1888,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1931,7 +1931,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1982,7 +1982,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2025,7 +2025,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2068,7 +2068,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2111,7 +2111,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2162,7 +2162,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2205,7 +2205,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2248,7 +2248,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2291,7 +2291,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2342,7 +2342,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2385,7 +2385,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2428,7 +2428,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2471,7 +2471,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2522,7 +2522,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2565,7 +2565,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2608,7 +2608,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2651,7 +2651,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2702,7 +2702,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2745,7 +2745,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2788,7 +2788,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2831,7 +2831,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2874,7 +2874,7 @@ Added in Windows 10, version 1703. Specifies whether Windows apps can access tas - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2917,7 +2917,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2960,7 +2960,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3003,7 +3003,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family N - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3054,7 +3054,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3097,7 +3097,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3140,7 +3140,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3183,7 +3183,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3234,7 +3234,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3277,7 +3277,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3320,7 +3320,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3363,7 +3363,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3416,7 +3416,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3459,7 +3459,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3502,7 +3502,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3545,7 +3545,7 @@ Added in Windows 10, version 1703. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3596,7 +3596,7 @@ Most restricted value is 2. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3639,7 +3639,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3682,7 +3682,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -3725,7 +3725,7 @@ Added in Windows 10, version 1607. List of semi-colon delimited Package Family - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md index 25c6878ae9..1cf07a4456 100644 --- a/windows/client-management/mdm/policy-csp-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-remoteassistance.md @@ -61,7 +61,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -129,7 +129,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -193,7 +193,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -265,7 +265,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md index 1ff2a93cea..2c808afadf 100644 --- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md +++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md @@ -67,7 +67,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -135,7 +135,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -207,7 +207,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -273,7 +273,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -335,7 +335,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -403,7 +403,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md index 762edfe54e..141fbaed7e 100644 --- a/windows/client-management/mdm/policy-csp-remotemanagement.md +++ b/windows/client-management/mdm/policy-csp-remotemanagement.md @@ -94,7 +94,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -151,7 +151,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -208,7 +208,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -265,7 +265,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -322,7 +322,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -379,7 +379,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -436,7 +436,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -493,7 +493,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -550,7 +550,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -607,7 +607,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -664,7 +664,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -721,7 +721,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -778,7 +778,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -835,7 +835,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -892,7 +892,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md index 12189ebcb2..6038112891 100644 --- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md +++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md @@ -55,7 +55,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -121,7 +121,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md index bb014aba29..d1a746424c 100644 --- a/windows/client-management/mdm/policy-csp-remoteshell.md +++ b/windows/client-management/mdm/policy-csp-remoteshell.md @@ -70,7 +70,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -127,7 +127,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -184,7 +184,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -241,7 +241,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -298,7 +298,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -355,7 +355,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -412,7 +412,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index 8a9ea5fa7c..6aac1d55e9 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -93,7 +93,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -141,7 +141,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -191,7 +191,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -247,7 +247,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -319,7 +319,7 @@ This policy has been deprecated. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -369,7 +369,7 @@ Most restricted value is 0. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -412,7 +412,7 @@ Allow Windows indexer. Value type is integer. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -462,7 +462,7 @@ Most restricted value is 0. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -510,7 +510,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -562,7 +562,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -617,7 +617,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -669,7 +669,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -717,7 +717,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md index ac48498127..7ee5db3300 100644 --- a/windows/client-management/mdm/policy-csp-security.md +++ b/windows/client-management/mdm/policy-csp-security.md @@ -84,7 +84,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -134,7 +134,7 @@ The following list shows the supported values: - + > [!NOTE] > This policy has been deprecated in Windows 10, version 1607 @@ -182,7 +182,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -238,7 +238,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -288,7 +288,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -342,7 +342,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -395,7 +395,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -449,7 +449,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -503,7 +503,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -556,7 +556,7 @@ Most restricted value is 1. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -604,7 +604,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index f80b9cac01..f5a811c564 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -93,7 +93,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -150,7 +150,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -200,7 +200,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -250,7 +250,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -300,7 +300,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -354,7 +354,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -399,7 +399,7 @@ If disabled, Settings will not contact Microsoft content services to retrieve ti - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -453,7 +453,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -507,7 +507,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -561,7 +561,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -611,7 +611,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -665,7 +665,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -715,7 +715,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -765,7 +765,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md index c487c7699c..27398259c1 100644 --- a/windows/client-management/mdm/policy-csp-smartscreen.md +++ b/windows/client-management/mdm/policy-csp-smartscreen.md @@ -58,7 +58,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -108,7 +108,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -158,7 +158,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md index 6da3005afa..2c38f752bb 100644 --- a/windows/client-management/mdm/policy-csp-speech.md +++ b/windows/client-management/mdm/policy-csp-speech.md @@ -52,7 +52,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index af43f0bf48..fa95c2c0a3 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -136,7 +136,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -187,7 +187,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -238,7 +238,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -289,7 +289,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -340,7 +340,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -391,7 +391,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -442,7 +442,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -493,7 +493,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -544,7 +544,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -595,7 +595,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -646,7 +646,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -701,7 +701,7 @@ If there is policy configuration conflict, the latest configuration request is a - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -764,7 +764,7 @@ To validate on Desktop, do the following: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -819,7 +819,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -881,7 +881,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -939,7 +939,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -994,7 +994,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1039,7 +1039,7 @@ Value type is integer. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1097,7 +1097,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1162,7 +1162,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1224,7 +1224,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1279,7 +1279,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1334,7 +1334,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1389,7 +1389,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1444,7 +1444,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1499,7 +1499,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1558,7 +1558,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1616,7 +1616,7 @@ To validate on Desktop, do the following: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1674,7 +1674,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index f7c55ff050..62c833ad36 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -55,7 +55,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -106,7 +106,7 @@ Value type is integer. - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index eb2ff5cb90..e8c1f500f6 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -96,7 +96,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -151,7 +151,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -203,7 +203,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -257,7 +257,7 @@ Most restricted value is 0. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -320,7 +320,7 @@ To verify if System/AllowFontProviders is set to true: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -377,7 +377,7 @@ For example, an app's original Location setting is Off. The administrator then s - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -429,7 +429,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -548,7 +548,7 @@ Most restricted value is 0. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -601,7 +601,7 @@ orted values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -657,7 +657,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -700,7 +700,7 @@ This policy setting blocks the Connected User Experience and Telemetry service f - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -764,7 +764,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -832,7 +832,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -882,7 +882,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -938,7 +938,7 @@ If you disable or do not configure this policy setting, then the level of diagno - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md index 121c82b0ca..e717d43451 100644 --- a/windows/client-management/mdm/policy-csp-systemservices.md +++ b/windows/client-management/mdm/policy-csp-systemservices.md @@ -69,7 +69,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -112,7 +112,7 @@ Added in Windows 10, next major update. This setting determines whether the serv - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -155,7 +155,7 @@ Added in Windows 10, next major update. This setting determines whether the serv - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -198,7 +198,7 @@ Added in Windows 10, next major update. This setting determines whether the serv - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -241,7 +241,7 @@ Added in Windows 10, next major update. This setting determines whether the serv - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -284,7 +284,7 @@ Added in Windows 10, next major update. This setting determines whether the serv - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md index 9f01af6518..0da5ed456d 100644 --- a/windows/client-management/mdm/policy-csp-taskscheduler.md +++ b/windows/client-management/mdm/policy-csp-taskscheduler.md @@ -54,7 +54,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index c9ef2af75d..7b2956f975 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -93,7 +93,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -149,7 +149,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -205,7 +205,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -261,7 +261,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -315,7 +315,7 @@ Most restricted value is 0. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -371,7 +371,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -427,7 +427,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -483,7 +483,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -555,7 +555,7 @@ This policy has been deprecated. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -611,7 +611,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -667,7 +667,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -719,7 +719,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -771,7 +771,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md index ae92f571db..ddda234337 100644 --- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md +++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md @@ -52,7 +52,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 2b7ed79caf..d6e49b9bb0 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -195,7 +195,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -245,7 +245,7 @@ The default is 17 (5 PM). - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -292,7 +292,7 @@ The default value is 18 (hours). - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -342,7 +342,7 @@ The default value is 8 (8 AM). - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -402,7 +402,7 @@ If the policy is not configured, end-users get the default behavior (Auto instal - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -456,7 +456,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -504,7 +504,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -558,7 +558,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -615,7 +615,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -662,7 +662,7 @@ The default value is 7 days. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -711,7 +711,7 @@ Supported values are 15, 30, 60, 120, and 240 (minutes). - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -759,7 +759,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -812,7 +812,7 @@ The following list shows the supported values: - + Added in Windows 10, next major update. Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days. @@ -846,7 +846,7 @@ Added in Windows 10, next major update. Enable IT admin to configure feature up - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -896,7 +896,7 @@ Supported values are 0-365 days. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -941,7 +941,7 @@ Supported values are 0-30. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1077,7 +1077,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1132,7 +1132,7 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1175,7 +1175,7 @@ Added in Windows 10, version 1703. Specifies the scan frequency from every 1 - 2 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1231,7 +1231,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1278,7 +1278,7 @@ The default value is 0 days (not specified). - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1325,7 +1325,7 @@ The default value is 3 days. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1372,7 +1372,7 @@ The default value is 7 days. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1423,7 +1423,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1474,7 +1474,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1539,7 +1539,7 @@ To validate this policy: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1601,7 +1601,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1650,7 +1650,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1706,7 +1706,7 @@ If the "Allow Telemetry" policy is enabled and the Options value is set to 0, th - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1757,7 +1757,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1802,7 +1802,7 @@ Value type is string. Supported operations are Add, Get, Delete, and Replace. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1850,7 +1850,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1906,7 +1906,7 @@ This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupd - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1958,7 +1958,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2012,7 +2012,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2061,7 +2061,7 @@ Supported values are 15, 30, or 60 (minutes). - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2114,7 +2114,7 @@ Supported values are 2, 4, 8, 12, or 24 (hours). - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2172,7 +2172,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2219,7 +2219,7 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2266,7 +2266,7 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2313,7 +2313,7 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2360,7 +2360,7 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2407,7 +2407,7 @@ Added in Windows 10, version 1709. Enables the IT admin to schedule the update i - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2462,7 +2462,7 @@ The default value is 3. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2510,7 +2510,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2558,7 +2558,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -2629,7 +2629,7 @@ Example - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index 6e21e25c40..53cf96c3f3 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -138,7 +138,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -181,7 +181,7 @@ This user right is used by Credential Manager during Backup/Restore. No accounts - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -224,7 +224,7 @@ This user right determines which users and groups are allowed to connect to the - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -267,7 +267,7 @@ This user right allows a process to impersonate any user without authentication. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -310,7 +310,7 @@ This user right determines which users can log on to the computer. Note: Modifyi - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -353,7 +353,7 @@ This user right determines which users can bypass file, directory, registry, and - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -396,7 +396,7 @@ This user right determines which users and groups can change the time and date o - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -439,7 +439,7 @@ This security setting determines whether users can create global objects that ar - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -482,7 +482,7 @@ This user right determines which users and groups can call an internal applicati - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -525,7 +525,7 @@ This user right determines which accounts can be used by processes to create a d - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -568,7 +568,7 @@ This user right determines if the user can create a symbolic link from the compu - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -611,7 +611,7 @@ This user right determines which accounts can be used by processes to create a t - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -654,7 +654,7 @@ This user right determines which users can attach a debugger to any process or t - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -697,7 +697,7 @@ This user right determines which users are prevented from accessing a computer o - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -740,7 +740,7 @@ This security setting determines which service accounts are prevented from regis - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -783,7 +783,7 @@ This user right determines which users and groups are prohibited from logging on - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -826,7 +826,7 @@ This user right determines which users can set the Trusted for Delegation settin - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -869,7 +869,7 @@ This user right determines which accounts can be used by a process to add entrie - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -916,7 +916,7 @@ Because of these factors, users do not usually need this user right. Warning: If - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -959,7 +959,7 @@ This user right determines which accounts can use a process with Write Property - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1002,7 +1002,7 @@ This user right determines which users can dynamically load and unload device dr - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1045,7 +1045,7 @@ This user right determines which accounts can use a process to keep data in phys - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1088,7 +1088,7 @@ This user right determines which users can specify object access auditing option - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1131,7 +1131,7 @@ This user right determines which users and groups can run maintenance tasks on a - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1174,7 +1174,7 @@ This user right determines who can modify firmware environment values. Firmware - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1217,7 +1217,7 @@ This user right determines which user accounts can modify the integrity label of - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1260,7 +1260,7 @@ This user right determines which users can use performance monitoring tools to m - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1303,7 +1303,7 @@ This user right determines which users are allowed to shut down a computer from - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1346,7 +1346,7 @@ This user right determines which users can bypass file, directory, registry, and - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md index 75609b7de1..5d27b9d4f0 100644 --- a/windows/client-management/mdm/policy-csp-wifi.md +++ b/windows/client-management/mdm/policy-csp-wifi.md @@ -81,7 +81,7 @@ This policy has been deprecated. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -133,7 +133,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -185,7 +185,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -240,7 +240,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -292,7 +292,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -342,7 +342,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md index 084f29982c..78fb5ed4b9 100644 --- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md +++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md @@ -108,7 +108,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -153,7 +153,7 @@ Value type is string. Supported operations are Add, Get, Replace and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -201,7 +201,7 @@ Valid values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -253,7 +253,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -301,7 +301,7 @@ Valid values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -356,7 +356,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -408,7 +408,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -460,7 +460,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -512,7 +512,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -564,7 +564,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -616,7 +616,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -668,7 +668,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -713,7 +713,7 @@ Value type is string. Supported operations are Add, Get, Replace and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -765,7 +765,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -817,7 +817,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -865,7 +865,7 @@ Valid values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -913,7 +913,7 @@ Valid values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -961,7 +961,7 @@ Valid values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -1006,7 +1006,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete. - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md index 11511b33b1..eda04ac82d 100644 --- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md +++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md @@ -55,7 +55,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -105,7 +105,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index 685f5e228e..e0a364f38a 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -58,7 +58,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -120,7 +120,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -182,7 +182,7 @@ ADMX Info: - + [Scope](./policy-configuration-service-provider.md#policy-scope): diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index 0ef62935e1..e7c65f476a 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -73,7 +73,7 @@ ms.date: 01/29/2018 - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -123,7 +123,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -173,7 +173,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -223,7 +223,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -273,7 +273,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -327,7 +327,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -404,7 +404,7 @@ The following list shows the supported values: - + [Scope](./policy-configuration-service-provider.md#policy-scope):