From 1ddf6337cb3bb2cc5385ecbd625d35c72b02229d Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 10 Dec 2020 16:40:03 -0800 Subject: [PATCH] Added RemovableStrorage policies --- windows/client-management/mdm/TOC.md | 1 + .../mdm/policies-in-policy-csp-admx-backed.md | 32 + .../policy-configuration-service-provider.md | 101 + .../mdm/policy-csp-admx-removablestorage.md | 2328 +++++++++++++++++ 4 files changed, 2462 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-removablestorage.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 2a7a434c65..22dc4936a7 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -217,6 +217,7 @@ #### [ADMX_PerformanceDiagnostics](policy-csp-admx-performancediagnostics.md) #### [ADMX_PowerShellExecutionPolicy](policy-csp-admx-powershellexecutionpolicy.md) #### [ADMX_Reliability](policy-csp-admx-reliability.md) +#### [ADMX_RemovableStorage](policy-csp-admx-removablestorage.md) #### [ADMX_RPC](policy-csp-admx-rpc.md) #### [ADMX_Scripts](policy-csp-admx-scripts.md) #### [ADMX_sdiageng](policy-csp-admx-sdiageng.md) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 40e0c3cfd3..850cba7f7b 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -445,6 +445,38 @@ ms.date: 10/08/2020 - [ADMX_Reliability/PCH_ReportShutdownEvents](./policy-csp-admx-reliability.md#admx-reliability-pch-reportshutdownevents) - [ADMX_Reliability/ShutdownEventTrackerStateFile](./policy-csp-admx-reliability.md#admx-reliability-shutdowneventtrackerstatefile) - [ADMX_Reliability/ShutdownReason](./policy-csp-admx-reliability.md#admx-reliability-shutdownreason) +- [ADMX_RemovableStorage/AccessRights_RebootTime_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-accessrights-reboottime-1) +- [ADMX_RemovableStorage/AccessRights_RebootTime_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-accessrights-reboottime-2) +- [ADMX_RemovableStorage/CDandDVD_DenyExecute_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-cdanddvd-denyexecute-access-2) +- [ADMX_RemovableStorage/CDandDVD_DenyRead_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-cdanddvd-denyread-access-1) +- [ADMX_RemovableStorage/CDandDVD_DenyRead_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-cdanddvd-denyread-access-2) +- [ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-cdanddvd-denywrite-access-1) +- [ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-cdanddvd-denywrite-access-2) +- [ADMX_RemovableStorage/CustomClasses_DenyRead_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-customclasses-denyread-access-1) +- [ADMX_RemovableStorage/CustomClasses_DenyRead_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-customclasses-denyread-access-2) +- [ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-customclasses-denywrite-access-1) +- [ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-customclasses-denywrite-access-2) +- [ADMX_RemovableStorage/FloppyDrives_DenyExecute_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-floppydrives-denyexecute-access-2) +- [ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-floppydrives-denyread-access-1) +- [ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-floppydrives-denyread-access-2) +- [ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-floppydrives-denywrite-access-1) +- [ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-floppydrives-denywrite-access-2) +- [ADMX_RemovableStorage/RemovableDisks_DenyExecute_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-removabledisks-denyexecute-access-2) +- [ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-removabledisks-denyread-access-1) +- [ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-removabledisks-denyread-access-2) +- [ADMX_RemovableStorage/RemovableDisks_DenyWrite_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-removabledisks-denywrite-access-1) +- [ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-removablestorageclasses-denyall-access-1) +- [ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-removablestorageclasses-denyall-access-2) +- [ADMX_RemovableStorage/Removable_Remote_Allow_Access](./policy-csp-admx-removablestorage.md#admx-removablestorage-removable-remote-allow-access) +- [ADMX_RemovableStorage/TapeDrives_DenyExecute_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-tapedrives-denyexecute-access-2) +- [ADMX_RemovableStorage/TapeDrives_DenyRead_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-tapedrives-denyread-access-1) +- [ADMX_RemovableStorage/TapeDrives_DenyRead_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-tapedrives-denyread-access-2) +- [ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-tapedrives-denywrite-access-1) +- [ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-tapedrives-denywrite-access-2) +- [ADMX_RemovableStorage/WPDDevices_DenyRead_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-wpddevices-denyread-access-1) +- [ADMX_RemovableStorage/WPDDevices_DenyRead_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-wpddevices-denyread-access-2) +- [ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-wpddevices-denywrite-access-1) +- [ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-wpddevices-denywrite-access-2) - [ADMX_RPC/RpcExtendedErrorInformation](./policy-csp-admx-rpc.md#admx-rpc-rpcextendederrorinformation) - [ADMX_RPC/RpcIgnoreDelegationFailure](./policy-csp-admx-rpc.md#admx-rpc-rpcignoredelegationfailure) - [ADMX_RPC/RpcMinimumHttpConnectionTimeout](./policy-csp-admx-rpc.md#admx-rpc-rpcminimumhttpconnectiontimeout) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 5ea40c5c67..e446aa1591 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -1649,6 +1649,107 @@ The following diagram shows the Policy configuration service provider in tree fo +### ADMX_RemovableStorage policies + +
+
+ ADMX_RemovableStorage/AccessRights_RebootTime_1 +
+
+ ADMX_RemovableStorage/AccessRights_RebootTime_2 +
+
+ ADMX_RemovableStorage/CDandDVD_DenyExecute_Access_2 +
+
+ ADMX_RemovableStorage/CDandDVD_DenyRead_Access_1 +
+
+ ADMX_RemovableStorage/CDandDVD_DenyRead_Access_2 +
+
+ ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_1 +
+
+ ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_2 +
+
+ ADMX_RemovableStorage/CustomClasses_DenyRead_Access_1 +
+
+ ADMX_RemovableStorage/CustomClasses_DenyRead_Access_2 +
+
+ ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_1 +
+
+ ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_2 +
+
+ ADMX_RemovableStorage/FloppyDrives_DenyExecute_Access_2 +
+
+ ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_1 +
+
+ ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_2 +
+
+ ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_1 +
+
+ ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_2 +
+
+ ADMX_RemovableStorage/RemovableDisks_DenyExecute_Access_2 +
+
+ ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_1 +
+
+ ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_2 +
+
+ ADMX_RemovableStorage/RemovableDisks_DenyWrite_Access_1 +
+
+ ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_1 +
+
+ ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_2 +
+
+ ADMX_RemovableStorage/Removable_Remote_Allow_Access +
+
+ ADMX_RemovableStorage/TapeDrives_DenyExecute_Access_2 +
+
+ ADMX_RemovableStorage/TapeDrives_DenyRead_Access_1 +
+
+ ADMX_RemovableStorage/TapeDrives_DenyRead_Access_2 +
+
+ ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_1 +
+
+ ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_2 +
+
+ ADMX_RemovableStorage/WPDDevices_DenyRead_Access_1 +
+
+ ADMX_RemovableStorage/WPDDevices_DenyRead_Access_2 +
+
+ ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_1 +
+
+ ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_2 +
+
+ ### ADMX_RPC policies
diff --git a/windows/client-management/mdm/policy-csp-admx-removablestorage.md b/windows/client-management/mdm/policy-csp-admx-removablestorage.md new file mode 100644 index 0000000000..eaa2b417ff --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-removablestorage.md @@ -0,0 +1,2328 @@ +--- +title: Policy CSP - ADMX_RemovableStorage +description: Policy CSP - ADMX_RemovableStorage +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 12/10/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_RemovableStorage +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_RemovableStorage policies + +
+
+ ADMX_RemovableStorage/AccessRights_RebootTime_1 +
+
+ ADMX_RemovableStorage/AccessRights_RebootTime_2 +
+
+ ADMX_RemovableStorage/CDandDVD_DenyExecute_Access_2 +
+
+ ADMX_RemovableStorage/CDandDVD_DenyRead_Access_1 +
+
+ ADMX_RemovableStorage/CDandDVD_DenyRead_Access_2 +
+
+ ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_1 +
+
+ ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_2 +
+
+ ADMX_RemovableStorage/CustomClasses_DenyRead_Access_1 +
+
+ ADMX_RemovableStorage/CustomClasses_DenyRead_Access_2 +
+
+ ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_1 +
+
+ ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_2 +
+
+ ADMX_RemovableStorage/FloppyDrives_DenyExecute_Access_2 +
+
+ ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_1 +
+
+ ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_2 +
+
+ ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_1 +
+
+ ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_2 +
+
+ ADMX_RemovableStorage/RemovableDisks_DenyExecute_Access_2 +
+
+ ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_1 +
+
+ ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_2 +
+
+ ADMX_RemovableStorage/RemovableDisks_DenyWrite_Access_1 +
+
+ ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_1 +
+
+ ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_2 +
+
+ ADMX_RemovableStorage/Removable_Remote_Allow_Access +
+
+ ADMX_RemovableStorage/TapeDrives_DenyExecute_Access_2 +
+
+ ADMX_RemovableStorage/TapeDrives_DenyRead_Access_1 +
+
+ ADMX_RemovableStorage/TapeDrives_DenyRead_Access_2 +
+
+ ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_1 +
+
+ ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_2 +
+
+ ADMX_RemovableStorage/WPDDevices_DenyRead_Access_1 +
+
+ ADMX_RemovableStorage/WPDDevices_DenyRead_Access_2 +
+
+ ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_1 +
+
+ ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_2 +
+
+ + +
+ + +**ADMX_RemovableStorage/AccessRights_RebootTime_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the amount of time (in seconds) that the operating system waits to reboot in order to enforce a change in access rights to removable storage devices. + +If you enable this policy setting, you can set the number of seconds you want the system to wait until a reboot. + +If you disable or do not configure this setting, the operating system does not force a reboot. + +> [!NOTE] +> If no reboot is forced, the access right does not take effect until the operating system is restarted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Set time (in seconds) to force reboot* +- GP name: *AccessRights_RebootTime_1* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + + +
+ + +**ADMX_RemovableStorage/AccessRights_RebootTime_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting configures the amount of time (in seconds) that the operating system waits to reboot in order to enforce a change in access rights to removable storage devices. + +If you enable this policy setting, you can set the number of seconds you want the system to wait until a reboot. + +If you disable or do not configure this setting, the operating system does not force a reboot + +> [!NOTE] +> If no reboot is forced, the access right does not take effect until the operating system is restarted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Set time (in seconds) to force reboot* +- GP name: *AccessRights_RebootTime_2* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + + +
+ + +**ADMX_RemovableStorage/CDandDVD_DenyExecute_Access_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting denies execute access to the CD and DVD removable storage class. + +If you enable this policy setting, execute access is denied to this removable storage class. + +If you disable or do not configure this policy setting, execute access is allowed to this removable storage class. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *CD and DVD: Deny execute access* +- GP name: *CDandDVD_DenyExecute_Access_2* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + + +
+ + +**ADMX_RemovableStorage/CDandDVD_DenyRead_Access_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to the CD and DVD removable storage class. + +If you enable this policy setting, read access is denied to this removable storage class. + +If you disable or do not configure this policy setting, read access is allowed to this removable storage class. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *CD and DVD: Deny read access* +- GP name: *CDandDVD_DenyRead_Access_1* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + + +
+ + +**ADMX_RemovableStorage/CDandDVD_DenyRead_Access_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to the CD and DVD removable storage class. + +If you enable this policy setting, read access is denied to this removable storage class. + +If you disable or do not configure this policy setting, read access is allowed to this removable storage class. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *CD and DVD: Deny read access* +- GP name: *CDandDVD_DenyRead_Access_2* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + + +
+ + +**ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to the CD and DVD removable storage class. + +If you enable this policy setting, write access is denied to this removable storage class. + +If you disable or do not configure this policy setting, write access is allowed to this removable storage class. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *CD and DVD: Deny write access* +- GP name: *CDandDVD_DenyWrite_Access_1* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + + +
+ + +**ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to the CD and DVD removable storage class. + +If you enable this policy setting, write access is denied to this removable storage class. + +If you disable or do not configure this policy setting, write access is allowed to this removable storage class. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *CD and DVD: Deny write access* +- GP name: *CDandDVD_DenyWrite_Access_2* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + + +
+ + +**ADMX_RemovableStorage/CustomClasses_DenyRead_Access_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to custom removable storage classes. + +If you enable this policy setting, read access is denied to these removable storage classes. + +If you disable or do not configure this policy setting, read access is allowed to these removable storage classes. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Custom Classes: Deny read access* +- GP name: *CustomClasses_DenyRead_Access_1* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + + +
+ + +**ADMX_RemovableStorage/CustomClasses_DenyRead_Access_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to custom removable storage classes. + +If you enable this policy setting, read access is denied to these removable storage classes. + +If you disable or do not configure this policy setting, read access is allowed to these removable storage classes. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Custom Classes: Deny read access* +- GP name: *CustomClasses_DenyRead_Access_2* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + + +
+ + +**ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to custom removable storage classes. + +If you enable this policy setting, write access is denied to these removable storage classes. + +If you disable or do not configure this policy setting, write access is allowed to these removable storage classes. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Custom Classes: Deny write access* +- GP name: *CustomClasses_DenyWrite_Access_1* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + +
+ + +**ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to custom removable storage classes. + +If you enable this policy setting, write access is denied to these removable storage classes. + +If you disable or do not configure this policy setting, write access is allowed to these removable storage classes. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Custom Classes: Deny write access* +- GP name: *CustomClasses_DenyWrite_Access_2* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + +
+ + +**ADMX_RemovableStorage/FloppyDrives_DenyExecute_Access_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting denies execute access to the Floppy Drives removable storage class, including USB Floppy Drives. + +If you enable this policy setting, execute access is denied to this removable storage class. + +If you disable or do not configure this policy setting, execute access is allowed to this removable storage class. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Floppy Drives: Deny execute access* +- GP name: *FloppyDrives_DenyExecute_Access_2* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + +
+ + +**ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to the Floppy Drives removable storage class, including USB Floppy Drives. + +If you enable this policy setting, read access is denied to this removable storage class. + +If you disable or do not configure this policy setting, read access is allowed to this removable storage class. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Floppy Drives: Deny read access* +- GP name: *FloppyDrives_DenyRead_Access_1* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + +
+ + +**ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to the Floppy Drives removable storage class, including USB Floppy Drives. + +If you enable this policy setting, read access is denied to this removable storage class. + +If you disable or do not configure this policy setting, read access is allowed to this removable storage class. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Floppy Drives: Deny read access* +- GP name: *FloppyDrives_DenyRead_Access_2* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + +
+ + +**ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to the Floppy Drives removable storage class, including USB Floppy Drives. + +If you enable this policy setting, write access is denied to this removable storage class. + +If you disable or do not configure this policy setting, write access is allowed to this removable storage class. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Floppy Drives: Deny write access* +- GP name: *FloppyDrives_DenyWrite_Access_1* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + +
+ + +**ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to the Floppy Drives removable storage class, including USB Floppy Drives. + +If you enable this policy setting, write access is denied to this removable storage class. + +If you disable or do not configure this policy setting, write access is allowed to this removable storage class. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Floppy Drives: Deny write access* +- GP name: *FloppyDrives_DenyWrite_Access_2* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + +
+ + +**ADMX_RemovableStorage/RemovableDisks_DenyExecute_Access_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting denies execute access to removable disks. + +If you enable this policy setting, execute access is denied to this removable storage class. + +If you disable or do not configure this policy setting, execute access is allowed to this removable storage class. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Removable Disks: Deny execute access* +- GP name: *RemovableDisks_DenyExecute_Access_2* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + +
+ + +**ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to removable disks. + +If you enable this policy setting, read access is denied to this removable storage class. + +If you disable or do not configure this policy setting, read access is allowed to this removable storage class. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Removable Disks: Deny read access* +- GP name: *RemovableDisks_DenyRead_Access_1* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + +
+ + +**ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to removable disks. + +If you enable this policy setting, read access is denied to this removable storage class. + +If you disable or do not configure this policy setting, read access is allowed to this removable storage class. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Removable Disks: Deny read access* +- GP name: *RemovableDisks_DenyRead_Access_2* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + +
+ + +**ADMX_RemovableStorage/RemovableDisks_DenyWrite_Access_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to removable disks. + +If you enable this policy setting, write access is denied to this removable storage class. + +If you disable or do not configure this policy setting, write access is allowed to this removable storage class. + +> [!NOTE] +> To require that users write data to BitLocker-protected storage, enable the policy setting "Deny write access to drives not protected by BitLocker," which is located in "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives." + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Removable Disks: Deny write access* +- GP name: *RemovableDisks_DenyWrite_Access_1* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + +
+ + +**ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Configure access to all removable storage classes. + +This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes, use the policy settings available for each class. + +If you enable this policy setting, no access is allowed to any removable storage class. + +If you disable or do not configure this policy setting, write and read accesses are allowed to all removable storage classes. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *All Removable Storage classes: Deny all access* +- GP name: *RemovableStorageClasses_DenyAll_Access_1* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + +
+ + +**ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Configure access to all removable storage classes. + +This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes, use the policy settings available for each class. + +If you enable this policy setting, no access is allowed to any removable storage class. + +If you disable or do not configure this policy setting, write and read accesses are allowed to all removable storage classes. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *All Removable Storage classes: Deny all access* +- GP name: *RemovableStorageClasses_DenyAll_Access_2* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + +
+ + +**ADMX_RemovableStorage/Removable_Remote_Allow_Access** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting grants normal users direct access to removable storage devices in remote sessions. + +If you enable this policy setting, remote users can open direct handles to removable storage devices in remote sessions. + +If you disable or do not configure this policy setting, remote users cannot open direct handles to removable storage devices in remote sessions. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *All Removable Storage: Allow direct access in remote sessions* +- GP name: *Removable_Remote_Allow_Access* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + +
+ + +**ADMX_RemovableStorage/TapeDrives_DenyExecute_Access_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting denies execute access to the Tape Drive removable storage class. + +If you enable this policy setting, execute access is denied to this removable storage class. + +If you disable or do not configure this policy setting, execute access is allowed to this removable storage class. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Tape Drives: Deny execute access* +- GP name: *TapeDrives_DenyExecute_Access_2* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + +
+ + +**ADMX_RemovableStorage/TapeDrives_DenyRead_Access_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to the Tape Drive removable storage class. + +If you enable this policy setting, read access is denied to this removable storage class. + +If you disable or do not configure this policy setting, read access is allowed to this removable storage class. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Tape Drives: Deny read access* +- GP name: *TapeDrives_DenyRead_Access_1* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + +
+ + +**ADMX_RemovableStorage/TapeDrives_DenyRead_Access_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to the Tape Drive removable storage class. + +If you enable this policy setting, read access is denied to this removable storage class. + +If you disable or do not configure this policy setting, read access is allowed to this removable storage class. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Tape Drives: Deny read access* +- GP name: *TapeDrives_DenyRead_Access_2* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + +
+ + +**ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to the Tape Drive removable storage class. + +If you enable this policy setting, write access is denied to this removable storage class. + +If you disable or do not configure this policy setting, write access is allowed to this removable storage class. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Tape Drives: Deny write access* +- GP name: *TapeDrives_DenyWrite_Access_1* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + +
+ + +**ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to the Tape Drive removable storage class. + +If you enable this policy setting, write access is denied to this removable storage class. + +If you disable or do not configure this policy setting, write access is allowed to this removable storage class. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Tape Drives: Deny write access* +- GP name: *TapeDrives_DenyWrite_Access_2* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + +
+ + +**ADMX_RemovableStorage/WPDDevices_DenyRead_Access_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices. + +If you enable this policy setting, read access is denied to this removable storage class. + +If you disable or do not configure this policy setting, read access is allowed to this removable storage class. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *WPD Devices: Deny read access* +- GP name: *WPDDevices_DenyRead_Access_1* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + +
+ + +**ADMX_RemovableStorage/WPDDevices_DenyRead_Access_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting denies read access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices. + +If you enable this policy setting, read access is denied to this removable storage class. + +If you disable or do not configure this policy setting, read access is allowed to this removable storage class. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *WPD Devices: Deny read access* +- GP name: *WPDDevices_DenyRead_Access_2* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + +
+ + +**ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices. + +If you enable this policy setting, write access is denied to this removable storage class. + +If you disable or do not configure this policy setting, write access is allowed to this removable storage class. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *WPD Devices: Deny write access* +- GP name: *WPDDevices_DenyWrite_Access_1* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + +
+ + +**ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting denies write access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices. + +If you enable this policy setting, write access is denied to this removable storage class. + +If you disable or do not configure this policy setting, write access is allowed to this removable storage class. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *WPD Devices: Deny write access* +- GP name: *WPDDevices_DenyWrite_Access_2* +- GP path: *System\Removable Storage Access* +- GP ADMX file name: *RemovableStorage.admx* + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + \ No newline at end of file