deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merged PR 10972: Storage/RemovableDiskDenyWriteAccess - new in Policy CSP

Browse Source
This commit is contained in:
Maricia Alforque 2018-08-28 18:43:26 +00:00
parent 55029e6dd9
commit 336b204248
2 changed files with 238 additions and 164 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -3106,6 +3106,9 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd> <dd>
<a href="./policy-csp-storage.md#storage-enhancedstoragedevices" id="storage-enhancedstoragedevices">Storage/EnhancedStorageDevices</a> <a href="./policy-csp-storage.md#storage-enhancedstoragedevices" id="storage-enhancedstoragedevices">Storage/EnhancedStorageDevices</a>
</dd> </dd>
<dd>
<a href="#./policy-csp-storage.mdstorage-removablediskdenywriteaccess" id="storage-removablediskdenywriteaccess">Storage/RemovableDiskDenyWriteAccess</a>
</dd>
</dl> </dl>
### System policies ### System policies

399
windows/client-management/mdm/policy-csp-storage.md
View File

@ -1,164 +1,235 @@
--- ---
title: Policy CSP - Storage title: Policy CSP - Storage
description: Policy CSP - Storage description: Policy CSP - Storage
ms.author: maricia ms.author: maricia
ms.topic: article ms.topic: article
ms.prod: w10 ms.prod: w10
ms.technology: windows ms.technology: windows
author: MariciaAlforque author: MariciaAlforque
ms.date: 03/12/2018 ms.date: 08/27/2018
--- ---
# Policy CSP - Storage # Policy CSP - Storage
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
<hr/>
<!--Policies--> <hr/>
## Storage policies
<!--Policies-->
<dl> ## Storage policies
<dd>
<a href="#storage-allowdiskhealthmodelupdates">Storage/AllowDiskHealthModelUpdates</a> <dl>
</dd> <dd>
<dd> <a href="#storage-allowdiskhealthmodelupdates">Storage/AllowDiskHealthModelUpdates</a>
<a href="#storage-enhancedstoragedevices">Storage/EnhancedStorageDevices</a> </dd>
</dd> <dd>
</dl> <a href="#storage-enhancedstoragedevices">Storage/EnhancedStorageDevices</a>
</dd>
<dd>
<hr/> <a href="#storage-removablediskdenywriteaccess">Storage/RemovableDiskDenyWriteAccess</a>
</dd>
<!--Policy--> </dl>
<a href="" id="storage-allowdiskhealthmodelupdates"></a>**Storage/AllowDiskHealthModelUpdates**
<!--SupportedSKUs--> <hr/>
<table>
<tr> <!--Policy-->
<th>Home</th> <a href="" id="storage-allowdiskhealthmodelupdates"></a>**Storage/AllowDiskHealthModelUpdates**
<th>Pro</th>
<th>Business</th> <!--SupportedSKUs-->
<th>Enterprise</th> <table>
<th>Education</th> <tr>
<th>Mobile</th> <th>Home</th>
<th>Mobile Enterprise</th> <th>Pro</th>
</tr> <th>Business</th>
<tr> <th>Enterprise</th>
<td><img src="images/crossmark.png" alt="cross mark" /></td> <th>Education</th>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td> <th>Mobile</th>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td> <th>Mobile Enterprise</th>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td> </tr>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td> <tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td> <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
</tr> <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
</table> <td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
<!--/SupportedSKUs--> <td><img src="images/crossmark.png" alt="cross mark" /></td>
<!--Scope--> <td><img src="images/crossmark.png" alt="cross mark" /></td>
[Scope](./policy-configuration-service-provider.md#policy-scope): </tr>
</table>
> [!div class = "checklist"]
> * Device <!--/SupportedSKUs-->
<!--Scope-->
<hr/> [Scope](./policy-configuration-service-provider.md#policy-scope):
<!--/Scope--> > [!div class = "checklist"]
<!--Description--> > * Device
Added in Windows 10, version 1709. Allows disk health model updates.
<hr/>
<!--/Scope-->
Value type is integer. <!--Description-->
Added in Windows 10, version 1709. Allows disk health model updates.
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Allow downloading updates to the Disk Failure Prediction Model* Value type is integer.
- GP name: *SH_AllowDiskHealthModelUpdates*
- GP path: *System/Storage Health* <!--/Description-->
- GP ADMX file name: *StorageHealth.admx* <!--ADMXMapped-->
ADMX Info:
<!--/ADMXMapped--> - GP English name: *Allow downloading updates to the Disk Failure Prediction Model*
<!--SupportedValues--> - GP name: *SH_AllowDiskHealthModelUpdates*
The following list shows the supported values: - GP path: *System/Storage Health*
- GP ADMX file name: *StorageHealth.admx*
- 0 - Do not allow
- 1 (default) - Allow <!--/ADMXMapped-->
<!--SupportedValues-->
<!--/SupportedValues--> The following list shows the supported values:
<!--/Policy-->
- 0 - Do not allow
<hr/> - 1 (default) - Allow
<!--Policy--> <!--/SupportedValues-->
<a href="" id="storage-enhancedstoragedevices"></a>**Storage/EnhancedStorageDevices** <!--/Policy-->
<!--SupportedSKUs--> <hr/>
<table>
<tr> <!--Policy-->
<th>Home</th> <a href="" id="storage-enhancedstoragedevices"></a>**Storage/EnhancedStorageDevices**
<th>Pro</th>
<th>Business</th> <!--SupportedSKUs-->
<th>Enterprise</th> <table>
<th>Education</th> <tr>
<th>Mobile</th> <th>Home</th>
<th>Mobile Enterprise</th> <th>Pro</th>
</tr> <th>Business</th>
<tr> <th>Enterprise</th>
<td><img src="images/crossmark.png" alt="cross mark" /></td> <th>Education</th>
<td><img src="images/checkmark.png" alt="check mark" /></td> <th>Mobile</th>
<td><img src="images/checkmark.png" alt="check mark" /></td> <th>Mobile Enterprise</th>
<td><img src="images/checkmark.png" alt="check mark" /></td> </tr>
<td><img src="images/checkmark.png" alt="check mark" /></td> <tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td> <td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td> <td><img src="images/checkmark.png" alt="check mark" /></td>
</tr> <td><img src="images/checkmark.png" alt="check mark" /></td>
</table> <td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<!--/SupportedSKUs--> <td><img src="images/crossmark.png" alt="cross mark" /></td>
<!--Scope--> <td><img src="images/crossmark.png" alt="cross mark" /></td>
[Scope](./policy-configuration-service-provider.md#policy-scope): </tr>
</table>
> [!div class = "checklist"]
> * Device <!--/SupportedSKUs-->
<!--Scope-->
<hr/> [Scope](./policy-configuration-service-provider.md#policy-scope):
<!--/Scope--> > [!div class = "checklist"]
<!--Description--> > * Device
This policy setting configures whether or not Windows will activate an Enhanced Storage device.
<hr/>
If you enable this policy setting, Windows will not activate unactivated Enhanced Storage devices.
<!--/Scope-->
If you disable or do not configure this policy setting, Windows will activate unactivated Enhanced Storage devices. <!--Description-->
This policy setting configures whether or not Windows will activate an Enhanced Storage device.
<!--/Description-->
> [!TIP] If you enable this policy setting, Windows will not activate unactivated Enhanced Storage devices.
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
If you disable or do not configure this policy setting, Windows will activate unactivated Enhanced Storage devices.
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
<!--/Description-->
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). > [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
<!--ADMXBacked-->
ADMX Info: > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
- GP English name: *Do not allow Windows to activate Enhanced Storage devices*
- GP name: *TCGSecurityActivationDisabled* > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
- GP path: *System/Enhanced Storage Access*
- GP ADMX file name: *enhancedstorage.admx* <!--ADMXBacked-->
ADMX Info:
<!--/ADMXBacked--> - GP English name: *Do not allow Windows to activate Enhanced Storage devices*
<!--/Policy--> - GP name: *TCGSecurityActivationDisabled*
<hr/> - GP path: *System/Enhanced Storage Access*
- GP ADMX file name: *enhancedstorage.admx*
Footnote:
<!--/ADMXBacked-->
- 1 - Added in Windows 10, version 1607. <!--/Policy-->
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709. <hr/>
- 4 - Added in Windows 10, version 1803.
<!--Policy-->
<!--/Policies--> <a href="" id="storage-removablediskdenywriteaccess"></a>**Storage/RemovableDiskDenyWriteAccess**
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td></td>
<td></td>
</tr>
</table>
<!--/SupportedSKUs-->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
If you enable this policy setting, write access is denied to this removable storage class. If you disable or do not configure this policy setting, write access is allowed to this removable storage class. Note: To require that users write data to BitLocker-protected storage, enable the policy setting "Deny write access to drives not protected by BitLocker," which is located in "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives."
Supported values:
- 0 - Disable
- 1 - Enable
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Removable Disks: Deny write access*
- GP name: *RemovableDisks_DenyWrite_Access_2*
- GP element: *RemovableDisks_DenyWrite_Access_2*
- GP path: *System/Removable Storage Access*
- GP ADMX file name: *RemovableStorage.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
Footnote:
- 1 - Added in Windows 10, version 1607.
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
- 4 - Added in Windows 10, version 1803.
- 5 - Added in the next major release of Windows 10.
<!--/Policies-->