deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

sdiageng sdiagschd securitycenter

Browse Source
This commit is contained in:
Liz Long 2023-01-05 09:39:18 -05:00
parent cd5b6f0258
commit 3990c9962f
3 changed files with 314 additions and 258 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

295
windows/client-management/mdm/policy-csp-admx-sdiageng.md
View File

@ -1,191 +1,220 @@
--- ---
title: Policy CSP - ADMX_sdiageng title: ADMX_sdiageng Policy CSP
description: Learn about Policy CSP - ADMX_sdiageng. description: Learn more about the ADMX_sdiageng Area in Policy CSP
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa ms.author: vinpa
ms.date: 01/05/2023
ms.localizationpriority: medium ms.localizationpriority: medium
ms.topic: article
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-manage ms.technology: itpro-manage
author: vinaypamnani-msft ms.topic: reference
ms.date: 09/18/2020
ms.reviewer:
manager: aaroncz
--- ---
<!-- Auto-Generated CSP Document -->
<!-- ADMX_sdiageng-Begin -->
# Policy CSP - ADMX_sdiageng # Policy CSP - ADMX_sdiageng
> [!TIP] > [!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). > Some of these are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
> >
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
> >
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<hr/> <!-- ADMX_sdiageng-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- ADMX_sdiageng-Editable-End -->
<!--Policies--> <!-- BetterWhenConnected-Begin -->
## ADMX_sdiageng policies ## BetterWhenConnected
<dl> <!-- BetterWhenConnected-Applicability-Begin -->
<dd> | Scope | Editions | Applicable OS |
<a href="#admx-sdiageng-betterwhenconnected">ADMX_sdiageng/BetterWhenConnected</a> |:--|:--|:--|
</dd> | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<dd> <!-- BetterWhenConnected-Applicability-End -->
<a href="#admx-sdiageng-scripteddiagnosticsexecutionpolicy">ADMX_sdiageng/ScriptedDiagnosticsExecutionPolicy</a>
</dd>
<dd>
<a href="#admx-sdiageng-scripteddiagnosticssecuritypolicy">ADMX_sdiageng/ScriptedDiagnosticsSecurityPolicy</a>
</dd>
</dl>
<!-- BetterWhenConnected-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_sdiageng/BetterWhenConnected
```
<!-- BetterWhenConnected-OmaUri-End -->
<hr/> <!-- BetterWhenConnected-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting allows users who are connected to the Internet to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking "Yes" when they are prompted by a message that states, "Do you want the most up-to-date troubleshooting content?"
<!--Policy--> If you enable or do not configure this policy setting, users who are connected to the Internet can access and search troubleshooting content that is hosted on Microsoft content servers from within the Troubleshooting Control Panel user interface.
<a href="" id="admx-sdiageng-betterwhenconnected"></a>**ADMX_sdiageng/BetterWhenConnected**
<!--SupportedSKUs-->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting allows Internet-connected users to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking "Yes" when they are prompted by a message that states, "Do you want the most up-to-date troubleshooting content?"
If you enable or don't configure this policy setting, users who are connected to the Internet can access and search troubleshooting content that is hosted on Microsoft content servers from within the Troubleshooting Control Panel user interface.
If you disable this policy setting, users can only access and search troubleshooting content that is available locally on their computers, even if they are connected to the Internet. They are prevented from connecting to the Microsoft servers that host the Windows Online Troubleshooting Service. If you disable this policy setting, users can only access and search troubleshooting content that is available locally on their computers, even if they are connected to the Internet. They are prevented from connecting to the Microsoft servers that host the Windows Online Troubleshooting Service.
<!-- BetterWhenConnected-Description-End -->
<!--/Description--> <!-- BetterWhenConnected-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- BetterWhenConnected-Editable-End -->
<!-- BetterWhenConnected-DFProperties-Begin -->
**Description framework properties**:
<!--ADMXBacked--> | Property name | Property value |
ADMX Info: |:--|:--|
- GP Friendly name: *Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS)* | Format | chr (string) |
- GP name: *BetterWhenConnected* | Access Type | Add, Delete, Get, Replace |
- GP path: *System\Troubleshooting and Diagnostics\Scripted Diagnostics* <!-- BetterWhenConnected-DFProperties-End -->
- GP ADMX file name: *sdiageng.admx*
<!--/ADMXBacked--> <!-- BetterWhenConnected-AdmxBacked-Begin -->
<!--/Policy--> > [!TIP]
<hr/> > This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
<!--Policy--> **ADMX mapping**:
<a href="" id="admx-sdiageng-scripteddiagnosticsexecutionpolicy"></a>**ADMX_sdiageng/ScriptedDiagnosticsExecutionPolicy**
<!--SupportedSKUs--> | Name | Value |
|:--|:--|
| Name | BetterWhenConnected |
| Friendly Name | Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS) |
| Location | Computer Configuration |
| Path | System > Troubleshooting and Diagnostics > Scripted Diagnostics |
| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy |
| Registry Value Name | EnableQueryRemoteServer |
| ADMX File Name | sdiageng.admx |
<!-- BetterWhenConnected-AdmxBacked-End -->
|Edition|Windows 10|Windows 11| <!-- BetterWhenConnected-Examples-Begin -->
|--- |--- |--- | <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
|Home|No|No| <!-- BetterWhenConnected-Examples-End -->
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs--> <!-- BetterWhenConnected-End -->
<hr/>
<!--Scope--> <!-- ScriptedDiagnosticsExecutionPolicy-Begin -->
[Scope](./policy-configuration-service-provider.md#policy-scope): ## ScriptedDiagnosticsExecutionPolicy
> [!div class = "checklist"] <!-- ScriptedDiagnosticsExecutionPolicy-Applicability-Begin -->
> * Device | Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- ScriptedDiagnosticsExecutionPolicy-Applicability-End -->
<hr/> <!-- ScriptedDiagnosticsExecutionPolicy-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_sdiageng/ScriptedDiagnosticsExecutionPolicy
```
<!-- ScriptedDiagnosticsExecutionPolicy-OmaUri-End -->
<!--/Scope--> <!-- ScriptedDiagnosticsExecutionPolicy-Description-Begin -->
<!--Description--> <!-- Description-Source-ADMX -->
This policy setting allows users to access and run the troubleshooting tools that are available in the Troubleshooting Control Panel and to run the troubleshooting wizard to troubleshoot problems on their computers. This policy setting allows users to access and run the troubleshooting tools that are available in the Troubleshooting Control Panel and to run the troubleshooting wizard to troubleshoot problems on their computers.
If you enable or don't configure this policy setting, users can access and run the troubleshooting tools from the Troubleshooting Control Panel. If you enable or do not configure this policy setting, users can access and run the troubleshooting tools from the Troubleshooting Control Panel.
If this policy setting is disabled, the users cannot access or run the troubleshooting tools from the Control Panel. If you disable this policy setting, users cannot access or run the troubleshooting tools from the Control Panel.
>[!NOTE] Note that this setting also controls a user's ability to launch standalone troubleshooting packs such as those found in .diagcab files.
>This setting also controls a user's ability to launch standalone troubleshooting packs such as those found in .diagcab files. <!-- ScriptedDiagnosticsExecutionPolicy-Description-End -->
<!--/Description--> <!-- ScriptedDiagnosticsExecutionPolicy-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- ScriptedDiagnosticsExecutionPolicy-Editable-End -->
<!-- ScriptedDiagnosticsExecutionPolicy-DFProperties-Begin -->
**Description framework properties**:
<!--ADMXBacked--> | Property name | Property value |
ADMX Info: |:--|:--|
- GP Friendly name: *Troubleshooting: Allow users to access and run Troubleshooting Wizards* | Format | chr (string) |
- GP name: *ScriptedDiagnosticsExecutionPolicy* | Access Type | Add, Delete, Get, Replace |
- GP path: *System\Troubleshooting and Diagnostics\Scripted Diagnostics* <!-- ScriptedDiagnosticsExecutionPolicy-DFProperties-End -->
- GP ADMX file name: *sdiageng.admx*
<!--/ADMXBacked--> <!-- ScriptedDiagnosticsExecutionPolicy-AdmxBacked-Begin -->
<!--/Policy--> > [!TIP]
<hr/> > This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
<!--Policy--> **ADMX mapping**:
<a href="" id="admx-sdiageng-scripteddiagnosticssecuritypolicy"></a>**ADMX_sdiageng/ScriptedDiagnosticsSecurityPolicy**
<!--SupportedSKUs--> | Name | Value |
|:--|:--|
| Name | ScriptedDiagnosticsExecutionPolicy |
| Friendly Name | Troubleshooting: Allow users to access and run Troubleshooting Wizards |
| Location | Computer Configuration |
| Path | System > Troubleshooting and Diagnostics > Scripted Diagnostics |
| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnostics |
| Registry Value Name | EnableDiagnostics |
| ADMX File Name | sdiageng.admx |
<!-- ScriptedDiagnosticsExecutionPolicy-AdmxBacked-End -->
|Edition|Windows 10|Windows 11| <!-- ScriptedDiagnosticsExecutionPolicy-Examples-Begin -->
|--- |--- |--- | <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
|Home|No|No| <!-- ScriptedDiagnosticsExecutionPolicy-Examples-End -->
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs--> <!-- ScriptedDiagnosticsExecutionPolicy-End -->
<hr/>
<!--Scope--> <!-- ScriptedDiagnosticsSecurityPolicy-Begin -->
[Scope](./policy-configuration-service-provider.md#policy-scope): ## ScriptedDiagnosticsSecurityPolicy
> [!div class = "checklist"] <!-- ScriptedDiagnosticsSecurityPolicy-Applicability-Begin -->
> * Device | Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- ScriptedDiagnosticsSecurityPolicy-Applicability-End -->
<hr/> <!-- ScriptedDiagnosticsSecurityPolicy-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_sdiageng/ScriptedDiagnosticsSecurityPolicy
```
<!-- ScriptedDiagnosticsSecurityPolicy-OmaUri-End -->
<!--/Scope--> <!-- ScriptedDiagnosticsSecurityPolicy-Description-Begin -->
<!--Description--> <!-- Description-Source-ADMX -->
This policy setting determines whether scripted diagnostics will execute diagnostic packages that are signed by untrusted publishers. This policy setting determines whether scripted diagnostics will execute diagnostic packages that are signed by untrusted publishers.
If you enable this policy setting, the scripted diagnostics execution engine validates the signer of any diagnostic package and runs only those signed by trusted publishers. If you enable this policy setting, the scripted diagnostics execution engine validates the signer of any diagnostic package and runs only those signed by trusted publishers.
If you disable or don't configure this policy setting, the scripted diagnostics execution engine runs all digitally signed packages. If you disable or do not configure this policy setting, the scripted diagnostics execution engine runs all digitally signed packages.
<!-- ScriptedDiagnosticsSecurityPolicy-Description-End -->
<!--/Description--> <!-- ScriptedDiagnosticsSecurityPolicy-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- ScriptedDiagnosticsSecurityPolicy-Editable-End -->
<!-- ScriptedDiagnosticsSecurityPolicy-DFProperties-Begin -->
**Description framework properties**:
<!--ADMXBacked--> | Property name | Property value |
ADMX Info: |:--|:--|
- GP Friendly name: *Configure Security Policy for Scripted Diagnostics* | Format | chr (string) |
- GP name: *ScriptedDiagnosticsSecurityPolicy* | Access Type | Add, Delete, Get, Replace |
- GP path: *System\Troubleshooting and Diagnostics\Scripted Diagnostics* <!-- ScriptedDiagnosticsSecurityPolicy-DFProperties-End -->
- GP ADMX file name: *sdiageng.admx*
<!--/ADMXBacked--> <!-- ScriptedDiagnosticsSecurityPolicy-AdmxBacked-Begin -->
<!--/Policy--> > [!TIP]
<hr/> > This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
**ADMX mapping**:
<!--/Policies--> | Name | Value |
## Related topics |:--|:--|
| Name | ScriptedDiagnosticsSecurityPolicy |
| Friendly Name | Configure Security Policy for Scripted Diagnostics |
| Location | Computer Configuration |
| Path | System > Troubleshooting and Diagnostics > Scripted Diagnostics |
| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnostics |
| Registry Value Name | ValidateTrust |
| ADMX File Name | sdiageng.admx |
<!-- ScriptedDiagnosticsSecurityPolicy-AdmxBacked-End -->
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) <!-- ScriptedDiagnosticsSecurityPolicy-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- ScriptedDiagnosticsSecurityPolicy-Examples-End -->
<!-- ScriptedDiagnosticsSecurityPolicy-End -->
<!-- ADMX_sdiageng-CspMoreInfo-Begin -->
<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
<!-- ADMX_sdiageng-CspMoreInfo-End -->
<!-- ADMX_sdiageng-End -->
## Related articles
[Policy configuration service provider](policy-configuration-service-provider.md)

132
windows/client-management/mdm/policy-csp-admx-sdiagschd.md
View File

@ -1,94 +1,106 @@
--- ---
title: Policy CSP - ADMX_sdiagschd title: ADMX_sdiagschd Policy CSP
description: Learn about Policy CSP - ADMX_sdiagschd. description: Learn more about the ADMX_sdiagschd Area in Policy CSP
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa ms.author: vinpa
ms.date: 01/05/2023
ms.localizationpriority: medium ms.localizationpriority: medium
ms.topic: article
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-manage ms.technology: itpro-manage
author: vinaypamnani-msft ms.topic: reference
ms.date: 09/17/2020
ms.reviewer:
manager: aaroncz
--- ---
<!-- Auto-Generated CSP Document -->
<!-- ADMX_sdiagschd-Begin -->
# Policy CSP - ADMX_sdiagschd # Policy CSP - ADMX_sdiagschd
<hr/>
<!--Policies-->
## ADMX_sdiagschd policies
> [!TIP] > [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). > Some of these are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
> >
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
> >
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<dl> <!-- ADMX_sdiagschd-Editable-Begin -->
<dd> <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<a href="#admx-sdiagschd-scheduleddiagnosticsexecutionpolicy">ADMX_sdiagschd/ScheduledDiagnosticsExecutionPolicy</a> <!-- ADMX_sdiagschd-Editable-End -->
</dd>
</dl>
<!-- ScheduledDiagnosticsExecutionPolicy-Begin -->
## ScheduledDiagnosticsExecutionPolicy
<hr/> <!-- ScheduledDiagnosticsExecutionPolicy-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- ScheduledDiagnosticsExecutionPolicy-Applicability-End -->
<!--Policy--> <!-- ScheduledDiagnosticsExecutionPolicy-OmaUri-Begin -->
<a href="" id="admx-sdiagschd-scheduleddiagnosticsexecutionpolicy"></a>**ADMX_sdiagschd/ScheduledDiagnosticsExecutionPolicy** ```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_sdiagschd/ScheduledDiagnosticsExecutionPolicy
```
<!-- ScheduledDiagnosticsExecutionPolicy-OmaUri-End -->
<!--SupportedSKUs--> <!-- ScheduledDiagnosticsExecutionPolicy-Description-Begin -->
<!-- Description-Source-ADMX -->
Determines whether scheduled diagnostics will run to proactively detect and resolve system problems.
|Edition|Windows 10|Windows 11| If you enable this policy setting, you must choose an execution level. If you choose detection and troubleshooting only, Windows will periodically detect and troubleshoot problems. The user will be notified of the problem for interactive resolution.
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs--> If you choose detection, troubleshooting and resolution, Windows will resolve some of these problems silently without requiring user input.
<hr/>
<!--Scope--> If you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve problems on a scheduled basis.
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"] If you do not configure this policy setting, local troubleshooting preferences will take precedence, as configured in the control panel. If no local troubleshooting preference is configured, scheduled diagnostics are enabled for detection, troubleshooting and resolution by default.
> * Device
<hr/> No reboots or service restarts are required for this policy to take effect: changes take effect immediately.
<!--/Scope--> This policy setting will only take effect when the Task Scheduler service is in the running state. When the service is stopped or disabled, scheduled diagnostics will not be executed. The Task Scheduler service can be configured with the Services snap-in to the Microsoft Management Console.
<!--Description--> <!-- ScheduledDiagnosticsExecutionPolicy-Description-End -->
This policy determines whether scheduled diagnostics will run to proactively detect and resolve system problems.
If you enable this policy setting, you must choose an execution level from the following: <!-- ScheduledDiagnosticsExecutionPolicy-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- ScheduledDiagnosticsExecutionPolicy-Editable-End -->
- If you choose detection and troubleshooting only, Windows will periodically detect and troubleshoot problems. The user will be notified of the problem for interactive resolution. <!-- ScheduledDiagnosticsExecutionPolicy-DFProperties-Begin -->
- If you choose detection, troubleshooting and resolution, Windows will resolve some of these problems silently without requiring user input. **Description framework properties**:
If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve problems on a scheduled basis. | Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- ScheduledDiagnosticsExecutionPolicy-DFProperties-End -->
If you don't configure this policy setting, local troubleshooting preferences will take precedence, as configured in the control panel. If no local troubleshooting preference is configured, scheduled diagnostics are enabled for detection, troubleshooting and resolution by default. No reboots or service restarts are required for this policy to take effect: changes take effect immediately. This policy setting will only take effect when the Task Scheduler service is in the running state. When the service is stopped or disabled, scheduled diagnostics won't be executed. The Task Scheduler service can be configured with the Services snap-in to the Microsoft Management Console. <!-- ScheduledDiagnosticsExecutionPolicy-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
<!--/Description--> **ADMX mapping**:
<!--ADMXBacked--> | Name | Value |
ADMX Info: |:--|:--|
- GP Friendly name: *Configure Scheduled Maintenance Behavior* | Name | ScheduledDiagnosticsExecutionPolicy |
- GP name: *ScheduledDiagnosticsExecutionPolicy* | Friendly Name | Configure Scheduled Maintenance Behavior |
- GP path: *System\Troubleshooting and Diagnostics\Scheduled Maintenance* | Location | Computer Configuration |
- GP ADMX file name: *sdiagschd.admx* | Path | System > Troubleshooting and Diagnostics > Scheduled Maintenance |
| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\ScheduledDiagnostics |
| Registry Value Name | EnabledExecution |
| ADMX File Name | sdiagschd.admx |
<!-- ScheduledDiagnosticsExecutionPolicy-AdmxBacked-End -->
<!--/ADMXBacked--> <!-- ScheduledDiagnosticsExecutionPolicy-Examples-Begin -->
<!--/Policy--> <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<hr/> <!-- ScheduledDiagnosticsExecutionPolicy-Examples-End -->
<!-- ScheduledDiagnosticsExecutionPolicy-End -->
<!--/Policies--> <!-- ADMX_sdiagschd-CspMoreInfo-Begin -->
<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
<!-- ADMX_sdiagschd-CspMoreInfo-End -->
## Related topics <!-- ADMX_sdiagschd-End -->
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) ## Related articles
[Policy configuration service provider](policy-configuration-service-provider.md)

145
windows/client-management/mdm/policy-csp-admx-securitycenter.md
View File

@ -1,97 +1,112 @@
--- ---
title: Policy CSP - ADMX_Securitycenter title: ADMX_Securitycenter Policy CSP
description: Learn about Policy CSP - ADMX_Securitycenter. description: Learn more about the ADMX_Securitycenter Area in Policy CSP
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa ms.author: vinpa
ms.date: 01/05/2023
ms.localizationpriority: medium ms.localizationpriority: medium
ms.topic: article
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-manage ms.technology: itpro-manage
author: vinaypamnani-msft ms.topic: reference
ms.date: 09/18/2020
ms.reviewer:
manager: aaroncz
--- ---
<!-- Auto-Generated CSP Document -->
<!-- ADMX_Securitycenter-Begin -->
# Policy CSP - ADMX_Securitycenter # Policy CSP - ADMX_Securitycenter
> [!TIP] > [!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). > Some of these are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
> >
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
> >
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<hr/> <!-- ADMX_Securitycenter-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- ADMX_Securitycenter-Editable-End -->
<!--Policies--> <!-- SecurityCenter_SecurityCenterInDomain-Begin -->
## ADMX_Securitycenter policies ## SecurityCenter_SecurityCenterInDomain
<dl> <!-- SecurityCenter_SecurityCenterInDomain-Applicability-Begin -->
<dd> | Scope | Editions | Applicable OS |
<a href="#admx-securitycenter-securitycenter-securitycenterindomain">ADMX_Securitycenter/SecurityCenter_SecurityCenterInDomain</a> |:--|:--|:--|
</dd> | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
</dl> <!-- SecurityCenter_SecurityCenterInDomain-Applicability-End -->
<!-- SecurityCenter_SecurityCenterInDomain-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_Securitycenter/SecurityCenter_SecurityCenterInDomain
```
<!-- SecurityCenter_SecurityCenterInDomain-OmaUri-End -->
<hr/> <!-- SecurityCenter_SecurityCenterInDomain-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on, it monitors essential security settings and notifies the user when the computer might be at risk. The Security Center Control Panel category view also contains a status section, where the user can get recommendations to help increase the computer's security. When Security Center is not enabled on the domain, neither the notifications nor the Security Center status section are displayed.
<!--Policy--> Note that Security Center can only be turned off for computers that are joined to a Windows domain. When a computer is not joined to a Windows domain, the policy setting will have no effect.
<a href="" id="admx-securitycenter-securitycenter-securitycenterindomain"></a>**ADMX_Securitycenter/SecurityCenter_SecurityCenterInDomain**
<!--SupportedSKUs--> If you do not congifure this policy setting, the Security Center is turned off for domain members.
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on, it monitors essential security settings and notifies the user when the computer might be at risk.
The Security Center Control Panel category view also contains a status section, where the user can get recommendations to help increase the computer's security. When Security Center isn't enabled on the domain, the notifications and the Security Center status section aren't displayed.
Security Center can only be turned off for computers that are joined to a Windows domain. When a computer isn't joined to a Windows domain, the policy setting will have no effect.
If you don't configure this policy setting, the Security Center is turned off for domain members.
If you enable this policy setting, Security Center is turned on for all users. If you enable this policy setting, Security Center is turned on for all users.
If you disable this policy setting, Security Center is turned off for domain members. If you disable this policy setting, Security Center is turned off for domain members.
Windows XP SP2
----------------------
In Windows XP SP2, the essential security settings that are monitored by Security Center include firewall, antivirus, and Automatic Updates.
<!--/Description--> **Note** that Security Center might not be available following a change to this policy setting until after the computer is restarted for Windows XP SP2 computers.
Windows Vista
---------------------
In Windows Vista, this policy setting monitors essential security settings to include firewall, antivirus, antispyware, Internet security settings, User Account Control, and Automatic Updates. Windows Vista computers do not require a reboot for this policy setting to take effect.
<!-- SecurityCenter_SecurityCenterInDomain-Description-End -->
<!--ADMXBacked--> <!-- SecurityCenter_SecurityCenterInDomain-Editable-Begin -->
ADMX Info: <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
- GP Friendly name: *Turn on Security Center (Domain PCs only)* <!-- SecurityCenter_SecurityCenterInDomain-Editable-End -->
- GP name: *SecurityCenter_SecurityCenterInDomain*
- GP path: *Windows Components\Security Center*
- GP ADMX file name: *Securitycenter.admx*
<!--/ADMXBacked--> <!-- SecurityCenter_SecurityCenterInDomain-DFProperties-Begin -->
<!--/Policy--> **Description framework properties**:
<hr/>
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- SecurityCenter_SecurityCenterInDomain-DFProperties-End -->
<!-- SecurityCenter_SecurityCenterInDomain-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
<!--/Policies--> **ADMX mapping**:
## Related topics | Name | Value |
|:--|:--|
| Name | SecurityCenter_SecurityCenterInDomain |
| Friendly Name | Turn on Security Center (Domain PCs only) |
| Location | Computer Configuration |
| Path | Windows Components > Security Center |
| Registry Key Name | Software\Policies\Microsoft\Windows NT\Security Center |
| Registry Value Name | SecurityCenterInDomain |
| ADMX File Name | Securitycenter.admx |
<!-- SecurityCenter_SecurityCenterInDomain-AdmxBacked-End -->
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) <!-- SecurityCenter_SecurityCenterInDomain-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- SecurityCenter_SecurityCenterInDomain-Examples-End -->
<!-- SecurityCenter_SecurityCenterInDomain-End -->
<!-- ADMX_Securitycenter-CspMoreInfo-Begin -->
<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
<!-- ADMX_Securitycenter-CspMoreInfo-End -->
<!-- ADMX_Securitycenter-End -->
## Related articles
[Policy configuration service provider](policy-configuration-service-provider.md)