deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

add admx_workfolders csp

Browse Source
This commit is contained in:
Aaron Czechowski 2022-12-21 11:53:49 -08:00
parent 0fcca414cc
commit 3f8b8276ba
1 changed files with 186 additions and 157 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

343
windows/client-management/mdm/policy-csp-admx-workfoldersclient.md
View File

@ -1,196 +1,225 @@
--- ---
title: Policy CSP - ADMX_WorkFoldersClient title: ADMX_WorkFoldersClient Policy CSP
description: Policy CSP - ADMX_WorkFoldersClient description: Learn more about the ADMX_WorkFoldersClient Area in Policy CSP
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa ms.author: vinpa
ms.date: 12/21/2022
ms.localizationpriority: medium ms.localizationpriority: medium
ms.topic: article
ms.prod: windows-client ms.prod: windows-client
ms.technology: itpro-manage ms.technology: itpro-manage
author: vinaypamnani-msft ms.topic: reference
ms.date: 09/22/2021
ms.reviewer:
manager: aaroncz
--- ---
<!-- Auto-Generated CSP Document -->
<!-- ADMX_WorkFoldersClient-Begin -->
# Policy CSP - ADMX_WorkFoldersClient # Policy CSP - ADMX_WorkFoldersClient
> [!TIP] > [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md). > Some of these are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
> >
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy). > You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
> >
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). > The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<hr/> <!-- ADMX_WorkFoldersClient-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- ADMX_WorkFoldersClient-Editable-End -->
<!--Policies--> <!-- Pol_MachineEnableWorkFolders-Begin -->
## ADMX_WorkFoldersClient policies ## Pol_MachineEnableWorkFolders
<dl> <!-- Pol_MachineEnableWorkFolders-Applicability-Begin -->
<dd> | Scope | Editions | Applicable OS |
<a href="#admx-workfoldersclient-pol_userenabletokenbroker |:--|:--|:--|
">ADMX_WorkFoldersClient/Pol_UserEnableTokenBroker</a> | :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
</dd> <!-- Pol_MachineEnableWorkFolders-Applicability-End -->
<dd>
<a href="#admx-workfoldersclient-pol_userenableworkfolders">ADMX_WorkFoldersClient/Pol_UserEnableWorkFolders</a>
</dd>
<dd>
<a href="#admx-workfoldersclient-pol_machineenableworkfolders">ADMX_WorkFoldersClient/Pol_MachineEnableWorkFolders</a>
</dd>
</dl>
<!-- Pol_MachineEnableWorkFolders-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/ADMX_WorkFoldersClient/Pol_MachineEnableWorkFolders
```
<!-- Pol_MachineEnableWorkFolders-OmaUri-End -->
<hr/> <!-- Pol_MachineEnableWorkFolders-Description-Begin -->
<!-- Description-Source-ADMX -->
<!--Policy-->
<a href="" id="admx-workfoldersclient-pol_userenabletokenbroker"></a>**ADMX_WorkFoldersClient/Pol_UserEnableTokenBroker**
<!--SupportedSKUs-->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting specifies whether Work Folders should be set up automatically for all users of the affected computer. This policy setting specifies whether Work Folders should be set up automatically for all users of the affected computer.
- If you enable this policy setting, Work Folders will be set up automatically for all users of the affected computer. If you enable this policy setting, Work Folders will be set up automatically for all users of the affected computer. This prevents users from choosing not to use Work Folders on the computer; it also prevents them from manually specifying the local folder in which Work Folders stores files. Work Folders will use the settings specified in the "Specify Work Folders settings" policy setting in User Configuration\Administrative Templates\Windows Components\WorkFolders. If the "Specify Work Folders settings" policy setting does not apply to a user, Work Folders is not automatically set up.
This folder creation prevents users from choosing not to use Work Folders on the computer; it also prevents them from manually specifying the local folder in which Work Folders stores files. Work Folders will use the settings specified in the "Specify Work Folders settings" policy setting in User Configuration\Administrative Templates\Windows Components\WorkFolders. If the "Specify Work Folders settings" policy setting doesn't apply to a user, Work Folders isn't automatically set up. If you disable or do not configure this policy setting, Work Folders uses the "Force automatic setup" option of the "Specify Work Folders settings" policy setting to determine whether to automatically set up Work Folders for a given user.
- If you disable or don't configure this policy setting, Work Folders uses the "Force automatic setup" option of the "Specify Work Folders settings" policy setting to determine whether to automatically set up Work Folders for a given user. <!-- Pol_MachineEnableWorkFolders-Description-End -->
<!-- Pol_MachineEnableWorkFolders-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- Pol_MachineEnableWorkFolders-Editable-End -->
<!--/Description--> <!-- Pol_MachineEnableWorkFolders-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- Pol_MachineEnableWorkFolders-DFProperties-End -->
<!--ADMXBacked--> <!-- Pol_MachineEnableWorkFolders-AdmxBacked-Begin -->
ADMX Info: > [!TIP]
- GP Friendly name: *Force automatic setup for all users* > This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
- GP name: *Pol_UserEnableTokenBroker*
- GP path: *Windows Components\Work Folders*
- GP ADMX file name: *WorkFoldersClient.admx*
<!--/ADMXBacked--> **ADMX mapping**:
<!--/Policy-->
<hr/> | Name | Value |
|:--|:--|
| Name | Pol_MachineEnableWorkFolders |
| Friendly Name | Force automatic setup for all users |
| Location | Computer Configuration |
| Path | Windows Components > Work Folders |
| Registry Key Name | Software\Policies\Microsoft\Windows\WorkFolders |
| Registry Value Name | AutoProvision |
| ADMX File Name | WorkFolders-Client.admx |
<!-- Pol_MachineEnableWorkFolders-AdmxBacked-End -->
<!--Policy--> <!-- Pol_MachineEnableWorkFolders-Examples-Begin -->
<a href="" id="admx-workfoldersclient-pol_userenableworkfolders"></a>**ADMX_WorkFoldersClient/Pol_UserEnableWorkFolders** <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Pol_MachineEnableWorkFolders-Examples-End -->
<!--SupportedSKUs--> <!-- Pol_MachineEnableWorkFolders-End -->
|Edition|Windows 10|Windows 11| <!-- Pol_UserEnableTokenBroker-Begin -->
|--- |--- |--- | ## Pol_UserEnableTokenBroker
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs--> <!-- Pol_UserEnableTokenBroker-Applicability-Begin -->
<hr/> | Scope | Editions | Applicable OS |
|:--|:--|:--|
| :x: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- Pol_UserEnableTokenBroker-Applicability-End -->
<!--Scope--> <!-- Pol_UserEnableTokenBroker-OmaUri-Begin -->
[Scope](./policy-configuration-service-provider.md#policy-scope): ```User
./User/Vendor/MSFT/Policy/Config/ADMX_WorkFoldersClient/Pol_UserEnableTokenBroker
```
<!-- Pol_UserEnableTokenBroker-OmaUri-End -->
> [!div class = "checklist"] <!-- Pol_UserEnableTokenBroker-Description-Begin -->
> * User <!-- Description-Source-ADMX -->
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting specifies the Work Folders server for affected users, and whether or not users are allowed to change settings when setting up Work Folders on a domain-joined computer.
- If you enable this policy setting, affected users receive Work Folders settings when they sign in to a domain-joined PC.
If this policy setting is disabled or not configured, no Work Folders settings are specified for the affected users, though users can manually set up Work Folders by using the Work Folders Control Panel item. The "Work Folders URL" can specify either the URL used by the organization for Work Folders discovery, or the specific URL of the file server that stores the affected users' data. The "Work Folders Local Path" specifies the local folder used on the client machine to sync files. This path may contain environment variables.
> [!NOTE]
> In order for this configuration to take effect, a valid 'Work Folders URL' must also be specified.
The “On-demand file access preference” option controls whether to enable on-demand file access. When enabled, the user controls which files in Work Folders are available offline on a given PC. The rest of the files in Work Folders are always visible and dont take up any space on the PC, but the user must be connected to the Internet to access them. If you enable this policy setting, on-demand file access is enabled.
- If you disable this policy setting, on-demand file access is disabled, and enough storage space to store all the users files is required on each of their PCs.
If you specify User choice or don't configure this policy setting, the user decides whether to enable on-demand file access. However, if the Force automatic setup policy setting is enabled, Work Folders is set up automatically with on-demand file access enabled.
The "Force automatic setup" option specifies that Work Folders should be set up automatically without prompting users. This automatic setup prevents users from choosing not to use Work Folders on the computer; it also prevents them from manually specifying the local folder in which Work Folders stores files. By default, Work Folders is stored in the "%USERPROFILE%\Work Folders" folder. If this option isn't specified, users must use the Work Folders Control Panel item on their computers to set up Work Folders.
<!--/Description-->
<!--ADMXBacked-->
ADMX Info:
- GP Friendly name: *Specify Work Folders settings*
- GP name: *Pol_UserEnableWorkFolders*
- GP path: *Windows Components\Work Folders*
- GP ADMX file name: *WorkFoldersClient.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-workfoldersclient-pol_machineenableworkfolders"></a>**ADMX_WorkFoldersClient/Pol_MachineEnableWorkFolders**
<!--SupportedSKUs-->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * User
<hr/>
<!--/Scope-->
<!--Description-->
This policy specifies whether Work Folders should use Token Broker for interactive AD FS authentication instead of its own OAuth2 token flow used in previous versions. This policy specifies whether Work Folders should use Token Broker for interactive AD FS authentication instead of its own OAuth2 token flow used in previous versions.
<!-- Pol_UserEnableTokenBroker-Description-End -->
<!--/Description--> <!-- Pol_UserEnableTokenBroker-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- Pol_UserEnableTokenBroker-Editable-End -->
<!-- Pol_UserEnableTokenBroker-DFProperties-Begin -->
**Description framework properties**:
<!--ADMXBacked--> | Property name | Property value |
ADMX Info: |:--|:--|
- GP Friendly name: *Enables the use of Token Broker for AD FS authentication* | Format | chr (string) |
- GP name: *Pol_MachineEnableWorkFolders* | Access Type | Add, Delete, Get, Replace |
- GP path: *Windows Components\Work Folders* <!-- Pol_UserEnableTokenBroker-DFProperties-End -->
- GP ADMX file name: *WorkFoldersClient.admx*
<!--/ADMXBacked--> <!-- Pol_UserEnableTokenBroker-AdmxBacked-Begin -->
<!--/Policy--> > [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
**ADMX mapping**:
<!--/Policies--> | Name | Value |
|:--|:--|
| Name | Pol_UserEnableTokenBroker |
| Friendly Name | Enables the use of Token Broker for AD FS authentication |
| Location | User Configuration |
| Path | Windows Components > Work Folders |
| Registry Key Name | Software\Policies\Microsoft\Windows\WorkFolders |
| Registry Value Name | EnableTokenBroker |
| ADMX File Name | WorkFolders-Client.admx |
<!-- Pol_UserEnableTokenBroker-AdmxBacked-End -->
<!-- Pol_UserEnableTokenBroker-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Pol_UserEnableTokenBroker-Examples-End -->
<!-- Pol_UserEnableTokenBroker-End -->
<!-- Pol_UserEnableWorkFolders-Begin -->
## Pol_UserEnableWorkFolders
<!-- Pol_UserEnableWorkFolders-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :x: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 2004 [10.0.19041.1202] and later <br> :heavy_check_mark: Windows 10, version 2009 [10.0.19042.1202] and later <br> :heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1202] and later <br> :heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
<!-- Pol_UserEnableWorkFolders-Applicability-End -->
<!-- Pol_UserEnableWorkFolders-OmaUri-Begin -->
```User
./User/Vendor/MSFT/Policy/Config/ADMX_WorkFoldersClient/Pol_UserEnableWorkFolders
```
<!-- Pol_UserEnableWorkFolders-OmaUri-End -->
<!-- Pol_UserEnableWorkFolders-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting specifies the Work Folders server for affected users, as well as whether or not users are allowed to change settings when setting up Work Folders on a domain-joined computer.
If you enable this policy setting, affected users receive Work Folders settings when they sign in to a domain-joined PC. If this policy setting is disabled or not configured, no Work Folders settings are specified for the affected users, though users can manually set up Work Folders by using the Work Folders Control Panel item.
The "Work Folders URL" can specify either the URL used by the organization for Work Folders discovery, or the specific URL of the file server that stores the affected users' data.
The "Work Folders Local Path" specifies the local folder used on the client machine to sync files. This path may contain environment variables.
**Note**: In order for this configuration to take effect, a valid 'Work Folders URL' must also be specified.
The “On-demand file access preference” option controls whether to enable on-demand file access. When enabled, the user controls which files in Work Folders are available offline on a given PC. The rest of the files in Work Folders are always visible and dont take up any space on the PC, but the user must be connected to the Internet to access them.
If you enable this policy setting, on-demand file access is enabled.
If you disable this policy setting, on-demand file access is disabled, and enough storage space to store all the users files is required on each of their PCs.
If you specify User choice or do not configure this policy setting, the user decides whether to enable on-demand file access. However, if the Force automatic setup policy setting is enabled, Work Folders is set up automatically with on-demand file access enabled.
The "Force automatic setup" option specifies that Work Folders should be set up automatically without prompting users. This prevents users from choosing not to use Work Folders on the computer; it also prevents them from manually specifying the local folder in which Work Folders stores files. By default, Work Folders is stored in the "%USERPROFILE%\Work Folders" folder. If this option is not specified, users must use the Work Folders Control Panel item on their computers to set up Work Folders.
<!-- Pol_UserEnableWorkFolders-Description-End -->
<!-- Pol_UserEnableWorkFolders-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- Pol_UserEnableWorkFolders-Editable-End -->
<!-- Pol_UserEnableWorkFolders-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- Pol_UserEnableWorkFolders-DFProperties-End -->
<!-- Pol_UserEnableWorkFolders-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
**ADMX mapping**:
| Name | Value |
|:--|:--|
| Name | Pol_UserEnableWorkFolders |
| Friendly Name | Specify Work Folders settings |
| Location | User Configuration |
| Path | Windows Components > Work Folders |
| Registry Key Name | Software\Policies\Microsoft\Windows\WorkFolders |
| ADMX File Name | WorkFolders-Client.admx |
<!-- Pol_UserEnableWorkFolders-AdmxBacked-End -->
<!-- Pol_UserEnableWorkFolders-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- Pol_UserEnableWorkFolders-Examples-End -->
<!-- Pol_UserEnableWorkFolders-End -->
<!-- ADMX_WorkFoldersClient-CspMoreInfo-Begin -->
<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
<!-- ADMX_WorkFoldersClient-CspMoreInfo-End -->
<!-- ADMX_WorkFoldersClient-End -->
## Related articles
[Policy configuration service provider](policy-configuration-service-provider.md)