deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merging changes synced from https://github.com/MicrosoftDocs/windows-docs-pr (branch live)

Browse Source
This commit is contained in:
dstrome 2020-10-06 23:52:13 +00:00
commit 4fe1ac4d7e
35 changed files with 372 additions and 332 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
View File

@ -97,7 +97,7 @@ For information about supported cipher suites, see [Cipher Suites in TLS/SSL (Sc
<!--ADMXBacked-->
ADMX Info:
- GP English name: *SSL Cipher Suite Order*
- GP name: *Functions*
- GP name: *SSLCipherSuiteOrder*
- GP path: *Network/SSL Configuration Settings*
- GP ADMX file name: *CipherSuiteOrder.admx*
@ -180,7 +180,7 @@ CertUtil.exe -DisplayEccCurve
<!--ADMXBacked-->
ADMX Info:
- GP English name: *ECC Curve Order*
- GP name: *EccCurves*
- GP name: *SSLCurveOrder*
- GP path: *Network/SSL Configuration Settings*
- GP ADMX file name: *CipherSuiteOrder.admx*

4
windows/client-management/mdm/policy-csp-admx-com.md
View File

@ -99,7 +99,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Download missing COM components*
- GP name: *COMClassStore*
- GP name: *AppMgmt_COM_SearchForCLSID_1*
- GP path: *System*
- GP ADMX file name: *COM.admx*
@ -174,7 +174,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Download missing COM components*
- GP name: *COMClassStore*
- GP name: *AppMgmt_COM_SearchForCLSID_2*
- GP path: *System*
- GP ADMX file name: *COM.admx*

4
windows/client-management/mdm/policy-csp-admx-digitallocker.md
View File

@ -96,7 +96,7 @@ If you disable or do not configure this setting, Digital Locker can be run.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Do not allow Digital Locker to run*
- GP name: *DoNotRunDigitalLocker*
- GP name: *Digitalx_DiableApplication_TitleText_1*
- GP path: *Windows Components/Digital Locker*
- GP ADMX file name: *DigitalLocker.admx*
@ -167,7 +167,7 @@ If you disable or do not configure this setting, Digital Locker can be run.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Do not allow Digital Locker to run*
- GP name: *DoNotRunDigitalLocker*
- GP name: *Digitalx_DiableApplication_TitleText_2*
- GP path: *Windows Components/Digital Locker*
- GP ADMX file name: *DigitalLocker.admx*

12
windows/client-management/mdm/policy-csp-admx-dwm.md
View File

@ -109,7 +109,7 @@ If you disable or do not configure this policy setting, the default internal col
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify a default color*
- GP name: *DefaultColorizationColorState*
- GP name: *DwmDefaultColorizationColor_1*
- GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring*
- GP ADMX file name: *DWM.admx*
@ -182,7 +182,7 @@ If you disable or do not configure this policy setting, the default internal col
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify a default color*
- GP name: *DefaultColorizationColorState*
- GP name: *DwmDefaultColorizationColor_2*
- GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring*
- GP ADMX file name: *DWM.admx*
@ -253,7 +253,7 @@ Changing this policy setting requires a logoff for it to be applied.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Do not allow window animations*
- GP name: *DisallowAnimations*
- GP name: *DwmDisallowAnimations_1*
- GP path: *Windows Components/Desktop Window Manager*
- GP ADMX file name: *DWM.admx*
@ -324,7 +324,7 @@ Changing this policy setting requires a logoff for it to be applied.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Do not allow window animations*
- GP name: *DisallowAnimations*
- GP name: *DwmDisallowAnimations_2*
- GP path: *Windows Components/Desktop Window Manager*
- GP ADMX file name: *DWM.admx*
@ -396,7 +396,7 @@ If you disable or do not configure this policy setting, you allow users to chang
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Do not allow color changes*
- GP name: *DisallowColorizationColorChanges*
- GP name: *DwmDisallowColorizationColorChanges_1*
- GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring*
- GP ADMX file name: *DWM.admx*
@ -468,7 +468,7 @@ If you disable or do not configure this policy setting, you allow users to chang
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Do not allow color changes*
- GP name: *DisallowColorizationColorChanges*
- GP name: *DwmDisallowColorizationColorChanges_2*
- GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring*
- GP ADMX file name: *DWM.admx*

2
windows/client-management/mdm/policy-csp-admx-eventforwarding.md
View File

@ -97,7 +97,7 @@ This setting applies across all subscriptions for the forwarder (source computer
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Configure forwarder resource usage*
- GP name: *MaxForwardingRate*
- GP name: *ForwarderResourceUsage*
- GP path: *Windows Components/Event Forwarding*
- GP ADMX file name: *EventForwarding.admx*

2
windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
View File

@ -94,7 +94,7 @@ By default, the RPC protocol message between File Server VSS provider and File S
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers.*
- GP name: *EncryptProtocol*
- GP name: *Pol_EncryptProtocol*
- GP path: *System/File Share Shadow Copy Provider*
- GP ADMX file name: *FileServerVSSProvider.admx*

12
windows/client-management/mdm/policy-csp-admx-filesys.md
View File

@ -106,7 +106,7 @@ Available in Windows 10 Insider Preview Build 20185. Compression can add to the
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Do not allow compression on all NTFS volumes*
- GP name: *NtfsDisableCompression*
- GP name: *DisableCompression*
- GP path: *System/Filesystem/NTFS*
- GP ADMX file name: *FileSys.admx*
@ -237,7 +237,7 @@ Available in Windows 10 Insider Preview Build 20185. Encryption can add to the p
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Do not allow encryption on all NTFS volumes*
- GP name: *NtfsDisableEncryption*
- GP name: *DisableEncryption*
- GP path: *System/Filesystem/NTFS*
- GP ADMX file name: *FileSys.admx*
@ -300,7 +300,7 @@ Available in Windows 10 Insider Preview Build 20185. Encrypting the page file pr
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Enable NTFS pagefile encryption*
- GP name: *NtfsEncryptPagingFile*
- GP name: *EnablePagefileEncryption*
- GP path: *System/Filesystem/NTFS*
- GP ADMX file name: *FileSys.admx*
@ -428,7 +428,7 @@ If you enable short names on all volumes then short names will always be generat
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Short name creation options*
- GP name: *NtfsDisable8dot3NameCreation*
- GP name: *ShortNameCreationSettings*
- GP path: *System/Filesystem/NTFS*
- GP ADMX file name: *FileSys.admx*
@ -502,7 +502,7 @@ For more information, refer to the Windows Help section.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Selectively allow the evaluation of a symbolic link*
- GP name: *SymlinkLocalToLocalEvaluation*
- GP name: *SymlinkEvaluation*
- GP path: *System/Filesystem*
- GP ADMX file name: *FileSys.admx*
@ -565,7 +565,7 @@ Available in Windows 10 Insider Preview Build 20185. TXF deprecated features inc
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Enable / disable TXF deprecated features*
- GP name: *NtfsEnableTxfDeprecatedFunctionality*
- GP name: *TxfDeprecatedFunctionality*
- GP path: *System/Filesystem/NTFS*
- GP ADMX file name: *FileSys.admx*

8
windows/client-management/mdm/policy-csp-admx-folderredirection.md
View File

@ -329,7 +329,7 @@ If you disable or not configure this policy setting, Windows Vista, Windows 7, W
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Use localized subfolder names when redirecting Start Menu and My Documents*
- GP name: *LocalizeXPRelativePaths*
- GP name: *LocalizeXPRelativePaths_1*
- GP path: *System/Folder Redirection*
- GP ADMX file name: *FolderRedirection.admx*
@ -401,7 +401,7 @@ If you disable or not configure this policy setting, Windows Vista, Windows 7, W
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Use localized subfolder names when redirecting Start Menu and My Documents*
- GP name: *LocalizeXPRelativePaths*
- GP name: *LocalizeXPRelativePaths_2*
- GP path: *System/Folder Redirection*
- GP ADMX file name: *FolderRedirection.admx*
@ -474,7 +474,7 @@ If you disable or do not configure this policy setting and the user has redirect
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Redirect folders on primary computers only*
- GP name: *PrimaryComputerEnabledFR*
- GP name: *PrimaryComputer_FR_1*
- GP path: *System/Folder Redirection*
- GP ADMX file name: *FolderRedirection.admx*
@ -547,7 +547,7 @@ If you disable or do not configure this policy setting and the user has redirect
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Redirect folders on primary computers only*
- GP name: *PrimaryComputerEnabledFR*
- GP name: *PrimaryComputer_FR_2*
- GP path: *System/Folder Redirection*
- GP ADMX file name: *FolderRedirection.admx*

6
windows/client-management/mdm/policy-csp-admx-help.md
View File

@ -185,7 +185,7 @@ For additional options, see the "Restrict these programs from being launched fro
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Restrict potentially unsafe HTML Help functions to specified folders*
- GP name: *HelpQualifiedRootDir*
- GP name: *HelpQualifiedRootDir_Comp*
- GP path: *System*
- GP ADMX file name: *Help.admx*
@ -259,7 +259,7 @@ If you disable or do not configure this policy setting, users can run all applic
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Restrict these programs from being launched from Help*
- GP name: *DisableInHelp*
- GP name: *RestrictRunFromHelp*
- GP path: *System*
- GP ADMX file name: *Help.admx*
@ -332,7 +332,7 @@ If you disable or do not configure this policy setting, users can run all applic
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Restrict these programs from being launched from Help*
- GP name: *DisableInHelp*
- GP name: *RestrictRunFromHelp_Comp*
- GP path: *System*
- GP ADMX file name: *Help.admx*

8
windows/client-management/mdm/policy-csp-admx-helpandsupport.md
View File

@ -100,7 +100,7 @@ If you disable or do not configure this policy setting, the default behavior app
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn off Active Help*
- GP name: *NoActiveHelp*
- GP name: *ActiveHelp*
- GP path: *Windows Components/Online Assistance*
- GP ADMX file name: *HelpAndSupport.admx*
@ -171,7 +171,7 @@ Users can use the control to provide feedback on the quality and usefulness of t
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn off Help Ratings*
- GP name: *NoExplicitFeedback*
- GP name: *HPExplicitFeedback*
- GP path: *System/Internet Communication Management/Internet Communication settings*
- GP ADMX file name: *HelpAndSupport.admx*
@ -239,7 +239,7 @@ If you disable or do not configure this policy setting, users can turn on the He
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn off Help Experience Improvement Program*
- GP name: *NoImplicitFeedback*
- GP name: *HPImplicitFeedback*
- GP path: *System/Internet Communication Management/Internet Communication settings*
- GP ADMX file name: *HelpAndSupport.admx*
@ -308,7 +308,7 @@ If you disable or do not configure this policy setting, users can access online
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn off Windows Online*
- GP name: *NoOnlineAssist*
- GP name: *HPOnlineAssistance*
- GP path: *System/Internet Communication Management/Internet Communication settings*
- GP ADMX file name: *HelpAndSupport.admx*

8
windows/client-management/mdm/policy-csp-admx-kdc.md
View File

@ -133,7 +133,7 @@ Impact on domain controller performance when this policy setting is enabled:
<!--ADMXBacked-->
ADMX Info:
- GP English name: *KDC support for claims, compound authentication and Kerberos armoring*
- GP name: *EnableCbacAndArmor*
- GP name: *CbacAndArmor*
- GP path: *System/KDC*
- GP ADMX file name: *kdc.admx*
@ -204,7 +204,7 @@ To ensure consistent behavior, this policy setting must be supported and set ide
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Use forest search order*
- GP name: *UseForestSearch*
- GP name: *ForestSearch*
- GP path: *System/KDC*
- GP ADMX file name: *kdc.admx*
@ -420,7 +420,7 @@ If you disable or do not configure this policy setting, the threshold value defa
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Warning for large Kerberos tickets*
- GP name: *EnableTicketSizeThreshold*
- GP name: *TicketSizeThreshold*
- GP path: *System/KDC*
- GP ADMX file name: *kdc.admx*
@ -494,7 +494,7 @@ If you disable or do not configure this policy setting, the domain controller do
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Provide information about previous logons to client computers*
- GP name: *EmitLILI*
- GP name: *emitlili*
- GP path: *System/KDC*
- GP ADMX file name: *kdc.admx*

8
windows/client-management/mdm/policy-csp-admx-lanmanserver.md
View File

@ -116,7 +116,7 @@ Arrange the desired cipher suites in the edit box, one cipher suite per line, in
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Cipher suite order*
- GP name: *CipherSuiteOrder*
- GP name: *Pol_CipherSuiteOrder*
- GP path: *Network/Lanman Server*
- GP ADMX file name: *LanmanServer.admx*
@ -199,7 +199,7 @@ In circumstances where this policy setting is enabled, you can also select the f
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Hash Publication for BranchCache*
- GP name: *HashPublicationForPeerCaching*
- GP name: *Pol_HashPublication*
- GP path: *Network/Lanman Server*
- GP ADMX file name: *LanmanServer.admx*
@ -286,7 +286,7 @@ Hash version supported:
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Hash Version support for BranchCache*
- GP name: *HashSupportVersion*
- GP name: *Pol_HashSupportVersion*
- GP path: *Network/Lanman Server*
- GP ADMX file name: *LanmanServer.admx*
@ -358,7 +358,7 @@ If you disable or do not configure this policy setting, the SMB server will sele
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Honor cipher suite order*
- GP name: *HonorCipherSuiteOrder*
- GP name: *Pol_HonorCipherSuiteOrder*
- GP path: *Network/Lanman Server*
- GP ADMX file name: *LanmanServer.admx*

4
windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
View File

@ -96,7 +96,7 @@ If you disable or do not configure this policy setting, the default behavior of
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn on Mapper I/O (LLTDIO) driver*
- GP name: *EnableLLTDIO*
- GP name: *LLTD_EnableLLTDIO*
- GP path: *Network/Link-Layer Topology Discovery*
- GP ADMX file name: *LinkLayerTopologyDiscovery.admx*
@ -167,7 +167,7 @@ If you disable or do not configure this policy setting, the default behavior for
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn on Responder (RSPNDR) driver*
- GP name: *EnableRspndr*
- GP name: *LLTD_EnableRspndr*
- GP path: *Network/Link-Layer Topology Discovery*
- GP ADMX file name: *LinkLayerTopologyDiscovery.admx*

10
windows/client-management/mdm/policy-csp-admx-mmc.md
View File

@ -113,7 +113,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *ActiveX Control*
- GP name: *Restrict_Run*
- GP name: *MMC_ActiveXControl*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMC.admx*
@ -192,7 +192,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Extended View (Web View)*
- GP name: *Restrict_Run*
- GP name: *MMC_ExtendView*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMC.admx*
@ -271,7 +271,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Link to Web Address*
- GP name: *Restrict_Run*
- GP name: *MMC_LinkToWeb*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMC.admx*
@ -344,7 +344,7 @@ If you disable this setting or do not configure it, users can enter author mode
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Restrict the user from entering author mode*
- GP name: *RestrictAuthorMode*
- GP name: *MMC_Restrict_Author*
- GP path: *Windows Components\Microsoft Management Console*
- GP ADMX file name: *MMC.admx*
@ -422,7 +422,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Restrict users to the explicitly permitted list of snap-ins*
- GP name: *RestrictToPermittedSnapins*
- GP name: *MMC_Restrict_To_Permitted_Snapins*
- GP path: *Windows Components\Microsoft Management Console*
- GP ADMX file name: *MMC.admx*

210
windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
View File

@ -408,7 +408,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Administrative Templates (Computers)*
- GP name: *Restrict_Run*
- GP name: *MMC_ADMComputers_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -485,7 +485,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Administrative Templates (Computers)*
- GP name: *Restrict_Run*
- GP name: *MMC_ADMComputers_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -563,7 +563,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Administrative Templates (Users)*
- GP name: *Restrict_Run*
- GP name: *MMC_ADMUsers_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -641,7 +641,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Administrative Templates (Users)*
- GP name: *Restrict_Run*
- GP name: *MMC_ADMUsers_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -719,7 +719,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *ADSI Edit*
- GP name: *Restrict_Run*
- GP name: *MMC_ADSI*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -797,7 +797,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Active Directory Domains and Trusts*
- GP name: *Restrict_Run*
- GP name: *MMC_ActiveDirDomTrusts*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -875,7 +875,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Active Directory Sites and Services*
- GP name: *Restrict_Run*
- GP name: *MMC_ActiveDirSitesServices*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -953,7 +953,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Active Directory Users and Computers*
- GP name: *Restrict_Run*
- GP name: *MMC_ActiveDirUsersComp*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -1031,7 +1031,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *AppleTalk Routing*
- GP name: *Restrict_Run*
- GP name: *MMC_AppleTalkRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -1109,7 +1109,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Authorization Manager*
- GP name: *Restrict_Run*
- GP name: *MMC_AuthMan*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -1187,7 +1187,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Certification Authority*
- GP name: *Restrict_Run*
- GP name: *MMC_CertAuth*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -1264,7 +1264,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Certification Authority Policy Settings*
- GP name: *Restrict_Run*
- GP name: *MMC_CertAuthPolSet*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -1341,7 +1341,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Certificates*
- GP name: *Restrict_Run*
- GP name: *MMC_Certs*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -1418,7 +1418,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Certificate Templates*
- GP name: *Restrict_Run*
- GP name: *MMC_CertsTemplate*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -1495,7 +1495,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Component Services*
- GP name: *Restrict_Run*
- GP name: *MMC_ComponentServices*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -1572,7 +1572,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Computer Management*
- GP name: *Restrict_Run*
- GP name: *MMC_ComputerManagement*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -1649,7 +1649,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Connection Sharing (NAT)*
- GP name: *Restrict_Run*
- GP name: *MMC_ConnectionSharingNAT*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -1726,7 +1726,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *DCOM Configuration Extension*
- GP name: *Restrict_Run*
- GP name: *MMC_DCOMCFG*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -1803,7 +1803,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Distributed File System*
- GP name: *Restrict_Run*
- GP name: *MMC_DFS*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -1880,7 +1880,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *DHCP Relay Management*
- GP name: *Restrict_Run*
- GP name: *MMC_DHCPRelayMgmt*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -1957,7 +1957,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Device Manager*
- GP name: *Restrict_Run*
- GP name: *MMC_DeviceManager_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -2034,7 +2034,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Device Manager*
- GP name: *Restrict_Run*
- GP name: *MMC_DeviceManager_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -2111,7 +2111,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Disk Defragmenter*
- GP name: *Restrict_Run*
- GP name: *MMC_DiskDefrag*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -2188,7 +2188,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Disk Management*
- GP name: *Restrict_Run*
- GP name: *MMC_DiskMgmt*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -2265,7 +2265,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Enterprise PKI*
- GP name: *Restrict_Run*
- GP name: *MMC_EnterprisePKI*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -2342,7 +2342,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Event Viewer*
- GP name: *Restrict_Run*
- GP name: *MMC_EventViewer_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -2419,7 +2419,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Event Viewer (Windows Vista)*
- GP name: *Restrict_Run*
- GP name: *MMC_EventViewer_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -2496,7 +2496,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Event Viewer*
- GP name: *Restrict_Run*
- GP name: *MMC_EventViewer_3*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -2573,7 +2573,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Event Viewer (Windows Vista)*
- GP name: *Restrict_Run*
- GP name: *MMC_EventViewer_4*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -2651,7 +2651,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Event Viewer (Windows Vista)*
- GP name: *Restrict_Run*
- GP name: *MMC_EventViewer_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -2728,7 +2728,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *FAX Service*
- GP name: *Restrict_Run*
- GP name: *MMC_FAXService*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -2805,7 +2805,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Failover Clusters Manager*
- GP name: *Restrict_Run*
- GP name: *MMC_FailoverClusters*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -2882,7 +2882,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Folder Redirection*
- GP name: *Restrict_Run*
- GP name: *MMC_FolderRedirection_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -2959,7 +2959,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Folder Redirection*
- GP name: *Restrict_Run*
- GP name: *MMC_FolderRedirection_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -3036,7 +3036,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *FrontPage Server Extensions*
- GP name: *Restrict_Run*
- GP name: *MMC_FrontPageExt*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -3113,7 +3113,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Group Policy Management*
- GP name: *Restrict_Run*
- GP name: *MMC_GroupPolicyManagementSnapIn*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy*
- GP ADMX file name: *MMCSnapins.admx*
@ -3190,7 +3190,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Group Policy Object Editor*
- GP name: *Restrict_Run*
- GP name: *MMC_GroupPolicySnapIn*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy*
- GP ADMX file name: *MMCSnapins.admx*
@ -3269,7 +3269,7 @@ When the Group Policy tab is inaccessible, it does not appear in the site, domai
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Group Policy tab for Active Directory Tools*
- GP name: *Restrict_Run*
- GP name: *MMC_GroupPolicyTab*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy*
- GP ADMX file name: *MMCSnapins.admx*
@ -3346,7 +3346,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Health Registration Authority (HRA)*
- GP name: *Restrict_Run*
- GP name: *MMC_HRA*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -3423,7 +3423,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Internet Authentication Service (IAS)*
- GP name: *Restrict_Run*
- GP name: *MMC_IAS*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -3500,7 +3500,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *IAS Logging*
- GP name: *Restrict_Run*
- GP name: *MMC_IASLogging*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -3577,7 +3577,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Internet Explorer Maintenance*
- GP name: *Restrict_Run*
- GP name: *MMC_IEMaintenance_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -3654,7 +3654,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Internet Explorer Maintenance*
- GP name: *Restrict_Run*
- GP name: *MMC_IEMaintenance_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -3731,7 +3731,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *IGMP Routing*
- GP name: *Restrict_Run*
- GP name: *MMC_IGMPRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -3808,7 +3808,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Internet Information Services*
- GP name: *Restrict_Run*
- GP name: *MMC_IIS*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -3885,7 +3885,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *IP Routing*
- GP name: *Restrict_Run*
- GP name: *MMC_IPRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -3962,7 +3962,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *IP Security Policy Management*
- GP name: *Restrict_Run*
- GP name: *MMC_IPSecManage_GP*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -4039,7 +4039,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *IPX RIP Routing*
- GP name: *Restrict_Run*
- GP name: *MMC_IPXRIPRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -4116,7 +4116,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *IPX Routing*
- GP name: *Restrict_Run*
- GP name: *MMC_IPXRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -4193,7 +4193,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *IPX SAP Routing*
- GP name: *Restrict_Run*
- GP name: *MMC_IPXSAPRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -4270,7 +4270,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Indexing Service*
- GP name: *Restrict_Run*
- GP name: *MMC_IndexingService*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -4347,7 +4347,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *IP Security Policy Management*
- GP name: *Restrict_Run*
- GP name: *MMC_IpSecManage*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -4424,7 +4424,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *IP Security Monitor*
- GP name: *Restrict_Run*
- GP name: *MMC_IpSecMonitor*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -4501,7 +4501,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Local Users and Groups*
- GP name: *Restrict_Run*
- GP name: *MMC_LocalUsersGroups*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -4578,7 +4578,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Logical and Mapped Drives*
- GP name: *Restrict_Run*
- GP name: *MMC_LogicalMappedDrives*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -4655,7 +4655,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Network Policy Server (NPS)*
- GP name: *Restrict_Run*
- GP name: *MMC_NPSUI*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -4732,7 +4732,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *NAP Client Configuration*
- GP name: *Restrict_Run*
- GP name: *MMC_NapSnap*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -4809,7 +4809,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *NAP Client Configuration*
- GP name: *Restrict_Run*
- GP name: *MMC_NapSnap_GP*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -4886,7 +4886,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *.Net Framework Configuration*
- GP name: *Restrict_Run*
- GP name: *MMC_Net_Framework*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -4963,7 +4963,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Online Responder*
- GP name: *Restrict_Run*
- GP name: *MMC_OCSP*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -5040,7 +5040,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *OSPF Routing*
- GP name: *Restrict_Run*
- GP name: *MMC_OSPFRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -5117,7 +5117,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Performance Logs and Alerts*
- GP name: *Restrict_Run*
- GP name: *MMC_PerfLogsAlerts*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -5194,7 +5194,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Public Key Policies*
- GP name: *Restrict_Run*
- GP name: *MMC_PublicKey*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -5271,7 +5271,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *QoS Admission Control*
- GP name: *Restrict_Run*
- GP name: *MMC_QoSAdmission*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -5348,7 +5348,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *RAS Dialin - User Node*
- GP name: *Restrict_Run*
- GP name: *MMC_RAS_DialinUser*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -5425,7 +5425,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *RIP Routing*
- GP name: *Restrict_Run*
- GP name: *MMC_RIPRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -5502,7 +5502,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Remote Installation Services*
- GP name: *Restrict_Run*
- GP name: *MMC_RIS*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -5579,7 +5579,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Routing and Remote Access*
- GP name: *Restrict_Run*
- GP name: *MMC_RRA*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -5656,7 +5656,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Removable Storage Management*
- GP name: *Restrict_Run*
- GP name: *MMC_RSM*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -5733,7 +5733,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Removable Storage*
- GP name: *Restrict_Run*
- GP name: *MMC_RemStore*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -5810,7 +5810,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Remote Access*
- GP name: *Restrict_Run*
- GP name: *MMC_RemoteAccess*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -5887,7 +5887,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Remote Desktops*
- GP name: *Restrict_Run*
- GP name: *MMC_RemoteDesktop*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -5964,7 +5964,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Resultant Set of Policy snap-in*
- GP name: *Restrict_Run*
- GP name: *MMC_ResultantSetOfPolicySnapIn*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy*
- GP ADMX file name: *MMCSnapins.admx*
@ -6041,7 +6041,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Routing*
- GP name: *Restrict_Run*
- GP name: *MMC_Routing*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -6118,7 +6118,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Security Configuration and Analysis*
- GP name: *Restrict_Run*
- GP name: *MMC_SCA*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -6195,7 +6195,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *SMTP Protocol*
- GP name: *Restrict_Run*
- GP name: *MMC_SMTPProtocol*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -6272,7 +6272,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *SNMP*
- GP name: *Restrict_Run*
- GP name: *MMC_SNMP*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -6349,7 +6349,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Scripts (Startup/Shutdown)*
- GP name: *Restrict_Run*
- GP name: *MMC_ScriptsMachine_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -6426,7 +6426,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Scripts (Startup/Shutdown)*
- GP name: *Restrict_Run*
- GP name: *MMC_ScriptsMachine_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -6503,7 +6503,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Scripts (Logon/Logoff)*
- GP name: *Restrict_Run*
- GP name: *MMC_ScriptsUser_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -6580,7 +6580,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Scripts (Logon/Logoff)*
- GP name: *Restrict_Run*
- GP name: *MMC_ScriptsUser_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -6657,7 +6657,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Security Settings*
- GP name: *Restrict_Run*
- GP name: *MMC_SecuritySettings_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -6734,7 +6734,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Security Settings*
- GP name: *Restrict_Run*
- GP name: *MMC_SecuritySettings_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -6811,7 +6811,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Security Templates*
- GP name: *Restrict_Run*
- GP name: *MMC_SecurityTemplates*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -6888,7 +6888,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Send Console Message*
- GP name: *Restrict_Run*
- GP name: *MMC_SendConsoleMessage*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -6965,7 +6965,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Server Manager*
- GP name: *Restrict_Run*
- GP name: *MMC_ServerManager*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -7042,7 +7042,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Service Dependencies*
- GP name: *Restrict_Run*
- GP name: *MMC_ServiceDependencies*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -7119,7 +7119,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Services*
- GP name: *Restrict_Run*
- GP name: *MMC_Services*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -7196,7 +7196,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Shared Folders*
- GP name: *Restrict_Run*
- GP name: *MMC_SharedFolders*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -7273,7 +7273,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Shared Folders Ext*
- GP name: *Restrict_Run*
- GP name: *MMC_SharedFolders_Ext*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -7350,7 +7350,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Software Installation (Computers)*
- GP name: *Restrict_Run*
- GP name: *MMC_SoftwareInstalationComputers_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -7427,7 +7427,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Software Installation (Computers)*
- GP name: *Restrict_Run*
- GP name: *MMC_SoftwareInstalationComputers_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -7504,7 +7504,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Software Installation (Users)*
- GP name: *Restrict_Run*
- GP name: *MMC_SoftwareInstallationUsers_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -7581,7 +7581,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Software Installation (Users)*
- GP name: *Restrict_Run*
- GP name: *MMC_SoftwareInstallationUsers_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -7658,7 +7658,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *System Information*
- GP name: *Restrict_Run*
- GP name: *MMC_SysInfo*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -7735,7 +7735,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *System Properties*
- GP name: *Restrict_Run*
- GP name: *MMC_SysProp*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -7812,7 +7812,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *TPM Management*
- GP name: *Restrict_Run*
- GP name: *MMC_TPMManagement*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -7889,7 +7889,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Telephony*
- GP name: *Restrict_Run*
- GP name: *MMC_Telephony*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -7966,7 +7966,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Remote Desktop Services Configuration*
- GP name: *Restrict_Run*
- GP name: *MMC_TerminalServices*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -8043,7 +8043,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *WMI Control*
- GP name: *Restrict_Run*
- GP name: *MMC_WMI*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -8120,7 +8120,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Windows Firewall with Advanced Security*
- GP name: *Restrict_Run*
- GP name: *MMC_WindowsFirewall*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -8197,7 +8197,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Windows Firewall with Advanced Security*
- GP name: *Restrict_Run*
- GP name: *MMC_WindowsFirewall_GP*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -8274,7 +8274,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Wired Network (IEEE 802.3) Policies*
- GP name: *Restrict_Run*
- GP name: *MMC_WiredNetworkPolicy*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*
@ -8351,7 +8351,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Wireless Monitor*
- GP name: *Restrict_Run*
- GP name: *MMC_WirelessMon*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
- GP ADMX file name: *MMCSnapins.admx*
@ -8428,7 +8428,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Wireless Network (IEEE 802.11) Policies*
- GP name: *Restrict_Run*
- GP name: *MMC_WirelessNetworkPolicy*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
- GP ADMX file name: *MMCSnapins.admx*

2
windows/client-management/mdm/policy-csp-admx-msapolicy.md
View File

@ -93,7 +93,7 @@ By default, this setting is Disabled. This setting does not affect whether users
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Block all consumer Microsoft account user authentication*
- GP name: *DisableUserAuth*
- GP name: *MicrosoftAccount_DisableUserAuth*
- GP path: *Windows Components\Microsoft account*
- GP ADMX file name: *MSAPolicy.admx*

8
windows/client-management/mdm/policy-csp-admx-nca.md
View File

@ -122,7 +122,7 @@ You must configure this setting to have complete NCA functionality.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Corporate Resources*
- GP name: *Probe*
- GP name: *CorporateResources*
- GP path: *Network\DirectAccess Client Experience Settings*
- GP ADMX file name: *nca.admx*
@ -187,7 +187,7 @@ Available in Windows 10 Insider Preview Build 20185. This policy setting specifi
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Custom Commands*
- GP name: *CustomCommand*
- GP name: *CustomCommands*
- GP path: *Network\DirectAccess Client Experience Settings*
- GP ADMX file name: *nca.admx*
@ -258,7 +258,7 @@ You must configure this setting to have complete NCA functionality.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *IPsec Tunnel Endpoints*
- GP name: *DTE*
- GP name: *DTEs*
- GP path: *Network\DirectAccess Client Experience Settings*
- GP ADMX file name: *nca.admx*
@ -401,7 +401,7 @@ If this setting is not configured, users do not have Connect or Disconnect optio
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Prefer Local Names Allowed*
- GP name: *NamePreferenceAllowed*
- GP name: *LocalNamesOn*
- GP path: *Network\DirectAccess Client Experience Settings*
- GP ADMX file name: *nca.admx*

14
windows/client-management/mdm/policy-csp-admx-ncsi.md
View File

@ -105,7 +105,7 @@ Available in Windows 10 Insider Preview Build 20185. This policy setting enable
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify corporate DNS probe host address*
- GP name: *DnsProbeContent*
- GP name: *NCSI_CorpDnsProbeContent*
- GP path: *Network\Network Connectivity Status Indicator*
- GP ADMX file name: *NCSI.admx*
@ -170,7 +170,7 @@ Available in Windows 10 Insider Preview Build 20185. This policy setting enables
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify corporate DNS probe host name*
- GP name: *DnsProbeHost*
- GP name: *NCSI_CorpDnsProbeHost*
- GP path: *Network\Network Connectivity Status Indicator*
- GP ADMX file name: *NCSI.admx*
@ -235,7 +235,7 @@ Available in Windows 10 Insider Preview Build 20185. This policy setting enables
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify corporate site prefix list*
- GP name: *SitePrefixes*
- GP name: *NCSI_CorpSitePrefixes*
- GP path: *Network\Network Connectivity Status Indicator*
- GP ADMX file name: *NCSI.admx*
@ -300,7 +300,7 @@ Available in Windows 10 Insider Preview Build 20185. This policy setting enables
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify corporate Website probe URL*
- GP name: *WebProbeUrl*
- GP name: *NCSI_CorpWebProbeUrl*
- GP path: *Network\Network Connectivity Status Indicator*
- GP ADMX file name: *NCSI.admx*
@ -368,7 +368,7 @@ Available in Windows 10 Insider Preview Build 20185. This policy setting enables
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify domain location determination URL*
- GP name: *DomainLocationDeterminationUrl*
- GP name: *NCSI_DomainLocationDeterminationUrl*
- GP path: *Network\Network Connectivity Status Indicator*
- GP ADMX file name: *NCSI.admx*
@ -433,7 +433,7 @@ Available in Windows 10 Insider Preview Build 20185. This policy setting enables
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify global DNS*
- GP name: *UseGlobalDns*
- GP name: *NCSI_GlobalDns*
- GP path: *Network\Network Connectivity Status Indicator*
- GP ADMX file name: *NCSI.admx*
@ -498,7 +498,7 @@ Available in Windows 10 Insider Preview Build 20185. This Policy setting enables
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify passive polling*
- GP name: *DisablePassivePolling*
- GP name: *NCSI_PassivePolling*
- GP path: *Network\Network Connectivity Status Indicator*
- GP ADMX file name: *NCSI.admx*

70
windows/client-management/mdm/policy-csp-admx-netlogon.md
View File

@ -201,7 +201,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify address lookup behavior for DC locator ping*
- GP name: *AddressLookupOnPingBehavior*
- GP name: *Netlogon_AddressLookupOnPingBehavior*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -274,7 +274,7 @@ If you do not configure this policy setting, DC Locator APIs can return IPv4/IPv
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Return domain controller address type*
- GP name: *AddressTypeReturned*
- GP name: *Netlogon_AddressTypeReturned*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -347,7 +347,7 @@ If you disable this policy setting, when the AllowSingleLabelDnsDomain policy is
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Use DNS name resolution when a single-label domain name is used, by appending different registered DNS suffixes, if the AllowSingleLabelDnsDomain setting is not enabled.*
- GP name: *AllowDnsSuffixSearch*
- GP name: *Netlogon_AllowDnsSuffixSearch*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -422,7 +422,7 @@ If you do not configure this policy setting, Net Logon will not allow the negoti
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Allow cryptography algorithms compatible with Windows NT 4.0*
- GP name: *AllowNT4Crypto*
- GP name: *Netlogon_AllowNT4Crypto*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -497,7 +497,7 @@ If you do not configure this policy setting, it is not applied to any computers,
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Use DNS name resolution with a single-label domain name instead of NetBIOS name resolution to locate the DC*
- GP name: *AllowSingleLabelDnsDomain*
- GP name: *Netlogon_AllowSingleLabelDnsDomain*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -570,7 +570,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Use automated site coverage by the DC Locator DNS SRV Records*
- GP name: *AutoSiteCoverage*
- GP name: *Netlogon_AutoSiteCoverage*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -646,7 +646,7 @@ If you disable this policy setting, the DC location algorithm can use NetBIOS-ba
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Do not use NetBIOS-based discovery for domain controller location when DNS-based discovery fails*
- GP name: *AvoidFallbackNetbiosDiscovery*
- GP name: *Netlogon_AvoidFallbackNetbiosDiscovery*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -721,7 +721,7 @@ If you do not configure this policy setting, it is not applied to any DCs.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Contact PDC on logon failure*
- GP name: *AvoidPdcOnWan*
- GP name: *Netlogon_AvoidPdcOnWan*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -799,7 +799,7 @@ If the value of this setting is less than the value specified in the NegativeCac
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Use initial DC discovery retry setting for background callers*
- GP name: *BackgroundRetryInitialPeriod*
- GP name: *Netlogon_BackgroundRetryInitialPeriod*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -879,7 +879,7 @@ If the value for this setting is too small and the DC is not available, the freq
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Use maximum DC discovery retry interval setting for background callers*
- GP name: *BackgroundRetryMaximumPeriod*
- GP name: *Netlogon_BackgroundRetryMaximumPeriod*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -951,7 +951,7 @@ The default value for this setting is to not quit retrying (0). The maximum valu
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Use final DC discovery retry setting for background callers*
- GP name: *BackgroundRetryQuitTime*
- GP name: *Netlogon_BackgroundRetryQuitTime*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -1018,7 +1018,7 @@ Available in Windows 10 Insider Preview Build 20185. This policy setting determi
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Use positive periodic DC cache refresh for background callers*
- GP name: *BackgroundSuccessfulRefreshPeriod*
- GP name: *Netlogon_BackgroundSuccessfulRefreshPeriod*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -1093,7 +1093,7 @@ If you disable this policy setting or do not configure it, the default behavior
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify log file debug output level*
- GP name: *dbFlag*
- GP name: *Netlogon_DebugFlag*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -1192,7 +1192,7 @@ If you do not configure this policy setting, DCs use their local configuration.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify DC Locator DNS records not registered by the DCs*
- GP name: *DnsAvoidRegisterRecords*
- GP name: *Netlogon_DnsAvoidRegisterRecords*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -1268,7 +1268,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify Refresh Interval of the DC Locator DNS records*
- GP name: *DnsRefreshInterval*
- GP name: *Netlogon_DnsRefreshInterval*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -1344,7 +1344,7 @@ A reboot is not required for changes to this setting to take effect.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Use lowercase DNS host names when registering domain controller SRV records*
- GP name: *DnsSrvRecordUseLowerCaseHostNames*
- GP name: *Netlogon_DnsSrvRecordUseLowerCaseHostNames*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -1414,7 +1414,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Set TTL in the DC Locator DNS Records*
- GP name: *DnsTtl*
- GP name: *Netlogon_DnsTtl*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -1485,7 +1485,7 @@ If you do not configure this policy setting, it is not applied to any computers,
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify expected dial-up delay on logon*
- GP name: *ExpectedDialupDelay*
- GP name: *Netlogon_ExpectedDialupDelay*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -1560,7 +1560,7 @@ If you do not configure this policy setting, Force Rediscovery will be used by d
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Force Rediscovery Interval*
- GP name: *ForceRediscoveryInterval*
- GP name: *Netlogon_ForceRediscoveryInterval*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -1633,7 +1633,7 @@ If you do not configure this policy setting, it is not applied to any GCs, and G
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify sites covered by the GC Locator DNS SRV Records*
- GP name: *GcSiteCoverage*
- GP name: *Netlogon_GcSiteCoverage*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -1709,7 +1709,7 @@ If you disable or do not configure this policy setting, this DC processes incomi
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names*
- GP name: *IgnoreIncomingMailslotMessages*
- GP name: *Netlogon_IgnoreIncomingMailslotMessages*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -1782,7 +1782,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Set Priority in the DC Locator DNS SRV records*
- GP name: *LdapSrvPriority*
- GP name: *Netlogon_LdapSrvPriority*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -1855,7 +1855,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Set Weight in the DC Locator DNS SRV records*
- GP name: *LdapSrvWeight*
- GP name: *Netlogon_LdapSrvWeight*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -1926,7 +1926,7 @@ If you disable or do not configure this policy setting, the default behavior occ
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify maximum log file size*
- GP name: *MaximumLogFileSize*
- GP name: *Netlogon_MaximumLogFileSize*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -1999,7 +1999,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify sites covered by the application directory partition DC Locator DNS SRV records*
- GP name: *NdncSiteCoverage*
- GP name: *Netlogon_NdncSiteCoverage*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -2071,7 +2071,7 @@ The default value for this setting is 45 seconds. The maximum value for this set
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify negative DC Discovery cache setting*
- GP name: *NegativeCachePeriod*
- GP name: *Netlogon_NegativeCachePeriod*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -2149,7 +2149,7 @@ If you enable this policy setting, domain administrators should ensure that the
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Set Netlogon share compatibility*
- GP name: *AllowExclusiveScriptsShareAccess*
- GP name: *Netlogon_NetlogonShareCompatibilityMode*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -2218,7 +2218,7 @@ The default value for this setting is 30 minutes (1800). The maximum value for t
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify positive periodic DC Cache refresh for non-background callers*
- GP name: *NonBackgroundSuccessfulRefreshPeriod*
- GP name: *Netlogon_NonBackgroundSuccessfulRefreshPeriod*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -2296,7 +2296,7 @@ If you do not configure this policy setting, it is not applied to any computers,
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Use urgent mode when pinging domain controllers*
- GP name: *PingUrgencyMode*
- GP name: *Netlogon_PingUrgencyMode*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -2373,7 +2373,7 @@ To enable the setting, click Enabled, and then specify the interval in seconds.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Set scavenge interval*
- GP name: *ScavengeInterval*
- GP name: *Netlogon_ScavengeInterval*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -2446,7 +2446,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify sites covered by the DC Locator DNS SRV records*
- GP name: *SiteCoverage*
- GP name: *Netlogon_SiteCoverage*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -2519,7 +2519,7 @@ If you do not configure this policy setting, it is not applied to any computers,
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify site name*
- GP name: *SiteName*
- GP name: *Netlogon_SiteName*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -2597,7 +2597,7 @@ If you enable this policy setting, domain administrators should ensure that the
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Set SYSVOL share compatibility*
- GP name: *AllowExclusiveSysvolShareAccess*
- GP name: *Netlogon_SysvolShareCompatibilityMode*
- GP path: *System\Net Logon*
- GP ADMX file name: *Netlogon.admx*
@ -2672,7 +2672,7 @@ If you do not configure this policy setting, Try Next Closest Site DC Location w
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Try Next Closest Site*
- GP name: *TryNextClosestSite*
- GP name: *Netlogon_TryNextClosestSite*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*
@ -2745,7 +2745,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify dynamic registration of the DC Locator DNS Records*
- GP name: *UseDynamicDns*
- GP name: *Netlogon_UseDynamicDns*
- GP path: *System\Net Logon\DC Locator DNS Records*
- GP ADMX file name: *Netlogon.admx*

94
windows/client-management/mdm/policy-csp-admx-offlinefiles.md
View File

@ -228,7 +228,7 @@ If you disable this setting or do not configure it, the system asks users whethe
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Subfolders always available offline*
- GP name: *AlwaysPinSubFolders*
- GP name: *Pol_AlwaysPinSubFolders*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -302,7 +302,7 @@ If you do not configure this policy setting, no files or folders are made availa
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify administratively assigned Offline Files*
- GP name: *AssignedOfflineFolders*
- GP name: *Pol_AssignedOfflineFiles_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -376,7 +376,7 @@ If you do not configure this policy setting, no files or folders are made availa
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify administratively assigned Offline Files*
- GP name: *AssignedOfflineFolders*
- GP name: *Pol_AssignedOfflineFiles_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -447,7 +447,7 @@ If you disable or do not configure this policy setting, Windows performs a backg
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Configure Background Sync*
- GP name: *BackgroundSyncEnabled*
- GP name: *Pol_BackgroundSyncSettings*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -528,7 +528,7 @@ This setting replaces the Default Cache Size setting used by pre-Windows Vista s
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Limit disk space used by Offline Files*
- GP name: *CacheQuotaLimitUnpinned*
- GP name: *Pol_CacheSize*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -612,7 +612,7 @@ Also, see the "Non-default server disconnect actions" setting.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Action on server disconnect*
- GP name: *GoOfflineAction*
- GP name: *Pol_CustomGoOfflineActions_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -696,7 +696,7 @@ Also, see the "Non-default server disconnect actions" setting.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Action on server disconnect*
- GP name: *GoOfflineAction*
- GP name: *Pol_CustomGoOfflineActions_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -776,7 +776,7 @@ If you do not configure this setting, disk space for automatically cached files
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Default cache size*
- GP name: *DefCacheSize*
- GP name: *Pol_DefCacheSize*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -850,7 +850,7 @@ If you do not configure this policy setting, Offline Files is enabled on Windows
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Allow or Disallow use of the Offline Files feature*
- GP name: *Enabled*
- GP name: *Pol_Enabled*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -927,7 +927,7 @@ This setting is applied at user logon. If this setting is changed after user log
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Encrypt the Offline Files cache*
- GP name: *EncryptCache*
- GP name: *Pol_EncryptOfflineFiles*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -1007,7 +1007,7 @@ To use this setting, in the "Enter" box, select the number corresponding to the
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Event logging level*
- GP name: *EventLoggingLevel*
- GP name: *Pol_EventLoggingLevel_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -1087,7 +1087,7 @@ To use this setting, in the "Enter" box, select the number corresponding to the
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Event logging level*
- GP name: *EventLoggingLevel*
- GP name: *Pol_EventLoggingLevel_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -1156,7 +1156,7 @@ If you disable or do not configure this policy setting, a user can create a file
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Enable file screens*
- GP name: *ExcludedFileTypes*
- GP name: *Pol_ExclusionListSettings*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -1230,7 +1230,7 @@ To use this setting, type the file name extension in the "Extensions" box. To ty
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Files not cached*
- GP name: *ExcludeExtensions*
- GP name: *Pol_ExtExclusionList*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -1314,7 +1314,7 @@ Also, see the "Non-default server disconnect actions" setting.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Action on server disconnect*
- GP name: *GoOfflineAction*
- GP name: *Pol_GoOfflineAction_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -1398,7 +1398,7 @@ Also, see the "Non-default server disconnect actions" setting.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Action on server disconnect*
- GP name: *GoOfflineAction*
- GP name: *Pol_GoOfflineAction_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -1472,7 +1472,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Prevent use of Offline Files folder*
- GP name: *NoCacheViewer*
- GP name: *Pol_NoCacheViewer_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -1546,7 +1546,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Prevent use of Offline Files folder*
- GP name: *NoCacheViewer*
- GP name: *Pol_NoCacheViewer_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -1620,7 +1620,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Prohibit user configuration of Offline Files*
- GP name: *NoConfigCache*
- GP name: *Pol_NoConfigCache_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -1694,7 +1694,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Prohibit user configuration of Offline Files*
- GP name: *NoConfigCache*
- GP name: *Pol_NoConfigCache_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -1767,7 +1767,7 @@ If you disable or do not configure this policy setting, users can manually speci
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Remove "Make Available Offline" command*
- GP name: *NoMakeAvailableOffline*
- GP name: *Pol_NoMakeAvailableOffline_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -1840,7 +1840,7 @@ If you disable or do not configure this policy setting, users can manually speci
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Remove "Make Available Offline" command*
- GP name: *NoMakeAvailableOffline*
- GP name: *Pol_NoMakeAvailableOffline_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -1917,7 +1917,7 @@ If you do not configure this policy setting, the "Make Available Offline" comman
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Remove "Make Available Offline" for these files and folders*
- GP name: *NoMakeAvailableOfflineList*
- GP name: *Pol_NoPinFiles_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -1994,7 +1994,7 @@ If you do not configure this policy setting, the "Make Available Offline" comman
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Remove "Make Available Offline" for these files and folders*
- GP name: *NoMakeAvailableOfflineList*
- GP name: *Pol_NoPinFiles_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -2074,7 +2074,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn off reminder balloons*
- GP name: *NoReminders*
- GP name: *Pol_NoReminders_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -2154,7 +2154,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn off reminder balloons*
- GP name: *NoReminders*
- GP name: *Pol_NoReminders_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -2227,7 +2227,7 @@ If you disable or do not configure this policy setting, remote files will be not
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Enable Transparent Caching*
- GP name: *OnlineCachingLatencyThreshold*
- GP name: *Pol_OnlineCachingSettings*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -2298,7 +2298,7 @@ If you disable this setting or do not configure it, the system asks users whethe
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Subfolders always available offline*
- GP name: *AlwaysPinSubFolders*
- GP name: *Pol_AlwaysPinSubFolders*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -2370,7 +2370,7 @@ If you disable this setting or do not configure it, automatically and manually c
<!--ADMXBacked-->
ADMX Info:
- GP English name: *At logoff, delete local copy of users offline files*
- GP name: *PurgeOnlyAutoCacheAtLogoff*
- GP name: *Pol_PurgeAtLogoff*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -2439,7 +2439,7 @@ If you disable this policy setting, all administratively assigned folders are sy
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn on economical application of administratively assigned Offline Files*
- GP name: *EconomicalAdminPinning*
- GP name: *Pol_QuickAdimPin*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -2513,7 +2513,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Reminder balloon frequency*
- GP name: *ReminderFreqMinutes*
- GP name: *Pol_ReminderFreq_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -2587,7 +2587,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Reminder balloon frequency*
- GP name: *ReminderFreqMinutes*
- GP name: *Pol_ReminderFreq_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -2656,7 +2656,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Initial reminder balloon lifetime*
- GP name: *InitialBalloonTimeoutSeconds*
- GP name: *Pol_ReminderInitTimeout_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -2725,7 +2725,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Initial reminder balloon lifetime*
- GP name: *InitialBalloonTimeoutSeconds*
- GP name: *Pol_ReminderInitTimeout_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -2794,7 +2794,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Reminder balloon lifetime*
- GP name: *ReminderBalloonTimeoutSeconds*
- GP name: *Pol_ReminderTimeout_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -2863,7 +2863,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Reminder balloon lifetime*
- GP name: *ReminderBalloonTimeoutSeconds*
- GP name: *Pol_ReminderTimeout_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -2942,7 +2942,7 @@ If you disable this policy setting, computers will not use the slow-link mode.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Configure slow-link mode*
- GP name: *SlowLinkEnabled*
- GP name: *Pol_SlowLinkSettings*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -3016,7 +3016,7 @@ If this setting is disabled or not configured, the default threshold value of 64
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Configure Slow link speed*
- GP name: *SlowLinkSpeed*
- GP name: *Pol_SlowLinkSpeed*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -3094,7 +3094,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Synchronize all offline files before logging off*
- GP name: *SyncAtLogoff*
- GP name: *Pol_SyncAtLogoff_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -3172,7 +3172,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Synchronize all offline files before logging off*
- GP name: *SyncAtLogoff*
- GP name: *Pol_SyncAtLogoff_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -3250,7 +3250,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Synchronize all offline files when logging on*
- GP name: *SyncAtLogon*
- GP name: *Pol_SyncAtLogon_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -3330,7 +3330,7 @@ This setting appears in the Computer Configuration and User Configuration folder
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Synchronize all offline files when logging on*
- GP name: *SyncAtLogon*
- GP name: *Pol_SyncAtLogon_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -3402,7 +3402,7 @@ If you disable or do not configuring this setting, files are not synchronized wh
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Synchronize offline files before suspend*
- GP name: *SyncAtSuspend*
- GP name: *Pol_SyncAtSuspend_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -3474,7 +3474,7 @@ If you disable or do not configuring this setting, files are not synchronized wh
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Synchronize offline files before suspend*
- GP name: *SyncAtSuspend*
- GP name: *Pol_SyncAtSuspend_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -3543,7 +3543,7 @@ If this setting is disabled or not configured, synchronization will not run in t
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Enable file synchronization on costed networks*
- GP name: *SyncEnabledForCostedNetwork*
- GP name: *Pol_SyncOnCostedNetwork*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -3612,7 +3612,7 @@ If you disable or do not configure this policy setting, the "Work offline" comma
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Remove "Work offline" command*
- GP name: *WorkOfflineDisabled*
- GP name: *Pol_WorkOfflineDisabled_1*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*
@ -3681,7 +3681,7 @@ If you disable or do not configure this policy setting, the "Work offline" comma
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Remove "Work offline" command*
- GP name: *WorkOfflineDisabled*
- GP name: *Pol_WorkOfflineDisabled_2*
- GP path: *Network\Offline Files*
- GP ADMX file name: *OfflineFiles.admx*

18
windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
View File

@ -125,7 +125,7 @@ Select one of the following:
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn on BranchCache*
- GP name: *Enable*
- GP name: *EnableWindowsBranchCache*
- GP path: *Network\BranchCache*
- GP ADMX file name: *PeerToPeerCaching.admx*
@ -203,7 +203,7 @@ Select one of the following:
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Set BranchCache Distributed Cache mode*
- GP name: *Enable*
- GP name: *EnableWindowsBranchCache_Distributed*
- GP path: *Network\BranchCache*
- GP ADMX file name: *PeerToPeerCaching.admx*
@ -287,7 +287,7 @@ Hosted cache clients must trust the server certificate that is issued to the hos
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Set BranchCache Hosted Cache mode*
- GP name: *Location*
- GP name: *EnableWindowsBranchCache_Hosted*
- GP path: *Network\BranchCache*
- GP ADMX file name: *PeerToPeerCaching.admx*
@ -374,7 +374,7 @@ Select one of the following:
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Enable Automatic Hosted Cache Discovery by Service Connection Point*
- GP name: *SCPDiscoveryEnabled*
- GP name: *EnableWindowsBranchCache_HostedCacheDiscovery*
- GP path: *Network\BranchCache*
- GP ADMX file name: *PeerToPeerCaching.admx*
@ -457,7 +457,7 @@ In circumstances where this setting is enabled, you can also select and configur
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Configure Hosted Cache Servers*
- GP name: *MultipleServers*
- GP name: *EnableWindowsBranchCache_HostedMultipleServers*
- GP path: *Network\BranchCache*
- GP ADMX file name: *PeerToPeerCaching.admx*
@ -534,7 +534,7 @@ In circumstances where this policy setting is enabled, you can also select and c
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Configure BranchCache for network files*
- GP name: *PeerCachingLatencyThreshold*
- GP name: *EnableWindowsBranchCache_SMB*
- GP path: *Network\BranchCache*
- GP ADMX file name: *PeerToPeerCaching.admx*
@ -618,7 +618,7 @@ In circumstances where this setting is enabled, you can also select and configur
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Set percentage of disk space used for client computer cache*
- GP name: *SizePercent*
- GP name: *SetCachePercent*
- GP path: *Network\BranchCache*
- GP ADMX file name: *PeerToPeerCaching.admx*
@ -699,7 +699,7 @@ In circumstances where this setting is enabled, you can also select and configur
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Set age for segments in the data cache*
- GP name: *SegmentTTL*
- GP name: *SetDataCacheEntryMaxAge*
- GP path: *Network\BranchCache*
- GP ADMX file name: *PeerToPeerCaching.admx*
@ -783,7 +783,7 @@ Select from the following versions
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Configure Client BranchCache Version Support*
- GP name: *PreferredContentInformationVersion*
- GP name: *SetDowngrading*
- GP path: *Network\BranchCache*
- GP ADMX file name: *PeerToPeerCaching.admx*

8
windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
View File

@ -108,7 +108,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Configure Scenario Execution Level*
- GP name: *ScenarioExecutionEnabled*
- GP name: *WdiScenarioExecutionPolicy_1*
- GP path: *System\Troubleshooting and Diagnostics\Windows Boot Performance Diagnostics*
- GP ADMX file name: *PerformanceDiagnostics.admx*
@ -185,7 +185,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Configure Scenario Execution Level*
- GP name: *ScenarioExecutionEnabled*
- GP name: *WdiScenarioExecutionPolicy_2*
- GP path: *System\Troubleshooting and Diagnostics\Windows System Responsiveness Performance Diagnostics*
- GP ADMX file name: *PerformanceDiagnostics.admx*
@ -262,7 +262,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Configure Scenario Execution Level*
- GP name: *ScenarioExecutionEnabled*
- GP name: *WdiScenarioExecutionPolicy_3*
- GP path: *System\Troubleshooting and Diagnostics\Windows Shutdown Performance Diagnostics*
- GP ADMX file name: *PerformanceDiagnostics.admx*
@ -339,7 +339,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Configure Scenario Execution Level*
- GP name: *ScenarioExecutionEnabled*
- GP name: *WdiScenarioExecutionPolicy_4*
- GP path: *System\Troubleshooting and Diagnostics\Windows Standby/Resume Performance Diagnostics*
- GP ADMX file name: *PerformanceDiagnostics.admx*

8
windows/client-management/mdm/policy-csp-admx-reliability.md
View File

@ -105,7 +105,7 @@ If you do not configure this policy setting, the Persistent System Timestamp is
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Enable Persistent Time Stamp*
- GP name: *TimeStampEnabled*
- GP name: *EE_EnablePersistentTimeStamp*
- GP path: *System*
- GP ADMX file name: *Reliability.admx*
@ -180,7 +180,7 @@ Also see the "Configure Error Reporting" policy setting.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Report unplanned shutdown events*
- GP name: *IncludeShutdownErrs*
- GP name: *PCH_ReportShutdownEvents*
- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
- GP ADMX file name: *Reliability.admx*
@ -258,7 +258,7 @@ If you do not configure this policy setting, the default behavior for the System
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Activate Shutdown Event Tracker System State Data feature*
- GP name: *SnapShot*
- GP name: *ShutdownEventTrackerStateFile*
- GP path: *System*
- GP ADMX file name: *Reliability.admx*
@ -338,7 +338,7 @@ If you do not configure this policy setting, the default behavior for the Shutdo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Display Shutdown Event Tracker*
- GP name: *ShutdownReasonOn*
- GP name: *ShutdownReason*
- GP path: *System*
- GP ADMX file name: *Reliability.admx*

24
windows/client-management/mdm/policy-csp-admx-scripts.md
View File

@ -124,7 +124,7 @@ If you disable or do not configure this policy setting, user account cross-fores
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Allow logon scripts when NetBIOS or WINS is disabled*
- GP name: *Allow-LogonScript-NetbiosDisabled*
- GP name: *Allow_Logon_Script_NetbiosDisabled*
- GP path: *System\Scripts*
- GP ADMX file name: *Scripts.admx*
@ -199,7 +199,7 @@ If you disable or do not configure this setting the system lets the combined set
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify maximum wait time for Group Policy scripts*
- GP name: *MaxGPOScriptWait*
- GP name: *MaxGPOScriptWaitPolicy*
- GP path: *System\Scripts*
- GP ADMX file name: *Scripts.admx*
@ -291,7 +291,7 @@ Within GPO C: C.cmd, C.ps1
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Run Windows PowerShell scripts first at computer startup, shutdown*
- GP name: *RunComputerPSScriptsFirst*
- GP name: *Run_Computer_PS_Scripts_First*
- GP path: *System\Scripts*
- GP ADMX file name: *Scripts.admx*
@ -364,7 +364,7 @@ Also, see the "Run Logon Scripts Visible" setting.
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Run legacy logon scripts hidden*
- GP name: *HideLegacyLogonScripts*
- GP name: *Run_Legacy_Logon_Script_Hidden*
- GP path: *System\Scripts*
- GP ADMX file name: *Scripts.admx*
@ -435,7 +435,7 @@ If you disable or do not configure this policy setting, the instructions are sup
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Display instructions in logoff scripts as they run*
- GP name: *HideLogoffScripts*
- GP name: *Run_Logoff_Script_Visible*
- GP path: *System\Scripts*
- GP ADMX file name: *Scripts.admx*
@ -506,7 +506,7 @@ This policy setting appears in the Computer Configuration and User Configuration
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Run logon scripts synchronously*
- GP name: *RunLogonScriptSync*
- GP name: *Run_Logon_Script_Sync_1*
- GP path: *System\Scripts*
- GP ADMX file name: *Scripts.admx*
@ -577,7 +577,7 @@ This policy setting appears in the Computer Configuration and User Configuration
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Run logon scripts synchronously*
- GP name: *RunLogonScriptSync*
- GP name: *Run_Logon_Script_Sync_2*
- GP path: *System\Scripts*
- GP ADMX file name: *Scripts.admx*
@ -648,7 +648,7 @@ If you disable or do not configure this policy setting, the instructions are sup
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Display instructions in logon scripts as they run*
- GP name: *HideLogonScripts*
- GP name: *Run_Logon_Script_Visible*
- GP path: *System\Scripts*
- GP ADMX file name: *Scripts.admx*
@ -719,7 +719,7 @@ If you disable or do not configure this policy setting, the instructions are sup
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Display instructions in shutdown scripts as they run*
- GP name: *HideShutdownScripts*
- GP name: *Run_Shutdown_Script_Visible*
- GP path: *System\Scripts*
- GP ADMX file name: *Scripts.admx*
@ -793,7 +793,7 @@ If you disable or do not configure this policy setting, a startup cannot run unt
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Run startup scripts asynchronously*
- GP name: *RunStartupScriptSync*
- GP name: *Run_Startup_Script_Sync*
- GP path: *System\Scripts*
- GP ADMX file name: *Scripts.admx*
@ -867,7 +867,7 @@ If you disable or do not configure this policy setting, the instructions are sup
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Display instructions in startup scripts as they run*
- GP name: *HideStartupScripts*
- GP name: *Run_Startup_Script_Visible*
- GP path: *System\Scripts*
- GP ADMX file name: *Scripts.admx*
@ -962,7 +962,7 @@ This policy setting appears in the Computer Configuration and User Configuration
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Run Windows PowerShell scripts first at user logon, logoff*
- GP name: *RunUserPSScriptsFirst*
- GP name: *Run_User_PS_Scripts_First*
- GP path: *System\Scripts*
- GP ADMX file name: *Scripts.admx*

6
windows/client-management/mdm/policy-csp-admx-sdiageng.md
View File

@ -97,7 +97,7 @@ If you disable this policy setting, users can only access and search troubleshoo
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS)*
- GP name: *EnableQueryRemoteServer*
- GP name: *BetterWhenConnected*
- GP path: *System\Troubleshooting and Diagnostics\Scripted Diagnostics*
- GP ADMX file name: *sdiageng.admx*
@ -168,7 +168,7 @@ Note that this setting also controls a user's ability to launch standalone troub
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Troubleshooting: Allow users to access and run Troubleshooting Wizards*
- GP name: *EnableDiagnostics*
- GP name: *ScriptedDiagnosticsExecutionPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Scripted Diagnostics*
- GP ADMX file name: *sdiageng.admx*
@ -237,7 +237,7 @@ If you disable or do not configure this policy setting, the scripted diagnostics
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Configure Security Policy for Scripted Diagnostics*
- GP name: *ValidateTrust*
- GP name: *ScriptedDiagnosticsSecurityPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Scripted Diagnostics*
- GP ADMX file name: *sdiageng.admx*

2
windows/client-management/mdm/policy-csp-admx-securitycenter.md
View File

@ -103,7 +103,7 @@ In Windows Vista, this policy setting monitors essential security settings to in
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn on Security Center (Domain PCs only)*
- GP name: *SecurityCenterInDomain*
- GP name: *SecurityCenter_SecurityCenterInDomain*
- GP path: *Windows Components\Security Center*
- GP ADMX file name: *Securitycenter.admx*

2
windows/client-management/mdm/policy-csp-admx-servicing.md
View File

@ -93,7 +93,7 @@ If you disable or do not configure this policy setting, or if the required files
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Specify settings for optional component installation and component repair*
- GP name: *RepairContentServerSource*
- GP name: *Servicing*
- GP path: *System*
- GP ADMX file name: *Servicing.admx*

6
windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
View File

@ -174,7 +174,7 @@ To prevent users from using other administrative tools, use the "Run only specif
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Prevent access to registry editing tools*
- GP name: *DisableRegistryTools*
- GP name: *DisableRegedit*
- GP path: *System*
- GP ADMX file name: *Shell-CommandPrompt-RegEditTools.admx*
@ -250,7 +250,7 @@ This policy setting only prevents users from running programs that are started b
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Don't run specified Windows applications*
- GP name: *DisallowRun*
- GP name: *DisallowApps*
- GP path: *System*
- GP ADMX file name: *Shell-CommandPrompt-RegEditTools.admx*
@ -325,7 +325,7 @@ This policy setting only prevents users from running programs that are started b
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Run only specified Windows applications*
- GP name: *RestrictRun*
- GP name: *RestrictApps*
- GP path: *System*
- GP ADMX file name: *Shell-CommandPrompt-RegEditTools.admx*

18
windows/deployment/update/waas-configure-wufb.md
View File

@ -5,7 +5,7 @@ manager: laurawi
description: You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices.
ms.prod: w10
ms.mktglfcycl: deploy
ms.collection: M365initiative-coredeploy
audience: itpro
author: jaimeo
ms.localizationpriority: medium
@ -48,7 +48,7 @@ With Windows Update for Business, you can set a device to be on either Windows I
**Release branch policies**
| Policy | Sets registry key under **HKLM\Software** |
| Policy | Sets registry key under HKLM\Software |
| --- | --- |
| GPO for Windows 10, version 1607 or later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Feature Updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\BranchReadinessLevel |
| GPO for Windows 10, version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\DeferUpgrade |
@ -73,7 +73,7 @@ For example, a device on the Semi-Annual Channel with `DeferFeatureUpdatesPeriod
</br></br>
**Policy settings for deferring feature updates**
| Policy | Sets registry key under **HKLM\Software** |
| Policy | Sets registry key under HKLM\Software |
| --- | --- |
| GPO for Windows 10, version 1607 later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Feature Updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\DeferFeatureUpdates</br>\Policies\Microsoft\Windows\WindowsUpdate\DeferFeatureUpdatesPeriodInDays |
| GPO for Windows 10, version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\DeferUpgradePeriod |
@ -97,7 +97,7 @@ In cases where the pause policy is first applied after the configured start date
**Policy settings for pausing feature updates**
| Policy | Sets registry key under **HKLM\Software** |
| Policy | Sets registry key under HKLM\Software |
| --- | --- |
| GPO for Windows 10, version 1607 and later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Feature Updates are received** | **1607:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdates</br>**1703 and later:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdatesStartTime |
| GPO for Windows 10, version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\Pause |
@ -134,7 +134,7 @@ You can set your system to receive updates for other Microsoft products—known
**Policy settings for deferring quality updates**
| Policy | Sets registry key under **HKLM\Software** |
| Policy | Sets registry key under HKLM\Software |
| --- | --- |
| GPO for Windows 10, version 1607 and later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Quality Updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\DeferQualityUpdates</br>\Policies\Microsoft\Windows\WindowsUpdate\DeferQualityUpdatesPeriodInDays |
| GPO for Windows 10, version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\DeferUpdatePeriod |
@ -157,7 +157,7 @@ In cases where the pause policy is first applied after the configured start date
**Policy settings for pausing quality updates**
| Policy | Sets registry key under **HKLM\Software** |
| Policy | Sets registry key under HKLM\Software |
| --- | --- |
| GPO for Windows 10, version 1607 and later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Quality Updates are received** |**1607:** \Policies\Microsoft\Windows\WindowsUpdate\PauseQualityUpdates</br>**1703:** \Policies\Microsoft\Windows\WindowsUpdate\PauseQualityUpdatesStartTime |
| GPO for Windows 10, version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\Pause |
@ -207,7 +207,7 @@ Starting with Windows 10, version 1607, you can selectively opt out of receiving
**Policy settings to exclude drivers**
| Policy | Sets registry key under **HKLM\Software** |
| Policy | Sets registry key under HKLM\Software |
| --- | --- |
| GPO for Windows 10, version 1607 and later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Do not include drivers with Windows Updates** | \Policies\Microsoft\Windows\WindowsUpdate\ExcludeWUDriversInQualityUpdate |
| MDM for Windows 10, version 1607 and later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**ExcludeWUDriversInQualityUpdate** | \Microsoft\PolicyManager\default\Update\ExcludeWUDriversInQualityUpdate |
@ -220,7 +220,7 @@ The following are quick-reference tables of the supported policy values for Wind
| GPO Key | Key type | Value |
| --- | --- | --- |
| BranchReadinessLevel | REG_DWORD | 2: systems take Feature Updates for the Windows Insider build - Fast (added in Windows 10, version 1709)</br> 4: systems take Feature Updates for the Windows Insider build - Slow (added in Windows 10, version 1709)</br> 8: systems take Feature Updates for the Release Windows Insider build (added in Windows 10, version 1709)</br> 16: for Windows 10, version 1703: systems take Feature Updates for the Current Branch (CB); for Windows 10, version 1709, 1803 and 1809: systems take Feature Updates from Semi-annual Channel (Targeted) (SAC-T); for Windows 10, version 1903 or later: systems take Feature Updates from Semi-annual Channel </br>32: systems take Feature Updates from Semi-annual Channel </br>Note: Other value or absent: receive all applicable updates |
| BranchReadinessLevel | REG_DWORD | 2: systems take Feature Updates for the Windows Insider build - Fast (added in Windows 10, version 1709)</br> 4: systems take Feature Updates for the Windows Insider build - Slow (added in Windows 10, version 1709)</br> 8: systems take Feature Updates for the Release Windows Insider build (added in Windows 10, version 1709)</br> 16: for Windows 10, version 1703: systems take Feature Updates for the Current Branch (CB); for Windows 10, version 1709, 1803 and 1809: systems take Feature Updates from Semi-Annual Channel (Targeted) (SAC-T); for Windows 10, version 1903 or later: systems take Feature Updates from Semi-Annual Channel </br>32: systems take Feature Updates from Semi-Annual Channel </br>Note: Other value or absent: receive all applicable updates |
| DeferQualityUpdates | REG_DWORD | 1: defer quality updates</br>Other value or absent: dont defer quality updates |
| DeferQualityUpdatesPeriodinDays | REG_DWORD | 0-35: defer quality updates by given days |
| PauseQualityUpdatesStartTime | REG_DWORD | 1: pause quality updates</br>Other value or absent: dont pause quality updates |
@ -234,7 +234,7 @@ The following are quick-reference tables of the supported policy values for Wind
| MDM Key | Key type | Value |
| --- | --- | --- |
| BranchReadinessLevel | REG_DWORD |2: systems take Feature Updates for the Windows Insider build - Fast (added in Windows 10, version 1709)</br> 4: systems take Feature Updates for the Windows Insider build - Slow (added in Windows 10, version 1709)</br> 8: systems take Feature Updates for the Release Windows Insider build (added in Windows 10, version 1709)</br> 16: for Windows 10, version 1703: systems take Feature Updates for the Current Branch (CB); for Windows 10, version 1709, 1803 and 1809: systems take Feature Updates from Semi-annual Channel (Targeted) (SAC-T); for Windows 10, version 1903 or later: systems take Feature Updates from Semi-annual Channel </br>32: systems take Feature Updates from Semi-annual Channel </br>Note: Other value or absent: receive all applicable updates |
| BranchReadinessLevel | REG_DWORD |2: systems take Feature Updates for the Windows Insider build - Fast (added in Windows 10, version 1709)</br> 4: systems take Feature Updates for the Windows Insider build - Slow (added in Windows 10, version 1709)</br> 8: systems take Feature Updates for the Release Windows Insider build (added in Windows 10, version 1709)</br> 16: for Windows 10, version 1703: systems take Feature Updates for the Current Branch (CB); for Windows 10, version 1709, 1803 and 1809: systems take Feature Updates from Semi-Annual Channel (Targeted) (SAC-T); for Windows 10, version 1903 or later: systems take Feature Updates from Semi-Annual Channel </br>32: systems take Feature Updates from Semi-Annual Channel </br>Note: Other value or absent: receive all applicable updates |
| DeferQualityUpdatesPeriodinDays | REG_DWORD | 0-35: defer quality updates by given days |
| PauseQualityUpdatesStartTime | REG_DWORD | 1: pause quality updates</br>Other value or absent: dont pause quality updates |
| DeferFeatureUpdatesPeriodinDays | REG_DWORD | 0-365: defer feature updates by given days |

7
windows/deployment/update/waas-delivery-optimization.md
View File

@ -1,6 +1,5 @@
---
title: Delivery Optimization for Windows 10 updates
ms.reviewer:
manager: laurawi
description: Delivery Optimization is a peer-to-peer distribution method in Windows 10
keywords: oms, operations management suite, wdav, updates, downloads, log analytics
@ -10,7 +9,9 @@ audience: itpro
author: jaimeo
ms.localizationpriority: medium
ms.author: jaimeo
ms.collection: M365-modern-desktop
ms.collection:
- M365-modern-desktop
- M365initiative-coredeploy
ms.topic: article
---
@ -111,7 +112,7 @@ In MDM, the same settings are under **.Vendor/MSFT/Policy/Config/DeliveryOptimiz
Starting with Microsoft Intune version 1902, you can set many Delivery Optimization policies as a profile, which you can then apply to groups of devices. For more information, see [Delivery Optimization settings in Microsoft Intune](https://docs.microsoft.com/intune/delivery-optimization-windows))
**Starting with Windows 10, version 1903,** you can use the Azure Active Directory (AAD) Tenant ID as a means to define groups. To do this set the value for DOGroupIdSource to its new maximum value of 5.
**Starting with Windows 10, version 1903,** you can use the Azure Active Directory (Azure AD) Tenant ID as a means to define groups. To do this set the value for DOGroupIdSource to its new maximum value of 5.
## Reference

5
windows/deployment/update/waas-integrate-wufb.md
View File

@ -6,8 +6,7 @@ ms.mktglfcycl: manage
author: jaimeo
ms.localizationpriority: medium
ms.author: jaimeo
ms.date: 07/27/2017
ms.reviewer:
ms.collection: M365initiative-coredeploy
manager: laurawi
ms.topic: article
---
@ -69,7 +68,7 @@ For Windows 10, version 1607, devices can now be configured to receive updates f
- Device is configured to defer Quality Updates using Windows Update for Business and to be managed by WSUS
- Device is configured to “receive updates for other Microsoft products” along with updates to Windows (**Update/AllowMUUpdateService** = enabled)
- Admin has also placed Microsoft Update, third-paprty, and locally-published update content on the WSUS server
- Admin has also placed Microsoft Update, non-Microsoft, and locally published update content on the WSUS server
In this example, the deferral behavior for updates to Office and other non-Windows products is slightly different than if WSUS were not enabled.
- In a non-WSUS case, these updates would be deferred just as any update to Windows would be.

7
windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
View File

@ -9,6 +9,7 @@ ms.author: jaimeo
ms.reviewer:
manager: laurawi
ms.topic: article
ms.collection: M365initiative-coredeploy
---
# Prepare servicing strategy for Windows 10 updates
@ -29,9 +30,9 @@ In the past, traditional Windows deployments tended to be large, lengthy, and ex
Windows 10 spreads the traditional deployment effort of a Windows upgrade, which typically occurred every few years, over smaller, continuous updates. With this change, you must approach the ongoing deployment and servicing of Windows differently. A strong Windows 10 deployment strategy begins with establishing a simple, repeatable process for testing and deploying each feature update. Heres an example of what this process might look like:
- **Configure test devices.** Configure test devices in the Windows Insider Program so that Insiders can test feature updates before theyre available to the Semi-Annual Channel. Typically, this would be a small number of test devices that IT staff members use to evaluate pre-release builds of Windows. Microsoft provides current development builds to Windows Insider members approximately every week so that interested users can see the functionality Microsoft is adding. See the section Windows Insider for details on how to enroll in the Windows Insider Program on a Windows 10 device.
- **Identify excluded devices.** For some organizations, special-purpose devices such as those used to control factory or medical equipment or run ATMs require a stricter, less frequent feature update cycle than the Semi-annual Channel can offer. For those machines, you must install Windows 10 Enterprise LTSB to avoid feature updates for up to 10 years. Identify these devices, and separate them from the phased deployment and servicing cycles to help remove confusion for your administrators and ensure that devices are handled correctly.
- **Identify excluded devices.** For some organizations, special-purpose devices such as those used to control factory or medical equipment or run ATMs require a stricter, less frequent feature update cycle than the Semi-Annual Channel can offer. For those machines, you must install Windows 10 Enterprise LTSB to avoid feature updates for up to 10 years. Identify these devices, and separate them from the phased deployment and servicing cycles to help remove confusion for your administrators and ensure that devices are handled correctly.
- **Recruit volunteers.** The purpose of testing a deployment is to receive feedback. One effective way to recruit pilot users is to request volunteers. When doing so, clearly state that youre looking for feedback rather than people to just “try it out” and that there could be occasional issues involved with accepting feature updates right away. With Windows as a service, the expectation is that there should be few issues, but if an issue does arise, you want testers to let you know as soon as possible. When considering whom to recruit for pilot groups, be sure to include members who provide the broadest set of applications and devices to validate the largest number of apps and devices possible.
- **Update Group Policy.** Each feature update includes new group policies to manage new features. If you use Group Policy to manage devices, the Group Policy Admin for the Active Directory domain will need to download a .admx package and copy it to their [Central Store](https://support.microsoft.com/help/929841/how-to-create-the-central-store-for-group-policy-administrative-templa) (or to the [PolicyDefinitions](https://msdn.microsoft.com/library/bb530196.aspx) directory in the SYSVOL of a domain controller if not using a Central Store). Always manage new group polices from the version of Windows 10 they shipped with by using the Remote Server Administration Tools. The ADMX download package is created at the end of each development cycle and then posted for download. To find the ADMX download package for a given Windows build, search for “ADMX download for Windows build xxxx”. For details about Group Policy management, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra)
- **Update Group Policy.** Each feature update includes new group policies to manage new features. If you use Group Policy to manage devices, the Group Policy Admin for the Active Directory domain will need to download a .admx package and copy it to their [Central Store](https://support.microsoft.com/help/929841/how-to-create-the-central-store-for-group-policy-administrative-templa) (or to the [PolicyDefinitions](https://msdn.microsoft.com/library/bb530196.aspx) directory in the SYSVOL folder of a domain controller if not using a Central Store). Always manage new group polices from the version of Windows 10 they shipped with by using the Remote Server Administration Tools. The ADMX download package is created at the end of each development cycle and then posted for download. To find the ADMX download package for a given Windows build, search for “ADMX download for Windows build xxxx”. For details about Group Policy management, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra)
- **Choose a servicing tool.** Decide which product youll use to manage the Windows updates in your environment. If youre currently using Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager to manage your Windows updates, you can continue using those products to manage Windows 10 updates. Alternatively, you can use Windows Update for Business. In addition to which product youll use, consider how youll deliver the updates. With Windows 10, multiple peer-to-peer options are available to make update distribution faster. For a comparison of tools, see [Servicing tools](waas-overview.md#servicing-tools).
- **Prioritize applications.** First, create an application portfolio. This list should include everything installed in your organization and any webpages your organization hosts. Next, prioritize this list to identify those that are the most business critical. Because the expectation is that application compatibility with Windows 10 will be high, only the most business critical applications should be tested before the pilot phase; everything else can be tested afterwards. For more information about identifying compatibility issues withe applications, see [Manage Windows upgrades with Upgrade Analytics](../upgrade/manage-windows-upgrades-with-upgrade-readiness.md).
@ -43,7 +44,7 @@ Windows 10 spreads the traditional deployment effort of a Windows upgrade, which
Each time Microsoft releases a Windows 10 feature update, the IT department should use the following high-level process to help ensure that the broad deployment is successful:
1. **Validate compatibility of business critical apps.** Test your most important business-critical applications for compatibility with the new Windows 10 feature update running on your Windows Insider machines identified in the earlier “Configure test machines” step of the Predeployment strategy section. The list of applications involved in this validation process should be small because most applications can be tested during the pilot phase. For more information about device and application compatibility in Windows 10, see the section Compatibility.
2. **Target and react to feedback.** With Windows 10, Microsoft expects application and device compatibility to be high, but its still important to have targeted groups within both the IT department and business units to verify application compatibility for the remaining applications in your application portfolio. Because only the most business-critical applications are tested beforehand, this will represent the majority of application compatibility testing in your environment. This should not necessarily be a formal process but rather user validation through the use of a particular application. So, the next step is to deploy the feature update to early-adopting IT users and your targeted groups running in the Semi-annual channel that you identified in the “Recruit volunteers” step of the Predeployment strategy section. Be sure to communicate clearly that youre looking for feedback as soon as possible, and state exactly how users can submit feedback to you. Should an issue arise, have a remediation plan in place to address it.
2. **Target and react to feedback.** With Windows 10, Microsoft expects application and device compatibility to be high, but its still important to have targeted groups within both the IT department and business units to verify application compatibility for the remaining applications in your application portfolio. Because only the most business-critical applications are tested beforehand, this will represent the majority of application compatibility testing in your environment. This should not necessarily be a formal process but rather user validation through the use of a particular application. So, the next step is to deploy the feature update to early-adopting IT users and your targeted groups running in the Semi-Annual channel that you identified in the “Recruit volunteers” step of the Predeployment strategy section. Be sure to communicate clearly that youre looking for feedback as soon as possible, and state exactly how users can submit feedback to you. Should an issue arise, have a remediation plan in place to address it.
3. **Deploy broadly.** Finally, focus on the large-scale deployment using deployment rings, like the ones discussed in Table 1. Build deployment rings that target groups of computers in your selected update-management product. To reduce risk as much as possible, construct your deployment rings in a way that splits individual departments into multiple rings. This way, if you were to encounter an issue, you dont prevent any critical business from continuing. By using this method, each deployment ring reduces risk as more and more people have been updated in any particular department.

6
windows/deployment/update/waas-wufb-group-policy.md
View File

@ -6,7 +6,7 @@ ms.mktglfcycl: manage
author: jaimeo
ms.localizationpriority: medium
ms.author: jaimeo
ms.reviewer:
ms.collection: M365initiative-coredeploy
manager: laurawi
ms.topic: article
---
@ -59,7 +59,7 @@ Both Windows 10 feature and quality updates are automatically offered to devices
To enable Microsoft Updates use the Group Policy Management Console go to **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Automatic Updates** and select **Install updates for other Microsoft products**.
Drivers are automatically enabled because they are beneficial to device systems. We recommend that you allow the driver policy to allow drivers to updated on devices (the default), but you can turn this setting off if you prefer to manage drivers manually. If you want to disable driver updates for some reason, use the Group Policy Management Console to go to **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Do not include drivers with Windows Updates** and enable the policy.
Drivers are automatically enabled because they are beneficial to device systems. We recommend that you allow the driver policy to allow drivers to update on devices (the default), but you can turn this setting off if you prefer to manage drivers manually. If you want to disable driver updates for some reason, use the Group Policy Management Console to go to **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Do not include drivers with Windows Updates** and enable the policy.
We also recommend that you allow Microsoft product updates as discussed previously.
@ -138,7 +138,7 @@ When you set these policies, installation happens automatically at the specified
We recommend that you use **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify deadline for automatic updates and restarts** for feature and quality updates to ensure that devices stay secure on Windows 10, version 1709 and later. This works by enabling you to specify the number of days that can elapse after an update is offered to a device before it must be installed. Also you can set the number of days that can elapse after a pending restart before the user is forced to restart.
This policies also offers an option to opt out of automatic restarts until a deadline is reached by presenting an "engaged restart experience" until the deadline has actually expired. At that point the device will automatically schedule a restart regardles of active hours.
This policies also offers an option to opt out of automatic restarts until a deadline is reached by presenting an "engaged restart experience" until the deadline has actually expired. At that point the device will automatically schedule a restart regardless of active hours.
These notifications are what the user sees depending on the settings you choose:

86
windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
View File

@ -13,7 +13,7 @@ ms.author: deniseb
ms.custom: nextgen
ms.reviewer:
manager: dansimp
ms.date: 09/28/2020
ms.date: 10/06/2020
---
# Manage Microsoft Defender Antivirus updates and apply baselines
@ -33,8 +33,7 @@ There are two types of updates related to keeping Microsoft Defender Antivirus u
> [!IMPORTANT]
> Keeping Microsoft Defender Antivirus up to date is critical to assure your devices have the latest technology and features needed to protect against new malware and attack techniques.
> This also applies to devices where Microsoft Defender Antivirus is running in [passive mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility).
> [!NOTE]
>
> You can use the below URL to find out what are the current versions:
> [https://www.microsoft.com/security/encyclopedia/adlpackages.aspx?action=info](https://www.microsoft.com/security/encyclopedia/adlpackages.aspx?action=info)
@ -47,29 +46,61 @@ Microsoft Defender Antivirus uses [cloud-delivered protection](utilize-microsoft
> Microsoft Defender Antivirus: KB2267602
> System Center Endpoint Protection: KB2461484
The cloud-delivered protection is always on and requires an active connection to the Internet to function, while the security intelligence updates occur on a scheduled cadence (configurable via policy). See the [Utilize Microsoft cloud-provided protection in Microsoft Defender Antivirus](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md) topic for more details about enabling and configuring cloud-provided protection.
Cloud-delivered protection is always on and requires an active connection to the Internet to function. Security intelligence updates occur on a scheduled cadence (configurable via policy). For more information, see [Use Microsoft cloud-provided protection in Microsoft Defender Antivirus](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md).
Engine updates are included with the security intelligence updates and are released on a monthly cadence.
Engine updates are included with security intelligence updates and are released on a monthly cadence.
## Product updates
Microsoft Defender Antivirus requires [monthly updates (KB4052623)](https://support.microsoft.com/help/4052623/update-for-windows-defender-antimalware-platform) (known as "platform updates"), and will receive major feature updates alongside Windows 10 releases.
Microsoft Defender Antivirus requires [monthly updates (KB4052623)](https://support.microsoft.com/help/4052623/update-for-windows-defender-antimalware-platform) (known as *platform updates*), and will receive major feature updates alongside Windows 10 releases.
You can manage the distribution of updates through one of the following methods:
- [Windows Server Update Service (WSUS)](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-definitions-wsus#to-synchronize-endpoint-protection-definition-updates-in-standalone-wsus)
- [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/sum/understand/software-updates-introduction)
- The usual method you use to deploy Microsoft and Windows updates to endpoints in your network.
You can manage the distribution of updates through [Windows Server Update Service (WSUS)](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-definitions-wsus#to-synchronize-endpoint-protection-definition-updates-in-standalone-wsus), with [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/sum/understand/software-updates-introduction), or in the normal manner that you deploy Microsoft and Windows updates to endpoints in your network.
For more information, see [Manage the sources for Microsoft Defender Antivirus protection updates](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-definitions-wsus#to-synchronize-endpoint-protection-definition-updates-in-standalone-wsus).
> [!NOTE]
> We release these monthly updates in phases. This results in multiple packages showing up in your WSUS server.
> We release these monthly updates in phases. This results in multiple packages visible in your WSUS server.
## Monthly platform and engine versions
For information how to update or how to install the platform update, please see [Update for Windows Defender antimalware platform](https://support.microsoft.com/help/4052623/update-for-windows-defender-antimalware-platform).
For information how to update or how to install the platform update, see [Update for Windows Defender antimalware platform](https://support.microsoft.com/help/4052623/update-for-windows-defender-antimalware-platform).
All our updates contain:
* performance improvements
* serviceability improvements
* integration improvements (Cloud, MTP)
- performance improvements
- serviceability improvements
- integration improvements (Cloud, Microsoft 365 Defender)
<br/>
<details>
<summary> September-2020 (Platform: 4.18.2009.x | Engine: 1.1.17500.4)</summary>
&ensp;Security intelligence update version: **1.323.2254.0**
&ensp;Released: **October 6, 2020**
&ensp;Platform: **4.18.2009.x**
&ensp;Engine: **1.1.17500.4**
&ensp;Support phase: **Security and Critical Updates**
### What's new
- Admin permissions are required to restore files in quarantine
- XML formatted events are now supported
- CSP support for ignoring exclusion merge
- New management interfaces for: <br/>
- UDP Inspection
- Network Protection on Server 2019
- IP Address exclusions for Network Protection
- Improved visibility into TPM measurements
- Improved Office VBA module scanning
### Known Issues
No known issues
<br/>
</details>
<details>
<summary> September-2020 (Platform: 4.18.2009.X | Engine: 1.1.17500.4)</summary>
@ -80,15 +111,15 @@ All our updates contain:
&ensp;Support phase: **Security and Critical Updates**
### What's new
*Admin permissions are required to restore files in quarantine
*XML formatted events are now supported
*CSP support for ignoring exclusion merge
*New management interfaces for:
+UDP Inspection
+Network Protection on Server 2019
+IP Address exclusions for Network Protection
*Improved visibility into TPM measurements
*Improved Office VBA module scanning
- Admin permissions are required to restore files in quarantine
- XML formatted events are now supported
- CSP support for ignoring exclusion merge
- New management interfaces for:
- UDP Inspection
- Network Protection on Server 2019
- IP Address exclusions for Network Protection
- Improved visibility into TPM measurements
- Improved Office VBA module scanning
### Known Issues
No known issues
@ -108,7 +139,7 @@ No known issues
* Improved scan event telemetry
* Improved behavior monitoring for memory scans
* Improved macro streams scanning
* Added "AMRunningMode" to Get-MpComputerStatus PowerShell CmdLet
* Added `AMRunningMode` to Get-MpComputerStatus PowerShell CmdLet
### Known Issues
No known issues
@ -188,7 +219,7 @@ No known issues
### What's new
* WDfilter improvements
* Add more actionable event data to ASR detection events
* Add more actionable event data to attack surface reduction detection events
* Fixed version information in diagnostic data and WMI
* Fixed incorrect platform version in UI after platform update
* Dynamic URL intel for Fileless threat protection
@ -213,7 +244,7 @@ No known issues
* CPU Throttling option added to [MpCmdRun](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus)
* Improve diagnostic capability
* reduce Security intelligence timeout (5min)
* reduce Security intelligence timeout (5 min)
* Extend AMSI engine internal log capability
* Improve notification for process blocking
@ -293,8 +324,7 @@ When this update is installed, the device needs the jump package 4.10.2001.10 to
</details>
## Microsoft Defender Antivirus platform support
As stated above, platform and engine updates are provided on a monthly cadence.
Customers must stay current with the latest platform update to be fully supported. Our support structure is now dynamic, evolving into two phases depending on the availability of the latest platform version:
Platform and engine updates are provided on a monthly cadence. To be fully supported, keep current with the latest platform updates. Our support structure is dynamic, evolving into two phases depending on the availability of the latest platform version:
* **Security and Critical Updates servicing phase** - When running the latest platform version, you will be eligible to receive both Security and Critical updates to the anti-malware platform.
@ -322,12 +352,12 @@ The below table provides the Microsoft Defender Antivirus platform and engine ve
Windows 10 release info: [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet).
## In this section
## See also
Article | Description
---|---
[Manage how protection updates are downloaded and applied](manage-protection-updates-microsoft-defender-antivirus.md) | Protection updates can be delivered through a number of sources.
[Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) | You can schedule when protection updates should be downloaded.
[Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) | If an endpoint misses an update or scheduled scan, you can force an update or scan at the next log on.
[Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) | If an endpoint misses an update or scheduled scan, you can force an update or scan at the next logon.
[Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md) | You can set protection updates to be downloaded at startup or after certain cloud-delivered protection events.
[Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md)| You can specify settings, such as whether updates should occur on battery power, that are especially useful for mobile devices and virtual machines.

11
windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
View File

@ -77,8 +77,11 @@ None. Changes to this policy setting become effective without a computer restart
### <a href="" id="bkmk-impleconsiderations"></a>Implementation considerations
Implementation of this policy setting is dependent on your operational environment. You should consider threat vectors, deployed operating systems, and deployed apps, for example:
- The likelihood of an account theft or a DoS attack is based on the security design for your systems and environment. You should set the account lockout threshold in consideration of the known and perceived risk of those threats.
- When negotiating encryption types between clients, servers, and domain controllers, the Kerberos protocol can automatically retry account sign-in attempts that count toward the threshold limits that you set in this policy setting. In environments where different versions of the operating system are deployed, encryption type negotiation increases.
- Not all apps that are used in your environment effectively manage how many times a user can attempt to sign-in. For instance, if a connection drops repeatedly when a user is running the app, all subsequent failed sign-in attempts count toward the account lockout threshold.
For more information about Windows security baseline recommendations for account lockout, see [Configuring Account Lockout](https://blogs.technet.microsoft.com/secguide/2014/08/13/configuring-account-lockout/).
@ -95,17 +98,23 @@ This section describes how an attacker might exploit a feature or its configurat
Brute force password attacks can use automated methods to try millions of password combinations for any user account. The effectiveness of such attacks can be almost eliminated if you limit the number of failed sign-in attempts that can be performed.
However, a DoS attack could be performed on a domain that has an account lockout threshold configured. An attacker could programmatically attempt a series of password attacks against all users in the organization. If the number of attempts is greater than the account lockout threshold, the attacker might be able to lock every account without needing any special privileges or being authenticated in the network.
> **Note:** Offline password attacks are not countered by this policy setting.
> [!NOTE]
> Offline password attacks are not countered by this policy setting.
### <a href="" id="bkmk-countermeasure"></a>Countermeasure
Because vulnerabilities can exist when this value is configured and when it is not configured, two distinct countermeasures are defined. Organizations should weigh the choice between the two, based on their identified threats and the risks that they want to mitigate. The two countermeasure options are:
- Configure the **Account lockout threshold** setting to 0. This configuration ensures that accounts will not be locked, and it will prevent a DoS attack that intentionally attempts to lock accounts. This configuration also helps reduce Help Desk calls because users cannot accidentally lock themselves out of their accounts. Because it does not prevent a brute force attack, this configuration should be chosen only if both of the following criteria are explicitly met:
- The password policy setting requires all users to have complex passwords of 8 or more characters.
- A robust audit mechanism is in place to alert administrators when a series of failed sign-ins occur in the environment.
- Configure the **Account lockout threshold** policy setting to a sufficiently high value to provide users with the ability to accidentally mistype their password several times before the account is locked, but ensure that a brute force password attack still locks the account.
[Windows security baselines](https://docs.microsoft.com/windows/security/threat-protection/windows-security-baselines) recommend configuring a threshold of 10 invalid sign-in attempts, which prevents accidental account lockouts and reduces the number of Help Desk calls, but does not prevent a DoS attack.
Using this type of policy must be accompanied by a process to unlock locked accounts. It must be possible to implement this policy whenever it is needed to help mitigate massive lockouts caused by an attack on your systems.
### Potential impact