From 513fef9bc7898ec8a51880944e5de8710869fba4 Mon Sep 17 00:00:00 2001 From: Nicholas Brower Date: Fri, 14 Jul 2017 21:53:51 +0000 Subject: [PATCH] Merged PR 2254: adding admx tips, and fixing admx SKU adding admx tips, and fixing admx SKU; also fixed some anchor links --- .../policy-configuration-service-provider.md | 592 +- .../mdm/policy-csp-abovelock.md | 1 + .../mdm/policy-csp-accounts.md | 1 + .../mdm/policy-csp-activexcontrols.md | 12 +- .../mdm/policy-csp-applicationdefaults.md | 1 + .../mdm/policy-csp-applicationmanagement.md | 1 + .../mdm/policy-csp-appvirtualization.md | 311 +- .../mdm/policy-csp-attachmentmanager.md | 34 +- .../mdm/policy-csp-authentication.md | 1 + .../mdm/policy-csp-autoplay.md | 64 +- .../mdm/policy-csp-bitlocker.md | 1 + .../mdm/policy-csp-bluetooth.md | 1 + .../mdm/policy-csp-browser.md | 1 + .../mdm/policy-csp-camera.md | 1 + .../mdm/policy-csp-cellular.md | 51 +- .../mdm/policy-csp-connectivity.md | 144 +- .../mdm/policy-csp-credentialproviders.md | 23 +- .../mdm/policy-csp-credentialsui.md | 31 +- .../mdm/policy-csp-cryptography.md | 1 + .../mdm/policy-csp-dataprotection.md | 1 + .../mdm/policy-csp-datausage.md | 19 +- .../mdm/policy-csp-defender.md | 1 + .../mdm/policy-csp-deliveryoptimization.md | 1 + .../mdm/policy-csp-desktop.md | 16 +- .../mdm/policy-csp-deviceguard.md | 3 +- .../mdm/policy-csp-deviceinstallation.md | 31 +- .../mdm/policy-csp-devicelock.md | 14 +- .../mdm/policy-csp-display.md | 1 + .../mdm/policy-csp-enterprisecloudprint.md | 1 + .../mdm/policy-csp-errorreporting.md | 96 +- .../mdm/policy-csp-eventlogservice.md | 77 +- .../mdm/policy-csp-experience.md | 1 + .../client-management/mdm/policy-csp-games.md | 1 + .../mdm/policy-csp-internetexplorer.md | 6935 ++++++++++++++--- .../mdm/policy-csp-kerberos.md | 106 +- .../mdm/policy-csp-licensing.md | 1 + .../mdm/policy-csp-location.md | 1 + .../mdm/policy-csp-lockdown.md | 1 + .../client-management/mdm/policy-csp-maps.md | 1 + .../mdm/policy-csp-messaging.md | 1 + .../mdm/policy-csp-networkisolation.md | 1 + .../mdm/policy-csp-notifications.md | 1 + .../client-management/mdm/policy-csp-power.md | 172 +- .../mdm/policy-csp-printers.md | 60 +- .../mdm/policy-csp-privacy.md | 1 + .../mdm/policy-csp-remoteassistance.md | 85 +- .../mdm/policy-csp-remotedesktopservices.md | 127 +- .../mdm/policy-csp-remotemanagement.md | 521 +- .../mdm/policy-csp-remoteprocedurecall.md | 43 +- .../mdm/policy-csp-remoteshell.md | 225 +- .../mdm/policy-csp-search.md | 1 + .../mdm/policy-csp-security.md | 1 + .../mdm/policy-csp-settings.md | 1 + .../mdm/policy-csp-smartscreen.md | 1 + .../mdm/policy-csp-speech.md | 1 + .../client-management/mdm/policy-csp-start.md | 1 + .../mdm/policy-csp-storage.md | 12 +- .../mdm/policy-csp-system.md | 27 +- .../mdm/policy-csp-textinput.md | 1 + .../mdm/policy-csp-timelanguagesettings.md | 7 +- .../mdm/policy-csp-update.md | 5 +- .../client-management/mdm/policy-csp-wifi.md | 1 + ...olicy-csp-windowsdefendersecuritycenter.md | 47 +- .../mdm/policy-csp-windowsinkworkspace.md | 1 + .../mdm/policy-csp-windowslogon.md | 31 +- .../mdm/policy-csp-wirelessdisplay.md | 3 +- 66 files changed, 8027 insertions(+), 1931 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 9f6c24805f..e77221eaad 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -256,7 +256,7 @@ The following diagram shows the Policy configuration service provider in tree fo AppVirtualization/PublishingAllowServer5
- AppVirtualization/StreamingAllowCertificateFilterForClient_SSL + AppVirtualization/StreamingAllowCertificateFilterForClient_SSL
AppVirtualization/StreamingAllowHighCostLaunch @@ -476,7 +476,7 @@ The following diagram shows the Policy configuration service provider in tree fo
- Cellular/ShowAppCellularAccessUI + Cellular/ShowAppCellularAccessUI
@@ -508,19 +508,19 @@ The following diagram shows the Policy configuration service provider in tree fo Connectivity/AllowVPNRoamingOverCellular
- Connectivity/DiablePrintingOverHTTP + Connectivity/DiablePrintingOverHTTP
- Connectivity/DisableDownloadingOfPrintDriversOverHTTP + Connectivity/DisableDownloadingOfPrintDriversOverHTTP
- Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards + Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards
Connectivity/HardenedUNCPaths
- Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge + Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge
@@ -982,13 +982,13 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/AllowAddOnList
- InternetExplorer/AllowAutoComplete + InternetExplorer/AllowAutoComplete
- InternetExplorer/AllowCertificateAddressMismatchWarning + InternetExplorer/AllowCertificateAddressMismatchWarning
- InternetExplorer/AllowDeletingBrowsingHistoryOnExit + InternetExplorer/AllowDeletingBrowsingHistoryOnExit
InternetExplorer/AllowEnhancedProtectedMode @@ -1000,7 +1000,7 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/AllowEnterpriseModeSiteList
- InternetExplorer/AllowFallbackToSSL3 + InternetExplorer/AllowFallbackToSSL3
InternetExplorer/AllowInternetExplorer7PolicyList @@ -1036,7 +1036,7 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/AllowSiteToZoneAssignmentList
- InternetExplorer/AllowSoftwareWhenSignatureIsInvalid + InternetExplorer/AllowSoftwareWhenSignatureIsInvalid
InternetExplorer/AllowSuggestedSites @@ -1051,19 +1051,19 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/AllowsRestrictedSitesZoneTemplate
- InternetExplorer/CheckServerCertificateRevocation + InternetExplorer/CheckServerCertificateRevocation
- InternetExplorer/CheckSignaturesOnDownloadedPrograms + InternetExplorer/CheckSignaturesOnDownloadedPrograms
- InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses + InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses
InternetExplorer/DisableAdobeFlash
- InternetExplorer/DisableBlockingOfOutdatedActiveXControls + InternetExplorer/DisableBlockingOfOutdatedActiveXControls
InternetExplorer/DisableBypassOfSmartScreenWarnings @@ -1072,16 +1072,16 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles
- InternetExplorer/DisableConfiguringHistory + InternetExplorer/DisableConfiguringHistory
- InternetExplorer/DisableCrashDetection + InternetExplorer/DisableCrashDetection
InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation
- InternetExplorer/DisableDeletingUserVisitedWebsites + InternetExplorer/DisableDeletingUserVisitedWebsites
InternetExplorer/DisableEnclosureDownloading @@ -1099,13 +1099,13 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/DisableHomePageChange
- InternetExplorer/DisableIgnoringCertificateErrors + InternetExplorer/DisableIgnoringCertificateErrors
- InternetExplorer/DisableInPrivateBrowsing + InternetExplorer/DisableInPrivateBrowsing
- InternetExplorer/DisableProcessesInEnhancedProtectedMode + InternetExplorer/DisableProcessesInEnhancedProtectedMode
InternetExplorer/DisableProxyChange @@ -1117,13 +1117,13 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/DisableSecondaryHomePageChange
- InternetExplorer/DisableSecuritySettingsCheck + InternetExplorer/DisableSecuritySettingsCheck
InternetExplorer/DisableUpdateCheck
- InternetExplorer/DoNotAllowActiveXControlsInProtectedMode + InternetExplorer/DoNotAllowActiveXControlsInProtectedMode
InternetExplorer/DoNotAllowUsersToAddSites @@ -1153,10 +1153,10 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads
- InternetExplorer/InternetZoneAllowCopyPasteViaScript + InternetExplorer/InternetZoneAllowCopyPasteViaScript
- InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles + InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles
InternetExplorer/InternetZoneAllowFontDownloads @@ -1165,22 +1165,25 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/InternetZoneAllowLessPrivilegedSites
- InternetExplorer/InternetZoneAllowLoadingOfXAMLFilesWRONG + InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles +
+
+ InternetExplorer/InternetZoneAllowLoadingOfXAMLFilesWRONG
InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents
- InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls + InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls
- InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl + InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl
- InternetExplorer/InternetZoneAllowScriptInitiatedWindows + InternetExplorer/InternetZoneAllowScriptInitiatedWindows
- InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls + InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls
InternetExplorer/InternetZoneAllowScriptlets @@ -1189,76 +1192,82 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/InternetZoneAllowSmartScreenIE
- InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript + InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript
InternetExplorer/InternetZoneAllowUserDataPersistence
- InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG1 + InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls
- InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG2 + InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG1
- InternetExplorer/InternetZoneDownloadSignedActiveXControls + InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG2
- InternetExplorer/InternetZoneDownloadUnsignedActiveXControls + InternetExplorer/InternetZoneDownloadSignedActiveXControls
- InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter + InternetExplorer/InternetZoneDownloadUnsignedActiveXControls
- InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows + InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter
- InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows + InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
- InternetExplorer/InternetZoneEnableMIMESniffing + InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows
- InternetExplorer/InternetZoneEnableProtectedMode + InternetExplorer/InternetZoneEnableMIMESniffing
- InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer + InternetExplorer/InternetZoneEnableProtectedMode +
+
+ InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer
InternetExplorer/InternetZoneInitializeAndScriptActiveXControls
- InternetExplorer/InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe + InternetExplorer/InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe
- InternetExplorer/InternetZoneJavaPermissionsWRONG1 + InternetExplorer/InternetZoneJavaPermissions
- InternetExplorer/InternetZoneJavaPermissionsWRONG2 + InternetExplorer/InternetZoneJavaPermissionsWRONG1
- InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME + InternetExplorer/InternetZoneJavaPermissionsWRONG2
- InternetExplorer/InternetZoneLogonOptions + InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME +
+
+ InternetExplorer/InternetZoneLogonOptions
InternetExplorer/InternetZoneNavigateWindowsAndFrames
- InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsNotSignedWithAuthenticode + InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsNotSignedWithAuthenticode
- InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode + InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
- InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles + InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles
- InternetExplorer/InternetZoneUsePopupBlocker + InternetExplorer/InternetZoneUsePopupBlocker
- InternetExplorer/InternetZoneWebsitesInLessPrivilegedZonesCanNavigateIntoThisZone + InternetExplorer/InternetZoneWebsitesInLessPrivilegedZonesCanNavigateIntoThisZone
InternetExplorer/IntranetZoneAllowAccessToDataSources @@ -1287,9 +1296,18 @@ The following diagram shows the Policy configuration service provider in tree fo
InternetExplorer/IntranetZoneAllowUserDataPersistence
+
+ InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls +
InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls
+
+ InternetExplorer/IntranetZoneInitializeAndScriptActiveXControlsNotMarkedSafe +
+
+ InternetExplorer/IntranetZoneJavaPermissions +
InternetExplorer/IntranetZoneNavigateWindowsAndFrames
@@ -1321,13 +1339,13 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/LocalMachineZoneAllowUserDataPersistence
- InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls + InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls
InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls
- InternetExplorer/LocalMachineZoneJavaPermissions + InternetExplorer/LocalMachineZoneJavaPermissions
InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames @@ -1363,7 +1381,7 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls
- InternetExplorer/LockedDownInternetZoneJavaPermissions + InternetExplorer/LockedDownInternetZoneJavaPermissions
InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames @@ -1432,7 +1450,7 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls
- InternetExplorer/LockedDownLocalMachineZoneJavaPermissions + InternetExplorer/LockedDownLocalMachineZoneJavaPermissions
InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames @@ -1468,7 +1486,7 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls
- InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions + InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions
InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames @@ -1504,43 +1522,43 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls
- InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions + InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions
InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames
- InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses + InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses
- InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses + InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses
- InternetExplorer/NotificationBarInternetExplorerProcesses + InternetExplorer/NotificationBarInternetExplorerProcesses
- InternetExplorer/PreventManagingSmartScreenFilter + InternetExplorer/PreventManagingSmartScreenFilter
- InternetExplorer/PreventPerUserInstallationOfActiveXControls + InternetExplorer/PreventPerUserInstallationOfActiveXControls
- InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses + InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses
- InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls + InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls
- InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses + InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses
- InternetExplorer/RestrictFileDownloadInternetExplorerProcesses + InternetExplorer/RestrictFileDownloadInternetExplorerProcesses
InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources
- InternetExplorer/RestrictedSitesZoneAllowActiveScripting + InternetExplorer/RestrictedSitesZoneAllowActiveScripting
InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls @@ -1549,49 +1567,49 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads
- InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors + InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors
- InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript + InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript
- InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles + InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles
- InternetExplorer/RestrictedSitesZoneAllowFileDownloads + InternetExplorer/RestrictedSitesZoneAllowFileDownloads
InternetExplorer/RestrictedSitesZoneAllowFontDownloads
- InternetExplorer/RestrictedSitesZoneAllowFontDownloadsWRONG1 + InternetExplorer/RestrictedSitesZoneAllowFontDownloadsWRONG1
- InternetExplorer/RestrictedSitesZoneAllowFontDownloadsWRONG2 + InternetExplorer/RestrictedSitesZoneAllowFontDownloadsWRONG2
InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites
- InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles + InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles
- InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH + InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH
InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents
- InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls + InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls
- InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl + InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl
- InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows + InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows
- InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls + InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls
InternetExplorer/RestrictedSitesZoneAllowScriptlets @@ -1600,85 +1618,103 @@ The following diagram shows the Policy configuration service provider in tree fo InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE
- InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript + InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript
InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence
- InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls + InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls
- InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls + InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls
- InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls + InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls
- InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows + InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter
- InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows + InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
- InternetExplorer/RestrictedSitesZoneEnableMIMESniffing + InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows
- InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer + InternetExplorer/RestrictedSitesZoneEnableMIMESniffing +
+
+ InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer
InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls
- InternetExplorer/RestrictedSitesZoneJavaPermissions + InternetExplorer/RestrictedSitesZoneJavaPermissions
- InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME + InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME
- InternetExplorer/RestrictedSitesZoneLogonOptions + InternetExplorer/RestrictedSitesZoneLogonOptions
InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames
- InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFramesAcrossDomains + InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFramesAcrossDomains
- InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins + InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins
- InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode + InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
- InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting + InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting
- InternetExplorer/RestrictedSitesZoneWRONG + InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets
- InternetExplorer/RestrictedSitesZoneWRONG2 + InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles
- InternetExplorer/RestrictedSitesZoneWRONG3 + InternetExplorer/RestrictedSitesZoneTurnOnCrossSiteScriptingFilter
- InternetExplorer/RestrictedSitesZoneWRONG4 + InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode
- InternetExplorer/RestrictedSitesZoneWRONG5 + InternetExplorer/RestrictedSitesZoneUsePopupBlocker
- InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses + InternetExplorer/RestrictedSitesZoneWRONG +
+
+ InternetExplorer/RestrictedSitesZoneWRONG2 +
+
+ InternetExplorer/RestrictedSitesZoneWRONG3 +
+
+ InternetExplorer/RestrictedSitesZoneWRONG4 +
+
+ InternetExplorer/RestrictedSitesZoneWRONG5 +
+
+ InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses
InternetExplorer/SearchProviderList
- InternetExplorer/SecurityZonesUseOnlyMachineSettings + InternetExplorer/SecurityZonesUseOnlyMachineSettings
- InternetExplorer/SpecifyUseOfActiveXInstallerService + InternetExplorer/SpecifyUseOfActiveXInstallerService
InternetExplorer/TrustedSitesZoneAllowAccessToDataSources @@ -1707,20 +1743,32 @@ The following diagram shows the Policy configuration service provider in tree fo
InternetExplorer/TrustedSitesZoneAllowUserDataPersistence
+
+ InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls +
+
+ InternetExplorer/TrustedSitesZoneDontRunAntimalwareProgramsAgainstActiveXControls +
InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls
- InternetExplorer/TrustedSitesZoneJavaPermissions + InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControlsNotMarkedAsSafe +
+
+ InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControlsNotMarkedSafe +
+
+ InternetExplorer/TrustedSitesZoneJavaPermissions
InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames
- InternetExplorer/TrustedSitesZoneWRONG1 + InternetExplorer/TrustedSitesZoneWRONG1
- InternetExplorer/TrustedSitesZoneWRONG2 + InternetExplorer/TrustedSitesZoneWRONG2
@@ -1872,7 +1920,7 @@ The following diagram shows the Policy configuration service provider in tree fo Printers/PointAndPrintRestrictions
- Printers/PointAndPrintRestrictions_User + Printers/PointAndPrintRestrictions_User
Printers/PublishPrinters @@ -2153,49 +2201,49 @@ The following diagram shows the Policy configuration service provider in tree fo
- RemoteManagement/AllowBasicAuthentication_Client + RemoteManagement/AllowBasicAuthentication_Client
- RemoteManagement/AllowBasicAuthentication_Service + RemoteManagement/AllowBasicAuthentication_Service
- RemoteManagement/AllowCredSSPAuthenticationClient + RemoteManagement/AllowCredSSPAuthenticationClient
- RemoteManagement/AllowCredSSPAuthenticationService + RemoteManagement/AllowCredSSPAuthenticationService
- RemoteManagement/AllowRemoteServerManagement + RemoteManagement/AllowRemoteServerManagement
- RemoteManagement/AllowUnencryptedTraffic_Client + RemoteManagement/AllowUnencryptedTraffic_Client
- RemoteManagement/AllowUnencryptedTraffic_Service + RemoteManagement/AllowUnencryptedTraffic_Service
- RemoteManagement/DisallowDigestAuthentication + RemoteManagement/DisallowDigestAuthentication
- RemoteManagement/DisallowNegotiateAuthenticationClient + RemoteManagement/DisallowNegotiateAuthenticationClient
- RemoteManagement/DisallowNegotiateAuthenticationService + RemoteManagement/DisallowNegotiateAuthenticationService
- RemoteManagement/DisallowStoringOfRunAsCredentials + RemoteManagement/DisallowStoringOfRunAsCredentials
- RemoteManagement/SpecifyChannelBindingTokenHardeningLevel + RemoteManagement/SpecifyChannelBindingTokenHardeningLevel
- RemoteManagement/TrustedHosts + RemoteManagement/TrustedHosts
- RemoteManagement/TurnOnCompatibilityHTTPListener + RemoteManagement/TurnOnCompatibilityHTTPListener
- RemoteManagement/TurnOnCompatibilityHTTPSListener + RemoteManagement/TurnOnCompatibilityHTTPSListener
@@ -2214,25 +2262,25 @@ The following diagram shows the Policy configuration service provider in tree fo
- RemoteShell/AllowRemoteShellAccess + RemoteShell/AllowRemoteShellAccess
- RemoteShell/MaxConcurrentUsers + RemoteShell/MaxConcurrentUsers
- RemoteShell/SpecifyIdleTimeout + RemoteShell/SpecifyIdleTimeout
- RemoteShell/SpecifyMaxMemory + RemoteShell/SpecifyMaxMemory
- RemoteShell/SpecifyMaxProcesses + RemoteShell/SpecifyMaxProcesses
- RemoteShell/SpecifyMaxRemoteShells + RemoteShell/SpecifyMaxRemoteShells
- RemoteShell/SpecifyShellTimeout + RemoteShell/SpecifyShellTimeout
@@ -2635,13 +2683,13 @@ The following diagram shows the Policy configuration service provider in tree fo Update/PauseFeatureUpdates
- Update/PauseFeatureUpdatesStartTime + Update/PauseFeatureUpdatesStartTime
Update/PauseQualityUpdates
- Update/PauseQualityUpdatesStartTime + Update/PauseQualityUpdatesStartTime
Update/RequireDeferUpgrade @@ -2752,18 +2800,17 @@ The following diagram shows the Policy configuration service provider in tree fo
WindowsDefenderSecurityCenter/EnableCustomizedToasts
-
+
WindowsDefenderSecurityCenter/EnableInAppCustomization
WindowsDefenderSecurityCenter/Phone
-
+
WindowsDefenderSecurityCenter/URL
- ### WindowsInkWorkspace policies
@@ -2802,7 +2849,7 @@ The following diagram shows the Policy configuration service provider in tree fo WirelessDisplay/AllowProjectionToPC
- WirelessDisplay/AllowProjectionToPCOverInfrastructure + WirelessDisplay/AllowProjectionToPCOverInfrastructure
WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver @@ -2813,7 +2860,7 @@ The following diagram shows the Policy configuration service provider in tree fo
-## ADMX backed policies +## ADMX-backed policies - [ActiveXControls/ApprovedInstallationSites](./policy-csp-activexcontrols.md#activexcontrols-approvedinstallationsites) - [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient) @@ -2833,7 +2880,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [AppVirtualization/PublishingAllowServer3](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver3) - [AppVirtualization/PublishingAllowServer4](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver4) - [AppVirtualization/PublishingAllowServer5](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver5) -- [AppVirtualization/StreamingAllowCertificateFilterForClient_SSL](./policy-csp-appvirtualization.md#appvirtualization-streamingallowcertificatefilterforclient_ssl) +- [AppVirtualization/StreamingAllowCertificateFilterForClient_SSL](./policy-csp-appvirtualization.md#appvirtualization-streamingallowcertificatefilterforclient-ssl) - [AppVirtualization/StreamingAllowHighCostLaunch](./policy-csp-appvirtualization.md#appvirtualization-streamingallowhighcostlaunch) - [AppVirtualization/StreamingAllowLocationProvider](./policy-csp-appvirtualization.md#appvirtualization-streamingallowlocationprovider) - [AppVirtualization/StreamingAllowPackageInstallationRoot](./policy-csp-appvirtualization.md#appvirtualization-streamingallowpackageinstallationroot) @@ -2850,12 +2897,12 @@ The following diagram shows the Policy configuration service provider in tree fo - [Autoplay/DisallowAutoplayForNonVolumeDevices](./policy-csp-autoplay.md#autoplay-disallowautoplayfornonvolumedevices) - [Autoplay/SetDefaultAutoRunBehavior](./policy-csp-autoplay.md#autoplay-setdefaultautorunbehavior) - [Autoplay/TurnOffAutoPlay](./policy-csp-autoplay.md#autoplay-turnoffautoplay) -- [Cellular/ShowAppCellularAccessUI](./policy-csp-cellular.md#None) -- [Connectivity/DiablePrintingOverHTTP](./policy-csp-connectivity.md#None) -- [Connectivity/DisableDownloadingOfPrintDriversOverHTTP](./policy-csp-connectivity.md#None) -- [Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards](./policy-csp-connectivity.md#None) +- [Cellular/ShowAppCellularAccessUI](./policy-csp-cellular.md#cellular-showappcellularaccessui) +- [Connectivity/DiablePrintingOverHTTP](./policy-csp-connectivity.md#connectivity-diableprintingoverhttp) +- [Connectivity/DisableDownloadingOfPrintDriversOverHTTP](./policy-csp-connectivity.md#connectivity-disabledownloadingofprintdriversoverhttp) +- [Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards](./policy-csp-connectivity.md#connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards) - [Connectivity/HardenedUNCPaths](./policy-csp-connectivity.md#connectivity-hardeneduncpaths) -- [Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge](./policy-csp-connectivity.md#None) +- [Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge](./policy-csp-connectivity.md#connectivity-prohibitinstallationandconfigurationofnetworkbridge) - [CredentialProviders/AllowPINLogon](./policy-csp-credentialproviders.md#credentialproviders-allowpinlogon) - [CredentialProviders/BlockPicturePassword](./policy-csp-credentialproviders.md#credentialproviders-blockpicturepassword) - [CredentialsUI/DisablePasswordReveal](./policy-csp-credentialsui.md#credentialsui-disablepasswordreveal) @@ -2878,13 +2925,13 @@ The following diagram shows the Policy configuration service provider in tree fo - [InternetExplorer/AddSearchProvider](./policy-csp-internetexplorer.md#internetexplorer-addsearchprovider) - [InternetExplorer/AllowActiveXFiltering](./policy-csp-internetexplorer.md#internetexplorer-allowactivexfiltering) - [InternetExplorer/AllowAddOnList](./policy-csp-internetexplorer.md#internetexplorer-allowaddonlist) -- [InternetExplorer/AllowAutoComplete](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/AllowCertificateAddressMismatchWarning](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/AllowDeletingBrowsingHistoryOnExit](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/AllowAutoComplete](./policy-csp-internetexplorer.md#internetexplorer-allowautocomplete) +- [InternetExplorer/AllowCertificateAddressMismatchWarning](./policy-csp-internetexplorer.md#internetexplorer-allowcertificateaddressmismatchwarning) +- [InternetExplorer/AllowDeletingBrowsingHistoryOnExit](./policy-csp-internetexplorer.md#internetexplorer-allowdeletingbrowsinghistoryonexit) - [InternetExplorer/AllowEnhancedProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-allowenhancedprotectedmode) - [InternetExplorer/AllowEnterpriseModeFromToolsMenu](./policy-csp-internetexplorer.md#internetexplorer-allowenterprisemodefromtoolsmenu) - [InternetExplorer/AllowEnterpriseModeSiteList](./policy-csp-internetexplorer.md#internetexplorer-allowenterprisemodesitelist) -- [InternetExplorer/AllowFallbackToSSL3](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/AllowFallbackToSSL3](./policy-csp-internetexplorer.md#internetexplorer-allowfallbacktossl3) - [InternetExplorer/AllowInternetExplorer7PolicyList](./policy-csp-internetexplorer.md#internetexplorer-allowinternetexplorer7policylist) - [InternetExplorer/AllowInternetExplorerStandardsMode](./policy-csp-internetexplorer.md#internetexplorer-allowinternetexplorerstandardsmode) - [InternetExplorer/AllowInternetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowinternetzonetemplate) @@ -2896,36 +2943,36 @@ The following diagram shows the Policy configuration service provider in tree fo - [InternetExplorer/AllowLockedDownRestrictedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownrestrictedsiteszonetemplate) - [InternetExplorer/AllowOneWordEntry](./policy-csp-internetexplorer.md#internetexplorer-allowonewordentry) - [InternetExplorer/AllowSiteToZoneAssignmentList](./policy-csp-internetexplorer.md#internetexplorer-allowsitetozoneassignmentlist) -- [InternetExplorer/AllowSoftwareWhenSignatureIsInvalid](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/AllowSoftwareWhenSignatureIsInvalid](./policy-csp-internetexplorer.md#internetexplorer-allowsoftwarewhensignatureisinvalid) - [InternetExplorer/AllowSuggestedSites](./policy-csp-internetexplorer.md#internetexplorer-allowsuggestedsites) - [InternetExplorer/AllowTrustedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowtrustedsiteszonetemplate) - [InternetExplorer/AllowsLockedDownTrustedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowslockeddowntrustedsiteszonetemplate) - [InternetExplorer/AllowsRestrictedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowsrestrictedsiteszonetemplate) -- [InternetExplorer/CheckServerCertificateRevocation](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/CheckSignaturesOnDownloadedPrograms](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/CheckServerCertificateRevocation](./policy-csp-internetexplorer.md#internetexplorer-checkservercertificaterevocation) +- [InternetExplorer/CheckSignaturesOnDownloadedPrograms](./policy-csp-internetexplorer.md#internetexplorer-checksignaturesondownloadedprograms) +- [InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-consistentmimehandlinginternetexplorerprocesses) - [InternetExplorer/DisableAdobeFlash](./policy-csp-internetexplorer.md#internetexplorer-disableadobeflash) -- [InternetExplorer/DisableBlockingOfOutdatedActiveXControls](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/DisableBlockingOfOutdatedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-disableblockingofoutdatedactivexcontrols) - [InternetExplorer/DisableBypassOfSmartScreenWarnings](./policy-csp-internetexplorer.md#internetexplorer-disablebypassofsmartscreenwarnings) - [InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles](./policy-csp-internetexplorer.md#internetexplorer-disablebypassofsmartscreenwarningsaboutuncommonfiles) -- [InternetExplorer/DisableConfiguringHistory](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/DisableCrashDetection](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/DisableConfiguringHistory](./policy-csp-internetexplorer.md#internetexplorer-disableconfiguringhistory) +- [InternetExplorer/DisableCrashDetection](./policy-csp-internetexplorer.md#internetexplorer-disablecrashdetection) - [InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation](./policy-csp-internetexplorer.md#internetexplorer-disablecustomerexperienceimprovementprogramparticipation) -- [InternetExplorer/DisableDeletingUserVisitedWebsites](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/DisableDeletingUserVisitedWebsites](./policy-csp-internetexplorer.md#internetexplorer-disabledeletinguservisitedwebsites) - [InternetExplorer/DisableEnclosureDownloading](./policy-csp-internetexplorer.md#internetexplorer-disableenclosuredownloading) - [InternetExplorer/DisableEncryptionSupport](./policy-csp-internetexplorer.md#internetexplorer-disableencryptionsupport) - [InternetExplorer/DisableFirstRunWizard](./policy-csp-internetexplorer.md#internetexplorer-disablefirstrunwizard) - [InternetExplorer/DisableFlipAheadFeature](./policy-csp-internetexplorer.md#internetexplorer-disableflipaheadfeature) - [InternetExplorer/DisableHomePageChange](./policy-csp-internetexplorer.md#internetexplorer-disablehomepagechange) -- [InternetExplorer/DisableIgnoringCertificateErrors](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/DisableInPrivateBrowsing](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/DisableProcessesInEnhancedProtectedMode](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/DisableIgnoringCertificateErrors](./policy-csp-internetexplorer.md#internetexplorer-disableignoringcertificateerrors) +- [InternetExplorer/DisableInPrivateBrowsing](./policy-csp-internetexplorer.md#internetexplorer-disableinprivatebrowsing) +- [InternetExplorer/DisableProcessesInEnhancedProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-disableprocessesinenhancedprotectedmode) - [InternetExplorer/DisableProxyChange](./policy-csp-internetexplorer.md#internetexplorer-disableproxychange) - [InternetExplorer/DisableSearchProviderChange](./policy-csp-internetexplorer.md#internetexplorer-disablesearchproviderchange) - [InternetExplorer/DisableSecondaryHomePageChange](./policy-csp-internetexplorer.md#internetexplorer-disablesecondaryhomepagechange) -- [InternetExplorer/DisableSecuritySettingsCheck](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/DisableSecuritySettingsCheck](./policy-csp-internetexplorer.md#internetexplorer-disablesecuritysettingscheck) - [InternetExplorer/DisableUpdateCheck](./policy-csp-internetexplorer.md#internetexplorer-disableupdatecheck) -- [InternetExplorer/DoNotAllowActiveXControlsInProtectedMode](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/DoNotAllowActiveXControlsInProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-donotallowactivexcontrolsinprotectedmode) - [InternetExplorer/DoNotAllowUsersToAddSites](./policy-csp-internetexplorer.md#internetexplorer-donotallowuserstoaddsites) - [InternetExplorer/DoNotAllowUsersToChangePolicies](./policy-csp-internetexplorer.md#internetexplorer-donotallowuserstochangepolicies) - [InternetExplorer/DoNotBlockOutdatedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-donotblockoutdatedactivexcontrols) @@ -2935,42 +2982,39 @@ The following diagram shows the Policy configuration service provider in tree fo - [InternetExplorer/InternetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowaccesstodatasources) - [InternetExplorer/InternetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowautomaticpromptingforactivexcontrols) - [InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowautomaticpromptingforfiledownloads) -- [InternetExplorer/InternetZoneAllowCopyPasteViaScript](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/InternetZoneAllowCopyPasteViaScript](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowcopypasteviascript) +- [InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowdraganddropcopyandpastefiles) - [InternetExplorer/InternetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowfontdownloads) - [InternetExplorer/InternetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowlessprivilegedsites) -- [InternetExplorer/InternetZoneAllowLoadingOfXAMLFilesWRONG](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowloadingofxamlfiles) - [InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallownetframeworkreliantcomponents) -- [InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneAllowScriptInitiatedWindows](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowonlyapproveddomainstouseactivexcontrols) +- [InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowonlyapproveddomainstousetdcactivexcontrol) +- [InternetExplorer/InternetZoneAllowScriptInitiatedWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptinitiatedwindows) +- [InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptingofinternetexplorerwebbrowsercontrols) - [InternetExplorer/InternetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptlets) - [InternetExplorer/InternetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowsmartscreenie) -- [InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowupdatestostatusbarviascript) - [InternetExplorer/InternetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowuserdatapersistence) -- [InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG1](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG2](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneEnableMIMESniffing](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneEnableProtectedMode](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedonotrunantimalwareagainstactivexcontrols) +- [InternetExplorer/InternetZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedownloadsignedactivexcontrols) +- [InternetExplorer/InternetZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzonedownloadunsignedactivexcontrols) +- [InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenablecrosssitescriptingfilter) +- [InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenabledraggingofcontentfromdifferentdomainsacrosswindows) +- [InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenabledraggingofcontentfromdifferentdomainswithinwindows) +- [InternetExplorer/InternetZoneEnableMIMESniffing](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenablemimesniffing) +- [InternetExplorer/InternetZoneEnableProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-internetzoneenableprotectedmode) +- [InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer](./policy-csp-internetexplorer.md#internetexplorer-internetzoneincludelocalpathwhenuploadingfilestoserver) - [InternetExplorer/InternetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneinitializeandscriptactivexcontrols) -- [InternetExplorer/InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneJavaPermissionsWRONG1](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneJavaPermissionsWRONG2](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneLogonOptions](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/InternetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-internetzonejavapermissions) +- [InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME](./policy-csp-internetexplorer.md#internetexplorer-internetzonelaunchingapplicationsandfilesiniframe) +- [InternetExplorer/InternetZoneLogonOptions](./policy-csp-internetexplorer.md#internetexplorer-internetzonelogonoptions) - [InternetExplorer/InternetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-internetzonenavigatewindowsandframes) -- [InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsNotSignedWithAuthenticode](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneUsePopupBlocker](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/InternetZoneWebsitesInLessPrivilegedZonesCanNavigateIntoThisZone](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsNotSignedWithAuthenticode](./policy-csp-internetexplorer.md#internetexplorer-internetzonerunnetframeworkreliantcomponentsnotsignedwithauthenticode) +- [InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](./policy-csp-internetexplorer.md#internetexplorer-internetzonerunnetframeworkreliantcomponentssignedwithauthenticode) +- [InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles](./policy-csp-internetexplorer.md#internetexplorer-internetzoneshowsecuritywarningforpotentiallyunsafefiles) +- [InternetExplorer/InternetZoneUsePopupBlocker](./policy-csp-internetexplorer.md#internetexplorer-internetzoneusepopupblocker) +- [InternetExplorer/InternetZoneWebsitesInLessPrivilegedZonesCanNavigateIntoThisZone](./policy-csp-internetexplorer.md#internetexplorer-internetzonewebsitesinlessprivilegedzonescannavigateintothiszone) - [InternetExplorer/IntranetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowaccesstodatasources) - [InternetExplorer/IntranetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowautomaticpromptingforactivexcontrols) - [InternetExplorer/IntranetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowautomaticpromptingforfiledownloads) @@ -2980,7 +3024,10 @@ The following diagram shows the Policy configuration service provider in tree fo - [InternetExplorer/IntranetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowscriptlets) - [InternetExplorer/IntranetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowsmartscreenie) - [InternetExplorer/IntranetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowuserdatapersistence) +- [InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzonedonotrunantimalwareagainstactivexcontrols) - [InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneinitializeandscriptactivexcontrols) +- [InternetExplorer/IntranetZoneInitializeAndScriptActiveXControlsNotMarkedSafe](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneinitializeandscriptactivexcontrolsnotmarkedsafe) +- [InternetExplorer/IntranetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-intranetzonejavapermissions) - [InternetExplorer/IntranetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-intranetzonenavigatewindowsandframes) - [InternetExplorer/LocalMachineZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowaccesstodatasources) - [InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowautomaticpromptingforactivexcontrols) @@ -2991,9 +3038,9 @@ The following diagram shows the Policy configuration service provider in tree fo - [InternetExplorer/LocalMachineZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowscriptlets) - [InternetExplorer/LocalMachineZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowsmartscreenie) - [InternetExplorer/LocalMachineZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowuserdatapersistence) -- [InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonedonotrunantimalwareagainstactivexcontrols) - [InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneinitializeandscriptactivexcontrols) -- [InternetExplorer/LocalMachineZoneJavaPermissions](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/LocalMachineZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonejavapermissions) - [InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonenavigatewindowsandframes) - [InternetExplorer/LockedDownInternetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowaccesstodatasources) - [InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowautomaticpromptingforactivexcontrols) @@ -3005,7 +3052,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowsmartscreenie) - [InternetExplorer/LockedDownInternetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowuserdatapersistence) - [InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneinitializeandscriptactivexcontrols) -- [InternetExplorer/LockedDownInternetZoneJavaPermissions](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/LockedDownInternetZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzonejavapermissions) - [InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzonenavigatewindowsandframes) - [InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowaccesstodatasources) - [InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowautomaticpromptingforactivexcontrols) @@ -3028,7 +3075,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [InternetExplorer/LockedDownLocalMachineZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowsmartscreenie) - [InternetExplorer/LockedDownLocalMachineZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowuserdatapersistence) - [InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneinitializeandscriptactivexcontrols) -- [InternetExplorer/LockedDownLocalMachineZoneJavaPermissions](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/LockedDownLocalMachineZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezonejavapermissions) - [InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezonenavigatewindowsandframes) - [InternetExplorer/LockedDownRestrictedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowaccesstodatasources) - [InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowautomaticpromptingforactivexcontrols) @@ -3040,7 +3087,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowsmartscreenie) - [InternetExplorer/LockedDownRestrictedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowuserdatapersistence) - [InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneinitializeandscriptactivexcontrols) -- [InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszonejavapermissions) - [InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszonenavigatewindowsandframes) - [InternetExplorer/LockedDownTrustedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowaccesstodatasources) - [InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowautomaticpromptingforactivexcontrols) @@ -3052,64 +3099,64 @@ The following diagram shows the Policy configuration service provider in tree fo - [InternetExplorer/LockedDownTrustedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowsmartscreenie) - [InternetExplorer/LockedDownTrustedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowuserdatapersistence) - [InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneinitializeandscriptactivexcontrols) -- [InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszonejavapermissions) - [InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszonenavigatewindowsandframes) -- [InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/NotificationBarInternetExplorerProcesses](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/PreventManagingSmartScreenFilter](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/PreventPerUserInstallationOfActiveXControls](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictFileDownloadInternetExplorerProcesses](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-mkprotocolsecurityrestrictioninternetexplorerprocesses) +- [InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-mimesniffingsafetyfeatureinternetexplorerprocesses) +- [InternetExplorer/NotificationBarInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-notificationbarinternetexplorerprocesses) +- [InternetExplorer/PreventManagingSmartScreenFilter](./policy-csp-internetexplorer.md#internetexplorer-preventmanagingsmartscreenfilter) +- [InternetExplorer/PreventPerUserInstallationOfActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-preventperuserinstallationofactivexcontrols) +- [InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-protectionfromzoneelevationinternetexplorerprocesses) +- [InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-removerunthistimebuttonforoutdatedactivexcontrols) +- [InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-restrictactivexinstallinternetexplorerprocesses) +- [InternetExplorer/RestrictFileDownloadInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-restrictfiledownloadinternetexplorerprocesses) - [InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowaccesstodatasources) -- [InternetExplorer/RestrictedSitesZoneAllowActiveScripting](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/RestrictedSitesZoneAllowActiveScripting](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowactivescripting) - [InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowautomaticpromptingforactivexcontrols) - [InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowautomaticpromptingforfiledownloads) -- [InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneAllowFileDownloads](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneAllowFontDownloadsWRONG1](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneAllowFontDownloadsWRONG2](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowbinaryandscriptbehaviors) +- [InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowcopypasteviascript) +- [InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowdraganddropcopyandpastefiles) +- [InternetExplorer/RestrictedSitesZoneAllowFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowfiledownloads) +- [InternetExplorer/RestrictedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowfontdownloads) - [InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowlessprivilegedsites) -- [InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowloadingofxamlfiles) +- [InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowmetarefresh) - [InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallownetframeworkreliantcomponents) -- [InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowonlyapproveddomainstouseactivexcontrols) +- [InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowonlyapproveddomainstousetdcactivexcontrol) +- [InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptinitiatedwindows) +- [InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptingofinternetexplorerwebbrowsercontrols) - [InternetExplorer/RestrictedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptlets) - [InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowsmartscreenie) -- [InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowupdatestostatusbarviascript) - [InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowuserdatapersistence) -- [InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneEnableMIMESniffing](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedonotrunantimalwareagainstactivexcontrols) +- [InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedownloadsignedactivexcontrols) +- [InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonedownloadunsignedactivexcontrols) +- [InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenablecrosssitescriptingfilter) +- [InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenabledraggingofcontentfromdifferentdomainsacrosswindows) +- [InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenabledraggingofcontentfromdifferentdomainswithinwindows) +- [InternetExplorer/RestrictedSitesZoneEnableMIMESniffing](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneenablemimesniffing) +- [InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneincludelocalpathwhenuploadingfilestoserver) - [InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneinitializeandscriptactivexcontrols) -- [InternetExplorer/RestrictedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneLogonOptions](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/RestrictedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonejavapermissions) +- [InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonelaunchingapplicationsandfilesiniframe) +- [InternetExplorer/RestrictedSitesZoneLogonOptions](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonelogonoptions) - [InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonenavigatewindowsandframes) -- [InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFramesAcrossDomains](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneWRONG](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneWRONG2](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneWRONG3](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneWRONG4](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/RestrictedSitesZoneWRONG5](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFramesAcrossDomains](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonenavigatewindowsandframesacrossdomains) +- [InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonerunactivexcontrolsandplugins) +- [InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonerunnetframeworkreliantcomponentssignedwithauthenticode) +- [InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonescriptactivexcontrolsmarkedsafeforscripting) +- [InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonescriptingofjavaapplets) +- [InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneshowsecuritywarningforpotentiallyunsafefiles) +- [InternetExplorer/RestrictedSitesZoneTurnOnCrossSiteScriptingFilter](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneturnoncrosssitescriptingfilter) +- [InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneturnonprotectedmode) +- [InternetExplorer/RestrictedSitesZoneUsePopupBlocker](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneusepopupblocker) +- [InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses](./policy-csp-internetexplorer.md#internetexplorer-scriptedwindowsecurityrestrictionsinternetexplorerprocesses) - [InternetExplorer/SearchProviderList](./policy-csp-internetexplorer.md#internetexplorer-searchproviderlist) -- [InternetExplorer/SecurityZonesUseOnlyMachineSettings](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/SpecifyUseOfActiveXInstallerService](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/SecurityZonesUseOnlyMachineSettings](./policy-csp-internetexplorer.md#internetexplorer-securityzonesuseonlymachinesettings) +- [InternetExplorer/SpecifyUseOfActiveXInstallerService](./policy-csp-internetexplorer.md#internetexplorer-specifyuseofactivexinstallerservice) - [InternetExplorer/TrustedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowaccesstodatasources) - [InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowautomaticpromptingforactivexcontrols) - [InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowautomaticpromptingforfiledownloads) @@ -3119,11 +3166,13 @@ The following diagram shows the Policy configuration service provider in tree fo - [InternetExplorer/TrustedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowscriptlets) - [InternetExplorer/TrustedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowsmartscreenie) - [InternetExplorer/TrustedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowuserdatapersistence) +- [InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonedonotrunantimalwareagainstactivexcontrols) +- [InternetExplorer/TrustedSitesZoneDontRunAntimalwareProgramsAgainstActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonedontrunantimalwareprogramsagainstactivexcontrols) - [InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneinitializeandscriptactivexcontrols) -- [InternetExplorer/TrustedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#None) +- [InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControlsNotMarkedAsSafe](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneinitializeandscriptactivexcontrolsnotmarkedassafe) +- [InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControlsNotMarkedSafe](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneinitializeandscriptactivexcontrolsnotmarkedsafe) +- [InternetExplorer/TrustedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonejavapermissions) - [InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonenavigatewindowsandframes) -- [InternetExplorer/TrustedSitesZoneWRONG1](./policy-csp-internetexplorer.md#None) -- [InternetExplorer/TrustedSitesZoneWRONG2](./policy-csp-internetexplorer.md#None) - [Kerberos/AllowForestSearchOrder](./policy-csp-kerberos.md#kerberos-allowforestsearchorder) - [Kerberos/KerberosClientSupportsClaimsCompoundArmor](./policy-csp-kerberos.md#kerberos-kerberosclientsupportsclaimscompoundarmor) - [Kerberos/RequireKerberosArmoring](./policy-csp-kerberos.md#kerberos-requirekerberosarmoring) @@ -3139,7 +3188,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Power/StandbyTimeoutOnBattery](./policy-csp-power.md#power-standbytimeoutonbattery) - [Power/StandbyTimeoutPluggedIn](./policy-csp-power.md#power-standbytimeoutpluggedin) - [Printers/PointAndPrintRestrictions](./policy-csp-printers.md#printers-pointandprintrestrictions) -- [Printers/PointAndPrintRestrictions_User](./policy-csp-printers.md#printers-pointandprintrestrictions_user) +- [Printers/PointAndPrintRestrictions_User](./policy-csp-printers.md#printers-pointandprintrestrictions-user) - [Printers/PublishPrinters](./policy-csp-printers.md#printers-publishprinters) - [RemoteAssistance/CustomizeWarningMessages](./policy-csp-remoteassistance.md#remoteassistance-customizewarningmessages) - [RemoteAssistance/SessionLogging](./policy-csp-remoteassistance.md#remoteassistance-sessionlogging) @@ -3151,30 +3200,30 @@ The following diagram shows the Policy configuration service provider in tree fo - [RemoteDesktopServices/DoNotAllowPasswordSaving](./policy-csp-remotedesktopservices.md#remotedesktopservices-donotallowpasswordsaving) - [RemoteDesktopServices/PromptForPasswordUponConnection](./policy-csp-remotedesktopservices.md#remotedesktopservices-promptforpassworduponconnection) - [RemoteDesktopServices/RequireSecureRPCCommunication](./policy-csp-remotedesktopservices.md#remotedesktopservices-requiresecurerpccommunication) -- [RemoteManagement/AllowBasicAuthentication_Client](./policy-csp-remotemanagement.md#None) -- [RemoteManagement/AllowBasicAuthentication_Service](./policy-csp-remotemanagement.md#None) -- [RemoteManagement/AllowCredSSPAuthenticationClient](./policy-csp-remotemanagement.md#None) -- [RemoteManagement/AllowCredSSPAuthenticationService](./policy-csp-remotemanagement.md#None) -- [RemoteManagement/AllowRemoteServerManagement](./policy-csp-remotemanagement.md#None) -- [RemoteManagement/AllowUnencryptedTraffic_Client](./policy-csp-remotemanagement.md#None) -- [RemoteManagement/AllowUnencryptedTraffic_Service](./policy-csp-remotemanagement.md#None) -- [RemoteManagement/DisallowDigestAuthentication](./policy-csp-remotemanagement.md#None) -- [RemoteManagement/DisallowNegotiateAuthenticationClient](./policy-csp-remotemanagement.md#None) -- [RemoteManagement/DisallowNegotiateAuthenticationService](./policy-csp-remotemanagement.md#None) -- [RemoteManagement/DisallowStoringOfRunAsCredentials](./policy-csp-remotemanagement.md#None) -- [RemoteManagement/SpecifyChannelBindingTokenHardeningLevel](./policy-csp-remotemanagement.md#None) -- [RemoteManagement/TrustedHosts](./policy-csp-remotemanagement.md#None) -- [RemoteManagement/TurnOnCompatibilityHTTPListener](./policy-csp-remotemanagement.md#None) -- [RemoteManagement/TurnOnCompatibilityHTTPSListener](./policy-csp-remotemanagement.md#None) +- [RemoteManagement/AllowBasicAuthentication_Client](./policy-csp-remotemanagement.md#remotemanagement-allowbasicauthentication-client) +- [RemoteManagement/AllowBasicAuthentication_Service](./policy-csp-remotemanagement.md#remotemanagement-allowbasicauthentication-service) +- [RemoteManagement/AllowCredSSPAuthenticationClient](./policy-csp-remotemanagement.md#remotemanagement-allowcredsspauthenticationclient) +- [RemoteManagement/AllowCredSSPAuthenticationService](./policy-csp-remotemanagement.md#remotemanagement-allowcredsspauthenticationservice) +- [RemoteManagement/AllowRemoteServerManagement](./policy-csp-remotemanagement.md#remotemanagement-allowremoteservermanagement) +- [RemoteManagement/AllowUnencryptedTraffic_Client](./policy-csp-remotemanagement.md#remotemanagement-allowunencryptedtraffic-client) +- [RemoteManagement/AllowUnencryptedTraffic_Service](./policy-csp-remotemanagement.md#remotemanagement-allowunencryptedtraffic-service) +- [RemoteManagement/DisallowDigestAuthentication](./policy-csp-remotemanagement.md#remotemanagement-disallowdigestauthentication) +- [RemoteManagement/DisallowNegotiateAuthenticationClient](./policy-csp-remotemanagement.md#remotemanagement-disallownegotiateauthenticationclient) +- [RemoteManagement/DisallowNegotiateAuthenticationService](./policy-csp-remotemanagement.md#remotemanagement-disallownegotiateauthenticationservice) +- [RemoteManagement/DisallowStoringOfRunAsCredentials](./policy-csp-remotemanagement.md#remotemanagement-disallowstoringofrunascredentials) +- [RemoteManagement/SpecifyChannelBindingTokenHardeningLevel](./policy-csp-remotemanagement.md#remotemanagement-specifychannelbindingtokenhardeninglevel) +- [RemoteManagement/TrustedHosts](./policy-csp-remotemanagement.md#remotemanagement-trustedhosts) +- [RemoteManagement/TurnOnCompatibilityHTTPListener](./policy-csp-remotemanagement.md#remotemanagement-turnoncompatibilityhttplistener) +- [RemoteManagement/TurnOnCompatibilityHTTPSListener](./policy-csp-remotemanagement.md#remotemanagement-turnoncompatibilityhttpslistener) - [RemoteProcedureCall/RPCEndpointMapperClientAuthentication](./policy-csp-remoteprocedurecall.md#remoteprocedurecall-rpcendpointmapperclientauthentication) - [RemoteProcedureCall/RestrictUnauthenticatedRPCClients](./policy-csp-remoteprocedurecall.md#remoteprocedurecall-restrictunauthenticatedrpcclients) -- [RemoteShell/AllowRemoteShellAccess](./policy-csp-remoteshell.md#None) -- [RemoteShell/MaxConcurrentUsers](./policy-csp-remoteshell.md#None) -- [RemoteShell/SpecifyIdleTimeout](./policy-csp-remoteshell.md#None) -- [RemoteShell/SpecifyMaxMemory](./policy-csp-remoteshell.md#None) -- [RemoteShell/SpecifyMaxProcesses](./policy-csp-remoteshell.md#None) -- [RemoteShell/SpecifyMaxRemoteShells](./policy-csp-remoteshell.md#None) -- [RemoteShell/SpecifyShellTimeout](./policy-csp-remoteshell.md#None) +- [RemoteShell/AllowRemoteShellAccess](./policy-csp-remoteshell.md#remoteshell-allowremoteshellaccess) +- [RemoteShell/MaxConcurrentUsers](./policy-csp-remoteshell.md#remoteshell-maxconcurrentusers) +- [RemoteShell/SpecifyIdleTimeout](./policy-csp-remoteshell.md#remoteshell-specifyidletimeout) +- [RemoteShell/SpecifyMaxMemory](./policy-csp-remoteshell.md#remoteshell-specifymaxmemory) +- [RemoteShell/SpecifyMaxProcesses](./policy-csp-remoteshell.md#remoteshell-specifymaxprocesses) +- [RemoteShell/SpecifyMaxRemoteShells](./policy-csp-remoteshell.md#remoteshell-specifymaxremoteshells) +- [RemoteShell/SpecifyShellTimeout](./policy-csp-remoteshell.md#remoteshell-specifyshelltimeout) - [Storage/EnhancedStorageDevices](./policy-csp-storage.md#storage-enhancedstoragedevices) - [System/BootStartDriverInitialization](./policy-csp-system.md#system-bootstartdriverinitialization) - [System/DisableSystemRestore](./policy-csp-system.md#system-disablesystemrestore) @@ -3202,13 +3251,18 @@ The following diagram shows the Policy configuration service provider in tree fo - [Browser/EnterpriseSiteListServiceUrl](#browser-enterprisesitelistserviceurl) - [Browser/SendIntranetTraffictoInternetExplorer](#browser-sendintranettraffictointernetexplorer) - [Camera/AllowCamera](#camera-allowcamera) +- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui) - [Connectivity/AllowBluetooth](#connectivity-allowbluetooth) - [Connectivity/AllowCellularDataRoaming](#connectivity-allowcellulardataroaming) - [Connectivity/AllowNFC](#connectivity-allownfc) - [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection) - [Connectivity/AllowVPNOverCellular](#connectivity-allowvpnovercellular) - [Connectivity/AllowVPNRoamingOverCellular](#connectivity-allowvpnroamingovercellular) +- [Connectivity/DiablePrintingOverHTTP](#connectivity-diableprintingoverhttp) +- [Connectivity/DisableDownloadingOfPrintDriversOverHTTP](#connectivity-disabledownloadingofprintdriversoverhttp) +- [Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards](#connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards) - [Connectivity/HardenedUNCPaths](#connectivity-hardeneduncpaths) +- [Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge](#connectivity-prohibitinstallationandconfigurationofnetworkbridge) - [CredentialProviders/AllowPINLogon](#credentialproviders-allowpinlogon) - [CredentialProviders/BlockPicturePassword](#credentialproviders-blockpicturepassword) - [DataProtection/AllowDirectMemoryAccess](#dataprotection-allowdirectmemoryaccess) @@ -3313,7 +3367,8 @@ The following diagram shows the Policy configuration service provider in tree fo - [Browser/PreventSmartScreenPromptOverrideForFiles](#browser-preventsmartscreenpromptoverrideforfiles) - [Browser/SetDefaultSearchEngine](#browser-setdefaultsearchengine) - [Camera/AllowCamera](#camera-allowcamera) -- [ConfigOperations/ADMXInstall](#None) +- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui) +- [ConfigOperations/ADMXInstall](#configoperations-admxinstall) - [Connectivity/AllowBluetooth](#connectivity-allowbluetooth) - [Connectivity/AllowConnectedDevices](#connectivity-allowconnecteddevices) - [Cryptography/AllowFipsAlgorithmPolicy](#cryptography-allowfipsalgorithmpolicy) @@ -3361,7 +3416,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [DeliveryOptimization/DOMonthlyUploadDataCap](#deliveryoptimization-domonthlyuploaddatacap) - [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](#deliveryoptimization-dopercentagemaxdownloadbandwidth) - [Desktop/PreventUserRedirectionOfProfileFolders](#desktop-preventuserredirectionofprofilefolders) -- [DeviceGuard/AllowKernelControlFlowGuard](#None) +- [DeviceGuard/AllowKernelControlFlowGuard](#deviceguard-allowkernelcontrolflowguard) - [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo) - [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps) - [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](#privacy-letappsgetdiagnosticinfo-forcedenytheseapps) @@ -3386,9 +3441,9 @@ The following diagram shows the Policy configuration service provider in tree fo - [TextInput/ExcludeJapaneseIMEExceptJIS0208](#textinput-excludejapaneseimeexceptjis0208) - [TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC](#textinput-excludejapaneseimeexceptjis0208andeudc) - [TextInput/ExcludeJapaneseIMEExceptShiftJIS](#textinput-excludejapaneseimeexceptshiftjis) -- [TimeLanguageSettings/Set24HourClock](#None) -- [TimeLanguageSettings/SetCountry](#None) -- [TimeLanguageSettings/SetLanguage](#None) +- [TimeLanguageSettings/Set24HourClock](#timelanguagesettings-set24hourclock) +- [TimeLanguageSettings/SetCountry](#timelanguagesettings-setcountry) +- [TimeLanguageSettings/SetLanguage](#timelanguagesettings-setlanguage) - [Update/AllowAutoUpdate](#update-allowautoupdate) - [Update/AllowUpdateService](#update-allowupdateservice) - [Update/AutoRestartNotificationSchedule](#update-autorestartnotificationschedule) @@ -3412,6 +3467,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Browser/AllowBrowser](#browser-allowbrowser) - [Camera/AllowCamera](#camera-allowcamera) +- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui) - [Connectivity/AllowBluetooth](#connectivity-allowbluetooth) - [Connectivity/AllowCellularDataRoaming](#connectivity-allowcellulardataroaming) - [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection) diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md index 125546ca2b..5b1b04014f 100644 --- a/windows/client-management/mdm/policy-csp-abovelock.md +++ b/windows/client-management/mdm/policy-csp-abovelock.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - AboveLock diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md index 8e3cbf0a9f..321173c109 100644 --- a/windows/client-management/mdm/policy-csp-accounts.md +++ b/windows/client-management/mdm/policy-csp-accounts.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Accounts diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md index e2cb16c774..5f8bde59a5 100644 --- a/windows/client-management/mdm/policy-csp-activexcontrols.md +++ b/windows/client-management/mdm/policy-csp-activexcontrols.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - ActiveXControls @@ -35,11 +36,11 @@ author: nickbrower cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -54,6 +55,13 @@ If you disable or do not configure this policy setting, ActiveX controls prompt Note: Wild card characters cannot be used when specifying the host URLs. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Approved Installation Sites for ActiveX Controls* diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index bf34e7343f..1611634651 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - ApplicationDefaults diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index 805e786817..04487cf2a4 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - ApplicationManagement diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md index 3aaaa8966e..b73c893141 100644 --- a/windows/client-management/mdm/policy-csp-appvirtualization.md +++ b/windows/client-management/mdm/policy-csp-appvirtualization.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - AppVirtualization @@ -35,11 +36,11 @@ author: nickbrower cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -48,6 +49,13 @@ author: nickbrower This policy setting allows you to enable or disable Microsoft Application Virtualization (App-V) feature. Reboot is needed for disable to take effect. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Enable App-V Client* @@ -73,11 +81,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -86,6 +94,13 @@ ADMX Info: Enables Dynamic Virtualization of supported shell extensions, browser helper objects, and ActiveX controls. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Enable Dynamic Virtualization* @@ -111,11 +126,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -124,6 +139,13 @@ ADMX Info: Enables automatic cleanup of appv packages that were added after Windows10 anniversary release. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Enable automatic cleanup of unused appv packages* @@ -149,11 +171,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -162,6 +184,13 @@ ADMX Info: Enables scripts defined in the package manifest of configuration files that should run. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Enable Package Scripts* @@ -187,11 +216,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -200,6 +229,13 @@ ADMX Info: Enables a UX to display to the user when a publishing refresh is performed on the client. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Enable Publishing Refresh UX* @@ -225,11 +261,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -248,6 +284,13 @@ Data Cache Limit: This value specifies the maximum size in megabytes (MB) of the Data Block Size: This value specifies the maximum size in bytes to transmit to the server at once on a reporting upload, to avoid permanent transmission failures when the log has reached a significant size. The default value is 65536. When transmitting report data to the server, one block at a time of application records that is less than or equal to the block size in bytes of XML data will be removed from the cache and sent to the server. Each block will have the general Client data and global package list data prepended, and these will not factor into the block size calculations; the potential exists for an extremely large package list to result in transmission failures over low bandwidth or unreliable connections. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Reporting Server* @@ -273,11 +316,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -286,6 +329,13 @@ ADMX Info: Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /FILEEXCLUSIONLIST='desktop;my pictures'. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Roaming File Exclusions* @@ -311,11 +361,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -324,6 +374,13 @@ ADMX Info: Specifies the registry paths that do not roam with a user profile. Example usage: /REGISTRYEXCLUSIONLIST=software\classes;software\clients. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Roaming Registry Exclusions* @@ -349,11 +406,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -362,6 +419,13 @@ ADMX Info: Specifies how new packages should be loaded automatically by App-V on a specific computer. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Specify what to load in background (aka AutoLoad)* @@ -387,11 +451,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -400,6 +464,13 @@ ADMX Info: Migration mode allows the App-V client to modify shortcuts and FTA's for packages created using a previous version of App-V. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Enable Migration Mode* @@ -425,11 +496,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -438,6 +509,13 @@ ADMX Info: Specifies the location where symbolic links are created to the current version of a per-user published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %localappdata%\Microsoft\AppV\Client\Integration. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Integration Root User* @@ -463,11 +541,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -476,6 +554,13 @@ ADMX Info: Specifies the location where symbolic links are created to the current version of a globally published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %allusersprofile%\Microsoft\AppV\Client\Integration. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Integration Root Global* @@ -501,11 +586,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -532,6 +617,13 @@ User Publishing Refresh Interval: Specifies the publishing refresh interval usin User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Publishing Server 1 Settings* @@ -557,11 +649,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -588,6 +680,13 @@ User Publishing Refresh Interval: Specifies the publishing refresh interval usin User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Publishing Server 2 Settings* @@ -613,11 +712,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -644,6 +743,13 @@ User Publishing Refresh Interval: Specifies the publishing refresh interval usin User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Publishing Server 3 Settings* @@ -669,11 +775,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -700,6 +806,13 @@ User Publishing Refresh Interval: Specifies the publishing refresh interval usin User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Publishing Server 4 Settings* @@ -725,11 +838,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -756,6 +869,13 @@ User Publishing Refresh Interval: Specifies the publishing refresh interval usin User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Publishing Server 5 Settings* @@ -765,7 +885,7 @@ ADMX Info: -**AppVirtualization/StreamingAllowCertificateFilterForClient_SSL** +**AppVirtualization/StreamingAllowCertificateFilterForClient_SSL** @@ -781,11 +901,11 @@ ADMX Info: - - + +
cross mark check markcheck mark check mark check mark check markcross markcross mark
@@ -794,6 +914,13 @@ ADMX Info: Specifies the path to a valid certificate in the certificate store. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Certificate Filter For Client SSL* @@ -819,11 +946,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -832,6 +959,13 @@ ADMX Info: This setting controls whether virtualized applications are launched on Windows 8 machines connected via a metered network connection (e.g. 4G). +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection* @@ -857,11 +991,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -870,6 +1004,13 @@ ADMX Info: Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Location Provider* @@ -895,11 +1036,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -908,6 +1049,13 @@ ADMX Info: Specifies directory where all new applications and updates will be installed. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Package Installation Root* @@ -933,11 +1081,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -946,6 +1094,13 @@ ADMX Info: Overrides source location for downloading package content. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Package Source Root* @@ -971,11 +1126,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -984,6 +1139,13 @@ ADMX Info: Specifies the number of seconds between attempts to reestablish a dropped session. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Reestablishment Interval* @@ -1009,11 +1171,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -1022,6 +1184,13 @@ ADMX Info: Specifies the number of times to retry a dropped session. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Reestablishment Retries* @@ -1047,11 +1216,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -1060,6 +1229,13 @@ ADMX Info: Specifies that streamed package contents will be not be saved to the local hard disk. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Shared Content Store (SCS) mode* @@ -1085,11 +1261,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -1098,6 +1274,13 @@ ADMX Info: If enabled, the App-V client will support BrancheCache compatible HTTP streaming. If BranchCache support is not desired, this should be disabled. The client can then apply HTTP optimizations which are incompatible with BranchCache +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Enable Support for BranchCache* @@ -1123,11 +1306,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -1136,6 +1319,13 @@ ADMX Info: Verifies Server certificate revocation status before streaming using HTTPS. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Verify certificate revocation list* @@ -1161,11 +1351,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -1174,6 +1364,13 @@ ADMX Info: Specifies a list of process paths (may contain wildcards) which are candidates for using virtual components (shell extensions, browser helper objects, etc). Only processes whose full path matches one of these items can use virtual components. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Virtual Component Process Allow List* diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md index 16d1409a9a..7e4cd407f1 100644 --- a/windows/client-management/mdm/policy-csp-attachmentmanager.md +++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - AttachmentManager @@ -35,11 +36,11 @@ author: nickbrower cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -54,6 +55,13 @@ If you disable this policy setting, Windows marks file attachments with their zo If you do not configure this policy setting, Windows marks file attachments with their zone information. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Do not preserve zone information in file attachments* @@ -79,11 +87,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -98,6 +106,13 @@ If you disable this policy setting, Windows shows the check box and Unblock butt If you do not configure this policy setting, Windows hides the check box and Unblock button. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Hide mechanisms to remove zone information* @@ -123,11 +138,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -142,6 +157,13 @@ If you disable this policy setting, Windows does not call the registered antivir If you do not configure this policy setting, Windows does not call the registered antivirus programs when file attachments are opened. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Notify antivirus programs when opening attachments* diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index a3abf1e90d..d6e687ff2b 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Authentication diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md index 94426589fc..7e4a1b7a88 100644 --- a/windows/client-management/mdm/policy-csp-autoplay.md +++ b/windows/client-management/mdm/policy-csp-autoplay.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Autoplay @@ -33,13 +34,13 @@ author: nickbrower Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -52,6 +53,13 @@ If you enable this policy setting, AutoPlay is not allowed for MTP devices like If you disable or do not configure this policy setting, AutoPlay is enabled for non-volume devices. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Disallow Autoplay for non-volume devices* @@ -75,13 +83,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -103,6 +111,13 @@ b) Revert back to pre-Windows Vista behavior of automatically executing the auto If you disable or not configure this policy setting, Windows Vista or later will prompt the user whether autorun command is to be run. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Set the default behavior for AutoRun* @@ -126,13 +141,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -155,6 +170,13 @@ If you disable or do not configure this policy setting, AutoPlay is enabled. Note: This policy setting appears in both the Computer Configuration and User Configuration folders. If the policy settings conflict, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off Autoplay* diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md index c4a361dbf8..d400b459dc 100644 --- a/windows/client-management/mdm/policy-csp-bitlocker.md +++ b/windows/client-management/mdm/policy-csp-bitlocker.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Bitlocker diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index c4f2efa69b..36f22b68f0 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Bluetooth diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index ac21e5988b..1f89d48fa9 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Browser diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md index 052c9a0190..827c761526 100644 --- a/windows/client-management/mdm/policy-csp-camera.md +++ b/windows/client-management/mdm/policy-csp-camera.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Camera diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md index 2eacb78000..d10f019bb9 100644 --- a/windows/client-management/mdm/policy-csp-cellular.md +++ b/windows/client-management/mdm/policy-csp-cellular.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Cellular @@ -19,10 +20,40 @@ author: nickbrower ## Cellular policies -**Cellular/ShowAppCellularAccessUI** +**Cellular/ShowAppCellularAccessUI** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Set Per-App Cellular Access UI Visibility* @@ -41,3 +72,21 @@ Footnote: + +## Cellular policies that can be set using Exchange Active Sync (EAS) + +- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui) + + + +## Cellular policies supported by IoT Core + +- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui) + + + +## Cellular policies supported by Microsoft Surface Hub + +- [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui) + + diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index 76654d609a..b8ab1ab099 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Connectivity @@ -349,10 +350,40 @@ author: nickbrower -**Connectivity/DiablePrintingOverHTTP** +**Connectivity/DiablePrintingOverHTTP** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off printing over HTTP* @@ -362,10 +393,40 @@ ADMX Info: -**Connectivity/DisableDownloadingOfPrintDriversOverHTTP** +**Connectivity/DisableDownloadingOfPrintDriversOverHTTP** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off downloading of print drivers over HTTP* @@ -375,10 +436,40 @@ ADMX Info: -**Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards** +**Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off Internet download for Web publishing and online ordering wizards* @@ -404,11 +495,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -419,6 +510,13 @@ This policy setting configures secure access to UNC paths. If you enable this policy, Windows only allows access to the specified UNC paths after fulfilling additional security requirements. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Hardened UNC Paths* @@ -428,10 +526,40 @@ ADMX Info: -**Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge** +**Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prohibit installation and configuration of Network Bridge on your DNS domain network* @@ -473,7 +601,11 @@ Footnote: - [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection) - [Connectivity/AllowVPNOverCellular](#connectivity-allowvpnovercellular) - [Connectivity/AllowVPNRoamingOverCellular](#connectivity-allowvpnroamingovercellular) +- [Connectivity/DiablePrintingOverHTTP](#connectivity-diableprintingoverhttp) +- [Connectivity/DisableDownloadingOfPrintDriversOverHTTP](#connectivity-disabledownloadingofprintdriversoverhttp) +- [Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards](#connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards) - [Connectivity/HardenedUNCPaths](#connectivity-hardeneduncpaths) +- [Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge](#connectivity-prohibitinstallationandconfigurationofnetworkbridge) diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md index cc99642fbc..0da384397a 100644 --- a/windows/client-management/mdm/policy-csp-credentialproviders.md +++ b/windows/client-management/mdm/policy-csp-credentialproviders.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - CredentialProviders @@ -35,11 +36,11 @@ author: nickbrower cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -56,6 +57,13 @@ Note: The user's domain password will be cached in the system vault when using t To configure Windows Hello for Business, use the Administrative Template policies under Windows Hello for Business. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on convenience PIN sign-in* @@ -81,11 +89,11 @@ ADMX Info: cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -100,6 +108,13 @@ If you disable or don't configure this policy setting, a domain user can set up Note that the user's domain password will be cached in the system vault when using this feature. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off picture password sign-in* diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md index e51c7be1c8..e4ae47237b 100644 --- a/windows/client-management/mdm/policy-csp-credentialsui.md +++ b/windows/client-management/mdm/policy-csp-credentialsui.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - CredentialsUI @@ -34,10 +35,10 @@ author: nickbrower cross mark - check mark3 - check mark3 - check mark3 - check mark3 + check mark + check mark + check mark + check mark cross mark cross mark @@ -56,6 +57,13 @@ By default, the password reveal button is displayed after a user types a passwor The policy applies to all Windows components and applications that use the Windows system controls, including Internet Explorer. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Do not display the password reveal button* @@ -80,10 +88,10 @@ ADMX Info: cross mark - check mark3 - check mark3 - check mark3 - check mark3 + check mark + check mark + check mark + check mark cross mark cross mark @@ -98,6 +106,13 @@ If you enable this policy setting, all local administrator accounts on the PC wi If you disable this policy setting, users will always be required to type a user name and password to elevate. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Enumerate administrator accounts on elevation* diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md index b010cfdbb9..28837af17c 100644 --- a/windows/client-management/mdm/policy-csp-cryptography.md +++ b/windows/client-management/mdm/policy-csp-cryptography.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Cryptography diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md index 418361ef03..e520e4612f 100644 --- a/windows/client-management/mdm/policy-csp-dataprotection.md +++ b/windows/client-management/mdm/policy-csp-dataprotection.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - DataProtection diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md index 54687bcb5c..952a7af6cf 100644 --- a/windows/client-management/mdm/policy-csp-datausage.md +++ b/windows/client-management/mdm/policy-csp-datausage.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - DataUsage @@ -33,9 +34,9 @@ author: nickbrower Mobile Enterprise + cross mark check mark check mark - check mark check mark cross mark @@ -58,6 +59,13 @@ If this policy setting is enabled, a drop-down list box presenting possible cost If this policy setting is disabled or is not configured, the cost of 3G connections is Fixed by default. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Set 3G Cost* @@ -81,9 +89,9 @@ ADMX Info: Mobile Enterprise + cross mark check mark check mark - check mark check mark cross mark @@ -106,6 +114,13 @@ If this policy setting is enabled, a drop-down list box presenting possible cost If this policy setting is disabled or is not configured, the cost of 4G connections is Fixed by default. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Set 4G Cost* diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index 9fdbbe8095..d694a6c0f7 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Defender diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index bcd687b62f..830147907b 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - DeliveryOptimization diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md index 1a2b0575d1..d7cb8ed5c6 100644 --- a/windows/client-management/mdm/policy-csp-desktop.md +++ b/windows/client-management/mdm/policy-csp-desktop.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Desktop @@ -34,10 +35,10 @@ author: nickbrower cross mark - check mark1 - - check mark1 - check mark1 + check mark + check mark + check mark + check mark cross mark cross mark @@ -52,6 +53,13 @@ By default, a user can change the location of their individual profile folders l If you enable this setting, users are unable to type a new location in the Target box. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prohibit User from manually redirecting Profile Folders* diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md index a33fac0efa..f104ff82b3 100644 --- a/windows/client-management/mdm/policy-csp-deviceguard.md +++ b/windows/client-management/mdm/policy-csp-deviceguard.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - DeviceGuard @@ -142,6 +143,6 @@ Footnote: ## DeviceGuard policies supported by Microsoft Surface Hub -- [DeviceGuard/AllowKernelControlFlowGuard](#None) +- [DeviceGuard/AllowKernelControlFlowGuard](#deviceguard-allowkernelcontrolflowguard) diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md index 6fe4218008..681a669b57 100644 --- a/windows/client-management/mdm/policy-csp-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - DeviceInstallation @@ -34,10 +35,10 @@ author: nickbrower cross mark - cross mark - cross mark - check mark3 - check mark3 + check mark + check mark + check mark + check mark cross mark cross mark @@ -52,6 +53,13 @@ If you enable this policy setting, Windows is prevented from installing a device If you disable or do not configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prevent installation of devices that match any of these device IDs* @@ -76,10 +84,10 @@ ADMX Info: cross mark - cross mark - cross mark - check mark3 - check mark3 + check mark + check mark + check mark + check mark cross mark cross mark @@ -94,6 +102,13 @@ If you enable this policy setting, Windows is prevented from installing or updat If you disable or do not configure this policy setting, Windows can install and update devices as allowed or prevented by other policy settings. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prevent installation of devices using drivers that match these device setup classes* diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index 6aedca4af1..f69da9422b 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - DeviceLock @@ -738,13 +739,13 @@ The number of authentication failures allowed before the device will be wiped. A Mobile Enterprise - check mark - check mark - + cross mark check mark check mark check mark check mark + cross mark + cross mark @@ -757,6 +758,13 @@ By default, users can enable a slide show that will run after they lock the mach If you enable this setting, users will no longer be able to modify slide show settings in PC Settings, and no slide show will ever start. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prevent enabling lock screen slide show* diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md index 142be5ef59..c10d926963 100644 --- a/windows/client-management/mdm/policy-csp-display.md +++ b/windows/client-management/mdm/policy-csp-display.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Display diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md index 76c623cf52..6a10e6f365 100644 --- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md +++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - EnterpriseCloudPrint diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md index 9420ab52aa..9923686f45 100644 --- a/windows/client-management/mdm/policy-csp-errorreporting.md +++ b/windows/client-management/mdm/policy-csp-errorreporting.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - ErrorReporting @@ -34,12 +35,12 @@ author: nickbrower cross mark - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -62,6 +63,13 @@ If you enable this policy setting, you can add specific event types to a list by If you disable or do not configure this policy setting, then the default consent settings that are applied are those specified by the user in Control Panel, or in the Configure Default Consent policy setting. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Customize consent settings* @@ -86,12 +94,12 @@ ADMX Info: cross mark - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -104,6 +112,13 @@ If you enable this policy setting, Windows Error Reporting does not send any pro If you disable or do not configure this policy setting, the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings takes precedence. If Turn off Windows Error Reporting is also either disabled or not configured, user settings in Control Panel for Windows Error Reporting are applied. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Disable Windows Error Reporting* @@ -128,12 +143,12 @@ ADMX Info: cross mark - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -150,6 +165,13 @@ If you do not configure this policy setting, users can change this setting in Co See also the Configure Error Reporting policy setting. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Display Error Notification* @@ -174,12 +196,12 @@ ADMX Info: cross mark - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -192,6 +214,13 @@ If you enable this policy setting, any additional data requests from Microsoft i If you disable or do not configure this policy setting, then consent policy settings in Computer Configuration/Administrative Templates/Windows Components/Windows Error Reporting/Consent take precedence. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Do not send additional data* @@ -216,12 +245,12 @@ ADMX Info: cross mark - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -234,6 +263,13 @@ If you enable this policy setting, Windows Error Reporting does not display any If you disable or do not configure this policy setting, Windows Error Reporting displays the user interface for critical errors. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prevent display of the user interface for critical errors* diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md index a7d3d8bcf3..d48e4a933e 100644 --- a/windows/client-management/mdm/policy-csp-eventlogservice.md +++ b/windows/client-management/mdm/policy-csp-eventlogservice.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - EventLogService @@ -34,12 +35,12 @@ author: nickbrower cross mark - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -54,6 +55,13 @@ If you disable or do not configure this policy setting and a log file reaches it Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Control Event Log behavior when the log file reaches its maximum size* @@ -78,12 +86,12 @@ ADMX Info: cross mark - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -96,6 +104,13 @@ If you enable this policy setting, you can configure the maximum log file size t If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Specify the maximum log file size (KB)* @@ -120,12 +135,12 @@ ADMX Info: cross mark - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -138,6 +153,13 @@ If you enable this policy setting, you can configure the maximum log file size t If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Specify the maximum log file size (KB)* @@ -162,12 +184,12 @@ ADMX Info: cross mark - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 - check mark2 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -180,6 +202,13 @@ If you enable this policy setting, you can configure the maximum log file size t If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Specify the maximum log file size (KB)* diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index d0a5edf221..80029f2e95 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Experience diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md index 65d798cab5..2ee49e217d 100644 --- a/windows/client-management/mdm/policy-csp-games.md +++ b/windows/client-management/mdm/policy-csp-games.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Games diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index 096bb1b61b..501d5e9b4a 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - InternetExplorer @@ -33,13 +34,13 @@ author: nickbrower Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -52,6 +53,13 @@ If you enable this policy setting, the user can add and remove search providers, If you disable or do not configure this policy setting, the user can configure their list of search providers unless another policy setting restricts such configuration. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Add a specific list of search providers to the user's list of search providers* @@ -75,13 +83,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -94,6 +102,13 @@ If you enable this policy setting, ActiveX Filtering is enabled by default for t If you disable or do not configure this policy setting, ActiveX Filtering is not enabled by default for the user. The user can turn ActiveX Filtering on or off. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on ActiveX Filtering* @@ -117,13 +132,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -142,6 +157,13 @@ Value - A number indicating whether Internet Explorer should deny or allow the a If you disable this policy setting, the list is deleted. The 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting will still determine whether add-ons not in this list are assumed to be denied. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Add-on List* @@ -151,10 +173,40 @@ ADMX Info: -**InternetExplorer/AllowAutoComplete** +**InternetExplorer/AllowAutoComplete** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on the auto-complete feature for user names and passwords on forms* @@ -164,10 +216,40 @@ ADMX Info: -**InternetExplorer/AllowCertificateAddressMismatchWarning** +**InternetExplorer/AllowCertificateAddressMismatchWarning** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on certificate address mismatch warning* @@ -177,10 +259,40 @@ ADMX Info: -**InternetExplorer/AllowDeletingBrowsingHistoryOnExit** +**InternetExplorer/AllowDeletingBrowsingHistoryOnExit** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow deleting browsing history on exit* @@ -204,13 +316,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -225,6 +337,13 @@ If you disable this policy setting, Enhanced Protected Mode will be turned off. If you do not configure this policy, users will be able to turn on or turn off Enhanced Protected Mode on the Advanced tab of the Internet Options dialog. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on Enhanced Protected Mode* @@ -248,13 +367,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -267,6 +386,13 @@ If you turn this setting on, users can see and use the Enterprise Mode option fr If you disable or don't configure this policy setting, the menu option won't appear and users won't be able to run websites in Enterprise Mode. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Let users turn on and use Enterprise Mode from the Tools menu* @@ -290,13 +416,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -309,6 +435,13 @@ If you enable this policy setting, Internet Explorer downloads the website list If you disable or don't configure this policy setting, Internet Explorer opens all websites using Standards mode. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Use the Enterprise Mode IE website list* @@ -318,10 +451,40 @@ ADMX Info: -**InternetExplorer/AllowFallbackToSSL3** +**InternetExplorer/AllowFallbackToSSL3** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow fallback to SSL 3.0 (Internet Explorer)* @@ -345,13 +508,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -364,6 +527,13 @@ If you enable this policy setting, the user can add and remove sites from the li If you disable or do not configure this policy setting, the user can add and remove sites from the list. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Use Policy List of Internet Explorer 7 sites* @@ -387,13 +557,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -408,6 +578,13 @@ If you disable this policy setting, Internet Explorer uses an Internet Explorer If you do not configure this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended) for local intranet content. Additionally, all local intranet Standards Mode pages appear in Internet Explorer 7 Standards Mode. This option results in the greatest compatibility with existing webpages, but newer content written to common Internet standards may be displayed incorrectly. This option matches the default behavior of Internet Explorer. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on Internet Explorer Standards Mode for local intranet* @@ -431,13 +608,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -456,6 +633,13 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Internet Zone Template* @@ -479,13 +663,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -504,6 +688,13 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Intranet Zone Template* @@ -527,13 +718,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -552,6 +743,13 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Local Machine Zone Template* @@ -575,13 +773,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -600,6 +798,13 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Locked-Down Internet Zone Template* @@ -623,13 +828,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -648,6 +853,13 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Locked-Down Intranet Zone Template* @@ -671,13 +883,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -696,6 +908,13 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Locked-Down Local Machine Zone Template* @@ -719,13 +938,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -744,6 +963,13 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Locked-Down Restricted Sites Zone Template* @@ -767,13 +993,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -786,6 +1012,13 @@ If you enable this policy setting, Internet Explorer goes directly to an intrane If you disable or do not configure this policy setting, Internet Explorer does not go directly to an intranet site for a one-word entry in the Address bar. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Go to an intranet site for a one-word entry in the Address bar* @@ -809,13 +1042,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -834,6 +1067,13 @@ Value - A number indicating the zone with which this site should be associated f If you disable or do not configure this policy, users may choose their own site-to-zone assignments. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Site to Zone Assignment List* @@ -843,10 +1083,40 @@ ADMX Info: -**InternetExplorer/AllowSoftwareWhenSignatureIsInvalid** +**InternetExplorer/AllowSoftwareWhenSignatureIsInvalid** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow software to run or install even if the signature is invalid* @@ -870,13 +1140,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -891,6 +1161,13 @@ If you disable this policy setting, the entry points and functionality associate If you do not configure this policy setting, the user can turn on and turn off the Suggested Sites feature. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on Suggested Sites* @@ -914,13 +1191,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -939,6 +1216,13 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Trusted Sites Zone Template* @@ -962,13 +1246,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -987,6 +1271,13 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Locked-Down Trusted Sites Zone Template* @@ -1010,13 +1301,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1035,6 +1326,13 @@ Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Restricted Sites Zone Template* @@ -1044,10 +1342,40 @@ ADMX Info: -**InternetExplorer/CheckServerCertificateRevocation** +**InternetExplorer/CheckServerCertificateRevocation** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Check for server certificate revocation* @@ -1057,10 +1385,40 @@ ADMX Info: -**InternetExplorer/CheckSignaturesOnDownloadedPrograms** +**InternetExplorer/CheckSignaturesOnDownloadedPrograms** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Check for signatures on downloaded programs* @@ -1070,10 +1428,40 @@ ADMX Info: -**InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses** +**InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Internet Explorer Processes* @@ -1097,13 +1485,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1118,6 +1506,13 @@ If you disable, or do not configure this policy setting, Flash is turned on for Note that Adobe Flash can still be disabled through the "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings, even if this policy setting is disabled, or not configured. However, if Adobe Flash is disabled through the "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings and not through this policy setting, all applications that use Internet Explorer technology to instantiate Flash object can still do so. For more information, see "Group Policy Settings in Internet Explorer 10" in the Internet Explorer TechNet library. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects* @@ -1127,10 +1522,40 @@ ADMX Info: -**InternetExplorer/DisableBlockingOfOutdatedActiveXControls** +**InternetExplorer/DisableBlockingOfOutdatedActiveXControls** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off blocking of outdated ActiveX controls for Internet Explorer* @@ -1154,13 +1579,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1173,6 +1598,13 @@ If you enable this policy setting, SmartScreen Filter warnings block the user. If you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prevent bypassing SmartScreen Filter warnings* @@ -1196,13 +1628,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1215,6 +1647,13 @@ If you enable this policy setting, SmartScreen Filter warnings block the user. If you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet* @@ -1224,10 +1663,40 @@ ADMX Info: -**InternetExplorer/DisableConfiguringHistory** +**InternetExplorer/DisableConfiguringHistory** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Disable "Configuring History"* @@ -1237,10 +1706,40 @@ ADMX Info: -**InternetExplorer/DisableCrashDetection** +**InternetExplorer/DisableCrashDetection** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off Crash Detection* @@ -1264,13 +1763,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1285,6 +1784,13 @@ If you disable this policy setting, the user must participate in the CEIP, and t If you do not configure this policy setting, the user can choose to participate in the CEIP. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prevent participation in the Customer Experience Improvement Program* @@ -1294,10 +1800,40 @@ ADMX Info: -**InternetExplorer/DisableDeletingUserVisitedWebsites** +**InternetExplorer/DisableDeletingUserVisitedWebsites** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prevent deleting websites that the user has visited* @@ -1321,13 +1857,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1340,6 +1876,13 @@ If you enable this policy setting, the user cannot set the Feed Sync Engine to d If you disable or do not configure this policy setting, the user can set the Feed Sync Engine to download an enclosure through the Feed property page. A developer can change the download setting through the Feed APIs. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prevent downloading of enclosures* @@ -1363,13 +1906,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1384,6 +1927,13 @@ If you disable or do not configure this policy setting, the user can select whic Note: SSL 2.0 is off by default and is no longer supported starting with Windows 10 Version 1607. SSL 2.0 is an outdated security protocol, and enabling SSL 2.0 impairs the performance and functionality of TLS 1.0. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off encryption support* @@ -1407,13 +1957,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1430,6 +1980,13 @@ Starting with Windows 8, the "Welcome to Internet Explorer" webpage is not avail If you disable or do not configure this policy setting, Internet Explorer may run the First Run wizard the first time the browser is started after installation. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prevent running First Run wizard* @@ -1453,13 +2010,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1476,6 +2033,13 @@ If you disable this policy setting, flip ahead with page prediction is turned on If you don't configure this setting, users can turn this behavior on or off, using the Settings charm. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off the flip ahead with page prediction feature* @@ -1499,13 +2063,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1518,6 +2082,13 @@ If you enable this policy setting, a user cannot set a custom default home page. If you disable or do not configure this policy setting, the Home page box is enabled and users can choose their own home page. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Disable changing home page settings* @@ -1527,10 +2098,40 @@ ADMX Info: -**InternetExplorer/DisableIgnoringCertificateErrors** +**InternetExplorer/DisableIgnoringCertificateErrors** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prevent ignoring certificate errors* @@ -1540,10 +2141,40 @@ ADMX Info: -**InternetExplorer/DisableInPrivateBrowsing** +**InternetExplorer/DisableInPrivateBrowsing** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off InPrivate Browsing* @@ -1553,10 +2184,40 @@ ADMX Info: -**InternetExplorer/DisableProcessesInEnhancedProtectedMode** +**InternetExplorer/DisableProcessesInEnhancedProtectedMode** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows* @@ -1580,13 +2241,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1599,6 +2260,13 @@ If you enable this policy setting, the user will not be able to configure proxy If you disable or do not configure this policy setting, the user can configure proxy settings. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prevent changing proxy settings* @@ -1622,13 +2290,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1641,6 +2309,13 @@ If you enable this policy setting, the user cannot change the default search pro If you disable or do not configure this policy setting, the user can change the default search provider. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prevent changing the default search provider* @@ -1664,13 +2339,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1685,6 +2360,13 @@ If you disable or do not configure this policy setting, the user can add seconda Note: If the Disable Changing Home Page Settings policy is enabled, the user cannot add secondary home pages. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Disable changing secondary home page settings* @@ -1694,10 +2376,40 @@ ADMX Info: -**InternetExplorer/DisableSecuritySettingsCheck** +**InternetExplorer/DisableSecuritySettingsCheck** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off the Security Settings Check feature* @@ -1721,13 +2433,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1742,6 +2454,13 @@ If you disable this policy or do not configure it, Internet Explorer checks ever This policy is intended to help the administrator maintain version control for Internet Explorer by preventing users from being notified about new versions of the browser. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Disable Periodic Check for Internet Explorer software updates* @@ -1751,10 +2470,40 @@ ADMX Info: -**InternetExplorer/DoNotAllowActiveXControlsInProtectedMode** +**InternetExplorer/DoNotAllowActiveXControlsInProtectedMode** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled* @@ -1778,13 +2527,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1803,6 +2552,13 @@ Note: The "Disable the Security page" policy (located in \User Configuration\Ad Also, see the "Security zones: Use only machine settings" policy. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Security Zones: Do not allow users to add/delete sites* @@ -1826,13 +2582,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1851,6 +2607,13 @@ Note: The "Disable the Security page" policy (located in \User Configuration\Adm Also, see the "Security zones: Use only machine settings" policy. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Security Zones: Do not allow users to change policies* @@ -1874,13 +2637,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1895,6 +2658,13 @@ If you disable or don't configure this policy setting, Internet Explorer continu For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off blocking of outdated ActiveX controls for Internet Explorer* @@ -1918,13 +2688,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1943,6 +2713,13 @@ If you disable or don't configure this policy setting, the list is deleted and I For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains* @@ -1966,13 +2743,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -1987,6 +2764,13 @@ If you disable this policy setting, local sites which are not explicitly mapped If you do not configure this policy setting, users choose whether to force local sites into the Intranet Zone. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Intranet Sites: Include all local (intranet) sites not listed in other zones* @@ -2010,13 +2794,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -2031,6 +2815,13 @@ If you disable this policy setting, network paths are not necessarily mapped int If you do not configure this policy setting, users choose whether network paths are mapped into the Intranet Zone. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Intranet Sites: Include all network paths (UNCs)* @@ -2054,13 +2845,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -2075,6 +2866,13 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Access data sources across domains* @@ -2098,13 +2896,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -2119,6 +2917,13 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for ActiveX controls* @@ -2142,13 +2947,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -2161,6 +2966,13 @@ If you enable this setting, users will receive a file download dialog for automa If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for file downloads* @@ -2170,10 +2982,40 @@ ADMX Info: -**InternetExplorer/InternetZoneAllowCopyPasteViaScript** +**InternetExplorer/InternetZoneAllowCopyPasteViaScript** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow cut, copy or paste operations from the clipboard via script* @@ -2183,10 +3025,40 @@ ADMX Info: -**InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles** +**InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow drag and drop or copy and paste files* @@ -2210,13 +3082,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -2231,6 +3103,13 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow font downloads* @@ -2254,13 +3133,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -2275,6 +3154,13 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* @@ -2284,10 +3170,40 @@ ADMX Info: -**InternetExplorer/InternetZoneAllowLoadingOfXAMLFilesWRONG** +**InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow loading of XAML files* @@ -2297,7 +3213,7 @@ ADMX Info: -**InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents** +**InternetExplorer/InternetZoneAllowLoadingOfXAMLFilesWRONG** @@ -2321,6 +3237,35 @@ ADMX Info:
+ + + + + +**InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. @@ -2332,6 +3277,13 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will execute unsigned managed components. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* @@ -2341,49 +3293,169 @@ ADMX Info: -**InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls** +**InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow only approved domains to use ActiveX controls without prompt* -- GP name: *IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Intranet* +- GP name: *IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet* - GP ADMX file name: *inetres.admx* -**InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl** +**InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow only approved domains to use the TDC ActiveX control* -- GP name: *IZ_PolicyAllowTDCControl_Both_LocalMachine* +- GP name: *IZ_PolicyAllowTDCControl_Both_Internet* - GP ADMX file name: *inetres.admx* -**InternetExplorer/InternetZoneAllowScriptInitiatedWindows** +**InternetExplorer/InternetZoneAllowScriptInitiatedWindows** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow script-initiated windows without size or position constraints* -- GP name: *IZ_PolicyWindowsRestrictionsURLaction_6* +- GP name: *IZ_PolicyWindowsRestrictionsURLaction_1* - GP ADMX file name: *inetres.admx* -**InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls** +**InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow scripting of Internet Explorer WebBrowser controls* @@ -2407,13 +3479,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -2428,6 +3500,13 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow scriptlets* @@ -2451,13 +3530,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -2474,6 +3553,13 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on SmartScreen Filter scan* @@ -2483,10 +3569,40 @@ ADMX Info: -**InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript** +**InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow updates to status bar via script* @@ -2510,13 +3626,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -2531,6 +3647,13 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Userdata persistence* @@ -2540,10 +3663,40 @@ ADMX Info: -**InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG1** +**InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Don't run antimalware programs against ActiveX controls* @@ -2553,36 +3706,141 @@ ADMX Info: -**InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG2** +**InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG1** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
check mark1check mark1check mark1check mark1check mark1check mark1
+ + - -ADMX Info: -- GP english name: *Don't run antimalware programs against ActiveX controls* -- GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_3* -- GP ADMX file name: *inetres.admx* - - -**InternetExplorer/InternetZoneDownloadSignedActiveXControls** +**InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG2** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
check mark1check mark1check mark1check mark1check mark1check mark1
+ + + + +**InternetExplorer/InternetZoneDownloadSignedActiveXControls** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Download signed ActiveX controls* -- GP name: *IZ_PolicyDownloadSignedActiveX_3* +- GP name: *IZ_PolicyDownloadSignedActiveX_1* - GP ADMX file name: *inetres.admx* -**InternetExplorer/InternetZoneDownloadUnsignedActiveXControls** +**InternetExplorer/InternetZoneDownloadUnsignedActiveXControls** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Download unsigned ActiveX controls* @@ -2592,23 +3850,83 @@ ADMX Info: -**InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter** +**InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on Cross-Site Scripting Filter* -- GP name: *IZ_PolicyTurnOnXSSFilter_Both_LocalMachine* +- GP name: *IZ_PolicyTurnOnXSSFilter_Both_Internet* - GP ADMX file name: *inetres.admx* -**InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows** +**InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Enable dragging of content from different domains across windows* @@ -2618,10 +3936,40 @@ ADMX Info: -**InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows** +**InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Enable dragging of content from different domains within a window* @@ -2631,10 +3979,40 @@ ADMX Info: -**InternetExplorer/InternetZoneEnableMIMESniffing** +**InternetExplorer/InternetZoneEnableMIMESniffing** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Enable MIME Sniffing* @@ -2644,23 +4022,83 @@ ADMX Info: -**InternetExplorer/InternetZoneEnableProtectedMode** +**InternetExplorer/InternetZoneEnableProtectedMode** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on Protected Mode* -- GP name: *IZ_Policy_TurnOnProtectedMode_2* +- GP name: *IZ_Policy_TurnOnProtectedMode_1* - GP ADMX file name: *inetres.admx* -**InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer** +**InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Include local path when user is uploading files to a server* @@ -2684,13 +4122,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -2707,6 +4145,13 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* @@ -2716,23 +4161,69 @@ ADMX Info: -**InternetExplorer/InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe** +**InternetExplorer/InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
check mark1check mark1check mark1check mark1check mark1check mark1
+ + - -ADMX Info: -- GP english name: *Initialize and script ActiveX controls not marked as safe* -- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_1* -- GP ADMX file name: *inetres.admx* - - -**InternetExplorer/InternetZoneJavaPermissionsWRONG1** +**InternetExplorer/InternetZoneJavaPermissions** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Java permissions* @@ -2742,23 +4233,98 @@ ADMX Info: -**InternetExplorer/InternetZoneJavaPermissionsWRONG2** +**InternetExplorer/InternetZoneJavaPermissionsWRONG1** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
check mark1check mark1check mark1check mark1check mark1check mark1
+ + - -ADMX Info: -- GP english name: *Java permissions* -- GP name: *IZ_PolicyJavaPermissions_3* -- GP ADMX file name: *inetres.admx* - - -**InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME** +**InternetExplorer/InternetZoneJavaPermissionsWRONG2** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
check mark1check mark1check mark1check mark1check mark1check mark1
+ + + + +**InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Launching applications and files in an IFRAME* @@ -2768,10 +4334,40 @@ ADMX Info: -**InternetExplorer/InternetZoneLogonOptions** +**InternetExplorer/InternetZoneLogonOptions** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Logon options* @@ -2795,13 +4391,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -2816,6 +4412,13 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Navigate windows and frames across different domains* @@ -2825,10 +4428,40 @@ ADMX Info: -**InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsNotSignedWithAuthenticode** +**InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsNotSignedWithAuthenticode** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* @@ -2838,10 +4471,40 @@ ADMX Info: -**InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode** +**InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Run .NET Framework-reliant components signed with Authenticode* @@ -2851,10 +4514,40 @@ ADMX Info: -**InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles** +**InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Show security warning for potentially unsafe files* @@ -2864,10 +4557,40 @@ ADMX Info: -**InternetExplorer/InternetZoneUsePopupBlocker** +**InternetExplorer/InternetZoneUsePopupBlocker** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Use Pop-up Blocker* @@ -2877,10 +4600,40 @@ ADMX Info: -**InternetExplorer/InternetZoneWebsitesInLessPrivilegedZonesCanNavigateIntoThisZone** +**InternetExplorer/InternetZoneWebsitesInLessPrivilegedZonesCanNavigateIntoThisZone** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* @@ -2904,13 +4657,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -2925,6 +4678,13 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Access data sources across domains* @@ -2948,13 +4708,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -2969,6 +4729,13 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for ActiveX controls* @@ -2992,13 +4759,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3011,6 +4778,13 @@ If you enable this setting, users will receive a file download dialog for automa If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for file downloads* @@ -3034,13 +4808,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3055,6 +4829,13 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow font downloads* @@ -3078,13 +4859,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3099,6 +4880,13 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* @@ -3122,13 +4910,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3143,6 +4931,13 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will execute unsigned managed components. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* @@ -3166,13 +4961,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3187,6 +4982,13 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow scriptlets* @@ -3210,13 +5012,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3233,6 +5035,13 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on SmartScreen Filter scan* @@ -3256,13 +5065,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3277,12 +5086,62 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_3* - GP ADMX file name: *inetres.admx* + + + +**InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP english name: *Don't run antimalware programs against ActiveX controls* +- GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_3* +- GP ADMX file name: *inetres.admx* + @@ -3300,13 +5159,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3323,12 +5182,105 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* - GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_3* - GP ADMX file name: *inetres.admx* + + + +**InternetExplorer/IntranetZoneInitializeAndScriptActiveXControlsNotMarkedSafe** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_3* +- GP ADMX file name: *inetres.admx* + + + + +**InternetExplorer/IntranetZoneJavaPermissions** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP english name: *Java permissions* +- GP name: *IZ_PolicyJavaPermissions_3* +- GP ADMX file name: *inetres.admx* + @@ -3346,13 +5298,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3367,6 +5319,13 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Navigate windows and frames across different domains* @@ -3390,13 +5349,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3411,6 +5370,13 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Access data sources across domains* @@ -3434,13 +5400,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3455,6 +5421,13 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for ActiveX controls* @@ -3478,13 +5451,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3497,6 +5470,13 @@ If you enable this setting, users will receive a file download dialog for automa If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for file downloads* @@ -3520,13 +5500,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3541,6 +5521,13 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow font downloads* @@ -3564,13 +5551,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3585,6 +5572,13 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* @@ -3608,13 +5602,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3629,6 +5623,13 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* @@ -3652,13 +5653,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3673,6 +5674,13 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow scriptlets* @@ -3696,13 +5704,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3719,6 +5727,13 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on SmartScreen Filter scan* @@ -3742,13 +5757,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3763,6 +5778,13 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Userdata persistence* @@ -3772,10 +5794,40 @@ ADMX Info: -**InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls** +**InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Don't run antimalware programs against ActiveX controls* @@ -3799,13 +5851,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3822,6 +5874,13 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* @@ -3831,10 +5890,40 @@ ADMX Info: -**InternetExplorer/LocalMachineZoneJavaPermissions** +**InternetExplorer/LocalMachineZoneJavaPermissions** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Java permissions* @@ -3858,13 +5947,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3879,6 +5968,13 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Navigate windows and frames across different domains* @@ -3902,13 +5998,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3923,6 +6019,13 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Access data sources across domains* @@ -3946,13 +6049,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -3967,6 +6070,13 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for ActiveX controls* @@ -3990,13 +6100,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4009,6 +6119,13 @@ If you enable this setting, users will receive a file download dialog for automa If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for file downloads* @@ -4032,13 +6149,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4053,6 +6170,13 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow font downloads* @@ -4076,13 +6200,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4097,6 +6221,13 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* @@ -4120,13 +6251,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4141,6 +6272,13 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* @@ -4164,13 +6302,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4185,6 +6323,13 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow scriptlets* @@ -4208,13 +6353,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4231,6 +6376,13 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on SmartScreen Filter scan* @@ -4254,13 +6406,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4275,6 +6427,13 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Userdata persistence* @@ -4298,13 +6457,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4321,6 +6480,13 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* @@ -4330,10 +6496,40 @@ ADMX Info: -**InternetExplorer/LockedDownInternetZoneJavaPermissions** +**InternetExplorer/LockedDownInternetZoneJavaPermissions** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Java permissions* @@ -4357,13 +6553,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4378,6 +6574,13 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Navigate windows and frames across different domains* @@ -4401,13 +6604,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4422,6 +6625,13 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Access data sources across domains* @@ -4445,13 +6655,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4466,6 +6676,13 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for ActiveX controls* @@ -4489,13 +6706,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4508,6 +6725,13 @@ If you enable this setting, users will receive a file download dialog for automa If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for file downloads* @@ -4531,13 +6755,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4552,6 +6776,13 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow font downloads* @@ -4575,13 +6806,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4596,6 +6827,13 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* @@ -4619,13 +6857,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4640,6 +6878,13 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* @@ -4663,13 +6908,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4684,6 +6929,13 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow scriptlets* @@ -4707,13 +6959,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4730,6 +6982,13 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on SmartScreen Filter scan* @@ -4753,13 +7012,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4774,6 +7033,13 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Userdata persistence* @@ -4797,13 +7063,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4820,6 +7086,13 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* @@ -4843,13 +7116,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4864,6 +7137,13 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Navigate windows and frames across different domains* @@ -4887,13 +7167,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4908,6 +7188,13 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Access data sources across domains* @@ -4931,13 +7218,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4952,6 +7239,13 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for ActiveX controls* @@ -4975,13 +7269,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -4994,6 +7288,13 @@ If you enable this setting, users will receive a file download dialog for automa If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for file downloads* @@ -5017,13 +7318,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5038,6 +7339,13 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow font downloads* @@ -5061,13 +7369,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5082,6 +7390,13 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* @@ -5105,13 +7420,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5126,6 +7441,13 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* @@ -5149,13 +7471,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5170,6 +7492,13 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow scriptlets* @@ -5193,13 +7522,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5216,6 +7545,13 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on SmartScreen Filter scan* @@ -5239,13 +7575,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5260,6 +7596,13 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Userdata persistence* @@ -5283,13 +7626,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5306,6 +7649,13 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* @@ -5315,10 +7665,40 @@ ADMX Info: -**InternetExplorer/LockedDownLocalMachineZoneJavaPermissions** +**InternetExplorer/LockedDownLocalMachineZoneJavaPermissions** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Java permissions* @@ -5342,13 +7722,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5363,6 +7743,13 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Navigate windows and frames across different domains* @@ -5386,13 +7773,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5407,6 +7794,13 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Access data sources across domains* @@ -5430,13 +7824,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5451,6 +7845,13 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for ActiveX controls* @@ -5474,13 +7875,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5493,6 +7894,13 @@ If you enable this setting, users will receive a file download dialog for automa If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for file downloads* @@ -5516,13 +7924,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5537,6 +7945,13 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, users are queried whether to allow HTML fonts to download. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow font downloads* @@ -5560,13 +7975,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5581,6 +7996,13 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* @@ -5604,13 +8026,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5625,6 +8047,13 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* @@ -5648,13 +8077,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5669,6 +8098,13 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow scriptlets* @@ -5692,13 +8128,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5715,6 +8151,13 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on SmartScreen Filter scan* @@ -5738,13 +8181,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5759,6 +8202,13 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Userdata persistence* @@ -5782,13 +8232,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5805,6 +8255,13 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* @@ -5814,10 +8271,40 @@ ADMX Info: -**InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions** +**InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Java permissions* @@ -5841,13 +8328,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5862,6 +8349,13 @@ If you disable this policy setting, users cannot open other windows and frames f If you do not configure this policy setting, users cannot open other windows and frames from different domains or access applications from different domains. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Navigate windows and frames across different domains* @@ -5885,13 +8379,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5906,6 +8400,13 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Access data sources across domains* @@ -5929,13 +8430,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5950,6 +8451,13 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for ActiveX controls* @@ -5973,13 +8481,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -5992,6 +8500,13 @@ If you enable this setting, users will receive a file download dialog for automa If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for file downloads* @@ -6015,13 +8530,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6036,6 +8551,13 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow font downloads* @@ -6059,13 +8581,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6080,6 +8602,13 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* @@ -6103,13 +8632,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6124,6 +8653,13 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* @@ -6147,13 +8683,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6168,6 +8704,13 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow scriptlets* @@ -6191,13 +8734,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6214,6 +8757,13 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on SmartScreen Filter scan* @@ -6237,13 +8787,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6258,6 +8808,13 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Userdata persistence* @@ -6281,13 +8838,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6304,6 +8861,13 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* @@ -6313,10 +8877,40 @@ ADMX Info: -**InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions** +**InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Java permissions* @@ -6340,13 +8934,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6361,6 +8955,13 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Navigate windows and frames across different domains* @@ -6370,10 +8971,40 @@ ADMX Info: -**InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses** +**InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Internet Explorer Processes* @@ -6383,10 +9014,40 @@ ADMX Info: -**InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses** +**InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Internet Explorer Processes* @@ -6396,10 +9057,40 @@ ADMX Info: -**InternetExplorer/NotificationBarInternetExplorerProcesses** +**InternetExplorer/NotificationBarInternetExplorerProcesses** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Internet Explorer Processes* @@ -6409,23 +9100,83 @@ ADMX Info: -**InternetExplorer/PreventManagingSmartScreenFilter** +**InternetExplorer/PreventManagingSmartScreenFilter** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: -- GP english name: *Download signed ActiveX controls* -- GP name: *IZ_PolicyDownloadSignedActiveX_1* +- GP english name: *Prevent managing SmartScreen Filter* +- GP name: *Disable_Managing_Safety_Filter_IE9* - GP ADMX file name: *inetres.admx* -**InternetExplorer/PreventPerUserInstallationOfActiveXControls** +**InternetExplorer/PreventPerUserInstallationOfActiveXControls** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Prevent per-user installation of ActiveX controls* @@ -6435,10 +9186,40 @@ ADMX Info: -**InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses** +**InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *All Processes* @@ -6448,10 +9229,40 @@ ADMX Info: -**InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls** +**InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Remove "Run this time" button for outdated ActiveX controls in Internet Explorer * @@ -6461,10 +9272,40 @@ ADMX Info: -**InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses** +**InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *All Processes* @@ -6474,10 +9315,40 @@ ADMX Info: -**InternetExplorer/RestrictFileDownloadInternetExplorerProcesses** +**InternetExplorer/RestrictFileDownloadInternetExplorerProcesses** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *All Processes* @@ -6501,13 +9372,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6522,6 +9393,13 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Access data sources across domains* @@ -6531,14 +9409,44 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneAllowActiveScripting** +**InternetExplorer/RestrictedSitesZoneAllowActiveScripting** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow active scripting* -- GP name: *IZ_PolicyActiveScripting_1* +- GP name: *IZ_PolicyActiveScripting_7* - GP ADMX file name: *inetres.admx* @@ -6558,13 +9466,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6579,6 +9487,13 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for ActiveX controls* @@ -6602,13 +9517,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6621,6 +9536,13 @@ If you enable this setting, users will receive a file download dialog for automa If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for file downloads* @@ -6630,23 +9552,83 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors** +**InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow binary and script behaviors* -- GP name: *IZ_PolicyBinaryBehaviors_1* +- GP name: *IZ_PolicyBinaryBehaviors_7* - GP ADMX file name: *inetres.admx* -**InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript** +**InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow cut, copy or paste operations from the clipboard via script* @@ -6656,10 +9638,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles** +**InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow drag and drop or copy and paste files* @@ -6669,14 +9681,44 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneAllowFileDownloads** +**InternetExplorer/RestrictedSitesZoneAllowFileDownloads** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow file downloads* -- GP name: *IZ_PolicyFileDownload_1* +- GP name: *IZ_PolicyFileDownload_7* - GP ADMX file name: *inetres.admx* @@ -6696,13 +9738,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6717,12 +9759,13 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, users are queried whether to allow HTML fonts to download. - - -**InternetExplorer/RestrictedSitesZoneAllowFontDownloadsWRONG1** +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - ADMX Info: - GP english name: *Allow font downloads* @@ -6732,20 +9775,7 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneAllowFontDownloadsWRONG2** - - - - -ADMX Info: -- GP english name: *Allow font downloads* -- GP name: *IZ_PolicyFontDownload_1* -- GP ADMX file name: *inetres.admx* - - - - -**InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites** +**InternetExplorer/RestrictedSitesZoneAllowFontDownloadsWRONG1** @@ -6769,6 +9799,64 @@ ADMX Info:
+ + + + + +**InternetExplorer/RestrictedSitesZoneAllowFontDownloadsWRONG2** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
check mark1check mark1check mark1check mark1check mark1check mark1
+ + + + + + +**InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone. @@ -6780,6 +9868,13 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* @@ -6789,10 +9884,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles** +**InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow loading of XAML files* @@ -6802,14 +9927,44 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH** +**InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow META REFRESH* -- GP name: *IZ_PolicyAllowMETAREFRESH_1* +- GP name: *IZ_PolicyAllowMETAREFRESH_7* - GP ADMX file name: *inetres.admx* @@ -6829,13 +9984,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6850,6 +10005,13 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* @@ -6859,10 +10021,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls** +**InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow only approved domains to use ActiveX controls without prompt* @@ -6872,10 +10064,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl** +**InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow only approved domains to use the TDC ActiveX control* @@ -6885,10 +10107,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows** +**InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow script-initiated windows without size or position constraints* @@ -6898,10 +10150,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls** +**InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow scripting of Internet Explorer WebBrowser controls* @@ -6925,13 +10207,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6946,6 +10228,13 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow scriptlets* @@ -6969,13 +10258,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -6992,6 +10281,13 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on SmartScreen Filter scan* @@ -7001,10 +10297,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript** +**InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow updates to status bar via script* @@ -7028,13 +10354,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -7049,6 +10375,13 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Userdata persistence* @@ -7058,10 +10391,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls** +**InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Don't run antimalware programs against ActiveX controls* @@ -7071,10 +10434,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls** +**InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Download signed ActiveX controls* @@ -7084,10 +10477,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls** +**InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Download unsigned ActiveX controls* @@ -7097,10 +10520,83 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows** +**InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP english name: *Turn on Cross-Site Scripting Filter* +- GP name: *IZ_PolicyTurnOnXSSFilter_Both_Restricted* +- GP ADMX file name: *inetres.admx* + + + + +**InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Enable dragging of content from different domains across windows* @@ -7110,10 +10606,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows** +**InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Enable dragging of content from different domains within a window* @@ -7123,10 +10649,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneEnableMIMESniffing** +**InternetExplorer/RestrictedSitesZoneEnableMIMESniffing** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Enable MIME Sniffing* @@ -7136,10 +10692,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer** +**InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Include local path when user is uploading files to a server* @@ -7163,13 +10749,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -7186,6 +10772,13 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* @@ -7195,10 +10788,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneJavaPermissions** +**InternetExplorer/RestrictedSitesZoneJavaPermissions** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Java permissions* @@ -7208,10 +10831,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME** +**InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Launching applications and files in an IFRAME* @@ -7221,10 +10874,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneLogonOptions** +**InternetExplorer/RestrictedSitesZoneLogonOptions** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Logon options* @@ -7248,13 +10931,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -7269,6 +10952,13 @@ If you disable this policy setting, users cannot open other windows and frames f If you do not configure this policy setting, users cannot open other windows and frames from different domains or access applications from different domains. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Navigate windows and frames across different domains* @@ -7278,36 +10968,126 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFramesAcrossDomains** +**InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFramesAcrossDomains** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Navigate windows and frames across different domains* -- GP name: *IZ_PolicyNavigateSubframesAcrossDomains_1* +- GP name: *IZ_PolicyNavigateSubframesAcrossDomains_7* - GP ADMX file name: *inetres.admx* -**InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins** +**InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Run ActiveX controls and plugins* -- GP name: *IZ_PolicyRunActiveXControls_1* +- GP name: *IZ_PolicyRunActiveXControls_7* - GP ADMX file name: *inetres.admx* -**InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode** +**InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Run .NET Framework-reliant components signed with Authenticode* @@ -7317,36 +11097,126 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting** +**InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Script ActiveX controls marked safe for scripting* -- GP name: *IZ_PolicyScriptActiveXMarkedSafe_1* +- GP name: *IZ_PolicyScriptActiveXMarkedSafe_7* - GP ADMX file name: *inetres.admx* -**InternetExplorer/RestrictedSitesZoneWRONG** +**InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Scripting of Java applets* -- GP name: *IZ_PolicyScriptingOfJavaApplets_6* +- GP name: *IZ_PolicyScriptingOfJavaApplets_7* - GP ADMX file name: *inetres.admx* -**InternetExplorer/RestrictedSitesZoneWRONG2** +**InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Show security warning for potentially unsafe files* @@ -7356,10 +11226,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneWRONG3** +**InternetExplorer/RestrictedSitesZoneTurnOnCrossSiteScriptingFilter** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on Cross-Site Scripting Filter* @@ -7369,10 +11269,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneWRONG4** +**InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on Protected Mode* @@ -7382,10 +11312,40 @@ ADMX Info: -**InternetExplorer/RestrictedSitesZoneWRONG5** +**InternetExplorer/RestrictedSitesZoneUsePopupBlocker** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Use Pop-up Blocker* @@ -7395,10 +11355,185 @@ ADMX Info: -**InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses** +**InternetExplorer/RestrictedSitesZoneWRONG** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
check mark1check mark1check mark1check mark1check mark1check mark1
+ + + + +**InternetExplorer/RestrictedSitesZoneWRONG2** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
check mark1check mark1check mark1check mark1check mark1check mark1
+ + + + + + +**InternetExplorer/RestrictedSitesZoneWRONG3** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
check mark1check mark1check mark1check mark1check mark1check mark1
+ + + + + + +**InternetExplorer/RestrictedSitesZoneWRONG4** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
check mark1check mark1check mark1check mark1check mark1check mark1
+ + + + + + +**InternetExplorer/RestrictedSitesZoneWRONG5** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
check mark1check mark1check mark1check mark1check mark1check mark1
+ + + + + + +**InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *All Processes* @@ -7422,13 +11557,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -7441,6 +11576,13 @@ If you enable this policy setting, the user cannot configure the list of search If you disable or do not configure this policy setting, the user can configure his or her list of search providers. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Restrict search providers to a specific list* @@ -7450,10 +11592,40 @@ ADMX Info: -**InternetExplorer/SecurityZonesUseOnlyMachineSettings** +**InternetExplorer/SecurityZonesUseOnlyMachineSettings** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Security Zones: Use only machine settings * @@ -7463,10 +11635,40 @@ ADMX Info: -**InternetExplorer/SpecifyUseOfActiveXInstallerService** +**InternetExplorer/SpecifyUseOfActiveXInstallerService** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Specify use of ActiveX Installer Service for installation of ActiveX controls* @@ -7490,13 +11692,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -7511,6 +11713,13 @@ If you disable this policy setting, users cannot load a page in the zone that us If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Access data sources across domains* @@ -7534,13 +11743,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -7555,6 +11764,13 @@ If you disable this policy setting, ActiveX control installations will be blocke If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for ActiveX controls* @@ -7578,13 +11794,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -7597,6 +11813,13 @@ If you enable this setting, users will receive a file download dialog for automa If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Automatic prompting for file downloads* @@ -7620,13 +11843,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -7641,6 +11864,13 @@ If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML fonts can be downloaded automatically. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow font downloads* @@ -7664,13 +11894,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -7685,6 +11915,13 @@ If you disable this policy setting, the possibly harmful navigations are prevent If you do not configure this policy setting, a warning is issued to the user that potentially risky navigation is about to occur. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Web sites in less privileged Web content zones can navigate into this zone* @@ -7708,13 +11945,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -7729,6 +11966,13 @@ If you disable this policy setting, Internet Explorer will not execute unsigned If you do not configure this policy setting, Internet Explorer will execute unsigned managed components. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Run .NET Framework-reliant components not signed with Authenticode* @@ -7752,13 +11996,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -7773,6 +12017,13 @@ If you disable this policy setting, the user cannot run scriptlets. If you do not configure this policy setting, the user can enable or disable scriptlets. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow scriptlets* @@ -7796,13 +12047,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -7819,6 +12070,13 @@ If you do not configure this policy setting, the user can choose whether SmartSc Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on SmartScreen Filter scan* @@ -7842,13 +12100,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -7863,12 +12121,105 @@ If you disable this policy setting, users cannot preserve information in the bro If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Userdata persistence* - GP name: *IZ_PolicyUserdataPersistence_5* - GP ADMX file name: *inetres.admx* + + + +**InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP english name: *Don't run antimalware programs against ActiveX controls* +- GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_5* +- GP ADMX file name: *inetres.admx* + + + + +**InternetExplorer/TrustedSitesZoneDontRunAntimalwareProgramsAgainstActiveXControls** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP english name: *Don't run antimalware programs against ActiveX controls* +- GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_5* +- GP ADMX file name: *inetres.admx* + @@ -7886,13 +12237,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -7909,6 +12260,13 @@ If you disable this policy setting, ActiveX controls that cannot be made safe ar If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Initialize and script ActiveX controls not marked as safe* @@ -7918,10 +12276,126 @@ ADMX Info: -**InternetExplorer/TrustedSitesZoneJavaPermissions** +**InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControlsNotMarkedAsSafe** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_5* +- GP ADMX file name: *inetres.admx* + + + + +**InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControlsNotMarkedSafe** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP english name: *Initialize and script ActiveX controls not marked as safe* +- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_5* +- GP ADMX file name: *inetres.admx* + + + + +**InternetExplorer/TrustedSitesZoneJavaPermissions** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Java permissions* @@ -7945,13 +12419,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -7966,6 +12440,13 @@ If you disable this policy setting, users cannot open windows and frames to acce If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Navigate windows and frames across different domains* @@ -7975,30 +12456,62 @@ ADMX Info: -**InternetExplorer/TrustedSitesZoneWRONG1** +**InternetExplorer/TrustedSitesZoneWRONG1** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
check mark1check mark1check mark1check mark1check mark1check mark1
+ + - -ADMX Info: -- GP english name: *Don't run antimalware programs against ActiveX controls* -- GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_5* -- GP ADMX file name: *inetres.admx* - - -**InternetExplorer/TrustedSitesZoneWRONG2** +**InternetExplorer/TrustedSitesZoneWRONG2** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
check mark1check mark1check mark1check mark1check mark1check mark1
+ + - -ADMX Info: -- GP english name: *Initialize and script ActiveX controls not marked as safe* -- GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_5* -- GP ADMX file name: *inetres.admx* - -
diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md index a8fbdb51d5..2a73bb48dc 100644 --- a/windows/client-management/mdm/policy-csp-kerberos.md +++ b/windows/client-management/mdm/policy-csp-kerberos.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Kerberos @@ -33,13 +34,13 @@ author: nickbrower Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -52,6 +53,13 @@ If you enable this policy setting, the Kerberos client searches the forests in t If you disable or do not configure this policy setting, the Kerberos client does not search the listed forests to resolve the SPN. If the Kerberos client is unable to resolve the SPN because the name is not found, NTLM authentication might be used. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Use forest search order* @@ -75,13 +83,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -93,6 +101,13 @@ If you enable this policy setting, the client computers will request claims, pro If you disable or do not configure this policy setting, the client devices will not request claims, provide information required to create compounded authentication and armor Kerberos messages. Services hosted on the device will not be able to retrieve claims for clients using Kerberos protocol transition. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Kerberos client support for claims, compound authentication and Kerberos armoring* @@ -116,13 +131,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -139,6 +154,13 @@ Note: The Kerberos Group Policy "Kerberos client support for claims, compound au If you disable or do not configure this policy setting, the client computers in the domain enforce the use of Kerberos armoring when possible as supported by the target domain. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Fail authentication requests when Kerberos armoring is not available* @@ -162,13 +184,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -181,6 +203,13 @@ If you enable this policy setting, the Kerberos client requires that the KDC's X If you disable or do not configure this policy setting, the Kerberos client requires only that the KDC certificate contain the Server Authentication purpose object identifier in the EKU extensions which can be issued to any server. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Require strict KDC validation* @@ -204,13 +233,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -227,6 +256,13 @@ If you disable or do not configure this policy setting, the Kerberos client or s Note: This policy setting configures the existing MaxTokenSize registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters, which was added in Windows XP and Windows Server 2003, with a default value of 12,000 bytes. Beginning with Windows 8 the default is 48,000 bytes. Due to HTTP's base64 encoding of authentication context tokens, it is not advised to set this value more than 48,000 bytes. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Set maximum Kerberos SSPI context token buffer size* diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md index 8c80b8d3a3..192795ada2 100644 --- a/windows/client-management/mdm/policy-csp-licensing.md +++ b/windows/client-management/mdm/policy-csp-licensing.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Licensing diff --git a/windows/client-management/mdm/policy-csp-location.md b/windows/client-management/mdm/policy-csp-location.md index f645587446..ba133e1921 100644 --- a/windows/client-management/mdm/policy-csp-location.md +++ b/windows/client-management/mdm/policy-csp-location.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Location diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md index 25dc0413fe..a98d78e52b 100644 --- a/windows/client-management/mdm/policy-csp-lockdown.md +++ b/windows/client-management/mdm/policy-csp-lockdown.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - LockDown diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md index 71023a8d83..27d44175e4 100644 --- a/windows/client-management/mdm/policy-csp-maps.md +++ b/windows/client-management/mdm/policy-csp-maps.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Maps diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md index 0cb1012fa9..e0c705d31b 100644 --- a/windows/client-management/mdm/policy-csp-messaging.md +++ b/windows/client-management/mdm/policy-csp-messaging.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Messaging diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md index 8c7f783b3c..0d59b01e1b 100644 --- a/windows/client-management/mdm/policy-csp-networkisolation.md +++ b/windows/client-management/mdm/policy-csp-networkisolation.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - NetworkIsolation diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md index 1ba72d35a8..fa41ee2efb 100644 --- a/windows/client-management/mdm/policy-csp-notifications.md +++ b/windows/client-management/mdm/policy-csp-notifications.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Notifications diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md index b0b74a08f2..e70bcf9173 100644 --- a/windows/client-management/mdm/policy-csp-power.md +++ b/windows/client-management/mdm/policy-csp-power.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Power @@ -34,12 +35,12 @@ author: nickbrower cross mark - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -52,6 +53,13 @@ If you enable or do not configure this policy setting, Windows uses standby stat If you disable this policy setting, standby states (S1-S3) are not allowed. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow standby states (S1-S3) when sleeping (plugged in)* @@ -76,12 +84,12 @@ ADMX Info: cross mark - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -96,6 +104,13 @@ ADMX Info:

If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off the display (on battery)* @@ -120,12 +135,12 @@ ADMX Info: cross mark - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -140,6 +155,13 @@ ADMX Info:

If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off the display (plugged in)* @@ -164,12 +186,12 @@ ADMX Info: cross mark - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -185,6 +207,13 @@ ADMX Info:

If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Specify the system hibernate timeout (on battery)* @@ -209,12 +238,12 @@ ADMX Info: cross mark - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -229,6 +258,13 @@ ADMX Info:

If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Specify the system hibernate timeout (plugged in)* @@ -253,12 +289,12 @@ ADMX Info: cross mark - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -271,6 +307,13 @@ If you enable or do not configure this policy setting, the user is prompted for If you disable this policy setting, the user is not prompted for a password when the system resumes from sleep. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Require a password when a computer wakes (on battery)* @@ -295,12 +338,12 @@ ADMX Info: cross mark - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -313,6 +356,13 @@ If you enable or do not configure this policy setting, the user is prompted for If you disable this policy setting, the user is not prompted for a password when the system resumes from sleep. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Require a password when a computer wakes (plugged in)* @@ -337,12 +387,12 @@ ADMX Info: cross mark - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -357,6 +407,13 @@ ADMX Info:

If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Specify the system sleep timeout (on battery)* @@ -381,12 +438,12 @@ ADMX Info: cross mark - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -401,6 +458,13 @@ ADMX Info:

If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Specify the system sleep timeout (plugged in)* diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md index ac4e6f725f..a781e4217a 100644 --- a/windows/client-management/mdm/policy-csp-printers.md +++ b/windows/client-management/mdm/policy-csp-printers.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Printers @@ -34,12 +35,12 @@ author: nickbrower cross mark - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -65,6 +66,13 @@ If you disable this policy setting: -The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs). +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Point and Print Restrictions* @@ -74,7 +82,7 @@ ADMX Info: -**Printers/PointAndPrintRestrictions_User** +**Printers/PointAndPrintRestrictions_User** @@ -89,12 +97,12 @@ ADMX Info: - - - - - - + + + + + +
cross markcheck mark1check mark1check mark1check mark1check mark1check markcheck markcheck markcheck markcross markcross mark
@@ -120,6 +128,13 @@ If you disable this policy setting: -The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs). +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Point and Print Restrictions* @@ -144,12 +159,12 @@ ADMX Info: cross mark - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -164,6 +179,13 @@ If you disable this setting, this computer's shared printers cannot be published Note: This settings takes priority over the setting "Automatically publish new printers in the Active Directory". +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow printers to be published* diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index 6436a76202..64b43c3fd9 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Privacy diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md index bae354870c..536e122bb4 100644 --- a/windows/client-management/mdm/policy-csp-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-remoteassistance.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - RemoteAssistance @@ -33,13 +34,13 @@ author: nickbrower Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -58,6 +59,13 @@ If you disable this policy setting, the user sees the default warning message. If you do not configure this policy setting, the user sees the default warning message. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Customize warning messages* @@ -81,13 +89,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -102,6 +110,13 @@ If you disable this policy setting, log files are not generated. If you do not configure this setting, application-based settings are used. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn on session logging* @@ -125,13 +140,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -154,6 +169,13 @@ The "Select the method for sending email invitations" setting specifies which em If you enable this policy setting you should also enable appropriate firewall exceptions to allow Remote Assistance communications. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Configure Solicited Remote Assistance* @@ -177,13 +199,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -229,6 +251,13 @@ Port 135:TCP Allow Remote Desktop Exception +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Configure Offer Remote Assistance* diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md index c73c7a4093..242a159cc5 100644 --- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md +++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - RemoteDesktopServices @@ -33,13 +34,13 @@ author: nickbrower Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -58,6 +59,13 @@ Note: You can limit which clients are able to connect remotely by using Remote D You can limit the number of users who can connect simultaneously by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Limit number of connections, or by configuring the policy setting Maximum Connections by using the Remote Desktop Session Host WMI Provider. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow users to connect remotely by using Remote Desktop Services* @@ -81,13 +89,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -110,6 +118,13 @@ Important FIPS compliance can be configured through the System cryptography. Use FIPS compliant algorithms for encryption, hashing, and signing settings in Group Policy (under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.) The FIPS compliant setting encrypts and decrypts data sent from the client to the server and from the server to the client, with the Federal Information Processing Standard (FIPS) 140 encryption algorithms, by using Microsoft cryptographic modules. Use this encryption level when communications between clients and RD Session Host servers requires the highest level of encryption. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Set client connection encryption level* @@ -133,13 +148,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -156,6 +171,13 @@ If you disable this policy setting, client drive redirection is always allowed. If you do not configure this policy setting, client drive redirection and Clipboard file copy redirection are not specified at the Group Policy level. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Do not allow drive redirection* @@ -179,13 +201,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -198,6 +220,13 @@ If you enable this setting the password saving checkbox in Remote Desktop Connec If you disable this setting or leave it not configured, the user will be able to save passwords using Remote Desktop Connection. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Do not allow passwords to be saved* @@ -221,13 +250,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -246,6 +275,13 @@ If you disable this policy setting, users can always log on to Remote Desktop Se If you do not configure this policy setting, automatic logon is not specified at the Group Policy level. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Always prompt for password upon connection* @@ -269,13 +305,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -294,6 +330,13 @@ If the status is set to Not Configured, unsecured communication is allowed. Note: The RPC interface is used for administering and configuring Remote Desktop Services. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Require secure RPC communication* diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md index 4c0d02a0fb..4c341290fb 100644 --- a/windows/client-management/mdm/policy-csp-remotemanagement.md +++ b/windows/client-management/mdm/policy-csp-remotemanagement.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - RemoteManagement @@ -19,10 +20,40 @@ author: nickbrower ## RemoteManagement policies -**RemoteManagement/AllowBasicAuthentication_Client** +**RemoteManagement/AllowBasicAuthentication_Client** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow Basic authentication* @@ -32,10 +63,40 @@ ADMX Info: -**RemoteManagement/AllowBasicAuthentication_Service** +**RemoteManagement/AllowBasicAuthentication_Service** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow Basic authentication* @@ -45,23 +106,40 @@ ADMX Info: -**RemoteManagement/AllowCredSSPAuthenticationClient** +**RemoteManagement/AllowCredSSPAuthenticationClient** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + - -ADMX Info: -- GP english name: *Allow CredSSP authentication* -- GP name: *AllowCredSSP_1* -- GP ADMX file name: *WindowsRemoteManagement.admx* +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - - - -**RemoteManagement/AllowCredSSPAuthenticationService** +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - ADMX Info: - GP english name: *Allow CredSSP authentication* @@ -71,10 +149,83 @@ ADMX Info: -**RemoteManagement/AllowRemoteServerManagement** +**RemoteManagement/AllowCredSSPAuthenticationService** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP english name: *Allow CredSSP authentication* +- GP name: *AllowCredSSP_1* +- GP ADMX file name: *WindowsRemoteManagement.admx* + + + + +**RemoteManagement/AllowRemoteServerManagement** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow remote server management through WinRM* @@ -84,10 +235,40 @@ ADMX Info: -**RemoteManagement/AllowUnencryptedTraffic_Client** +**RemoteManagement/AllowUnencryptedTraffic_Client** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow unencrypted traffic* @@ -97,10 +278,40 @@ ADMX Info: -**RemoteManagement/AllowUnencryptedTraffic_Service** +**RemoteManagement/AllowUnencryptedTraffic_Service** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow unencrypted traffic* @@ -110,10 +321,40 @@ ADMX Info: -**RemoteManagement/DisallowDigestAuthentication** +**RemoteManagement/DisallowDigestAuthentication** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Disallow Digest authentication* @@ -123,23 +364,40 @@ ADMX Info: -**RemoteManagement/DisallowNegotiateAuthenticationClient** +**RemoteManagement/DisallowNegotiateAuthenticationClient** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + - -ADMX Info: -- GP english name: *Disallow Negotiate authentication* -- GP name: *DisallowNegotiate_1* -- GP ADMX file name: *WindowsRemoteManagement.admx* +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). - - - -**RemoteManagement/DisallowNegotiateAuthenticationService** +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). - - ADMX Info: - GP english name: *Disallow Negotiate authentication* @@ -149,10 +407,83 @@ ADMX Info: -**RemoteManagement/DisallowStoringOfRunAsCredentials** +**RemoteManagement/DisallowNegotiateAuthenticationService** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP english name: *Disallow Negotiate authentication* +- GP name: *DisallowNegotiate_1* +- GP ADMX file name: *WindowsRemoteManagement.admx* + + + + +**RemoteManagement/DisallowStoringOfRunAsCredentials** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Disallow WinRM from storing RunAs credentials* @@ -162,10 +493,40 @@ ADMX Info: -**RemoteManagement/SpecifyChannelBindingTokenHardeningLevel** +**RemoteManagement/SpecifyChannelBindingTokenHardeningLevel** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Specify channel binding token hardening level* @@ -175,10 +536,40 @@ ADMX Info: -**RemoteManagement/TrustedHosts** +**RemoteManagement/TrustedHosts** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Trusted Hosts* @@ -188,10 +579,40 @@ ADMX Info: -**RemoteManagement/TurnOnCompatibilityHTTPListener** +**RemoteManagement/TurnOnCompatibilityHTTPListener** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn On Compatibility HTTP Listener* @@ -201,10 +622,40 @@ ADMX Info: -**RemoteManagement/TurnOnCompatibilityHTTPSListener** +**RemoteManagement/TurnOnCompatibilityHTTPSListener** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn On Compatibility HTTPS Listener* diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md index 56389b3ae7..bf37731625 100644 --- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md +++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - RemoteProcedureCall @@ -33,13 +34,13 @@ author: nickbrower Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -56,6 +57,13 @@ If you do not configure this policy setting, it remains disabled. RPC clients w Note: This policy will not be applied until the system is rebooted. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Enable RPC Endpoint Mapper Client Authentication* @@ -79,13 +87,13 @@ ADMX Info: Mobile Enterprise - check mark1 - check mark1 - - check mark1 - check mark1 - check mark1 - check mark1 + cross mark + check mark + check mark + check mark + check mark + cross mark + cross mark @@ -110,6 +118,13 @@ If you enable this policy setting, it directs the RPC server runtime to restrict Note: This policy setting will not be applied until the system is rebooted. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Restrict Unauthenticated RPC clients* diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md index 08ec87e539..f495cecfad 100644 --- a/windows/client-management/mdm/policy-csp-remoteshell.md +++ b/windows/client-management/mdm/policy-csp-remoteshell.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - RemoteShell @@ -19,10 +20,40 @@ author: nickbrower ## RemoteShell policies -**RemoteShell/AllowRemoteShellAccess** +**RemoteShell/AllowRemoteShellAccess** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Allow Remote Shell Access* @@ -32,10 +63,40 @@ ADMX Info: -**RemoteShell/MaxConcurrentUsers** +**RemoteShell/MaxConcurrentUsers** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *MaxConcurrentUsers* @@ -45,10 +106,40 @@ ADMX Info: -**RemoteShell/SpecifyIdleTimeout** +**RemoteShell/SpecifyIdleTimeout** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Specify idle Timeout* @@ -58,10 +149,40 @@ ADMX Info: -**RemoteShell/SpecifyMaxMemory** +**RemoteShell/SpecifyMaxMemory** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Specify maximum amount of memory in MB per Shell* @@ -71,10 +192,40 @@ ADMX Info: -**RemoteShell/SpecifyMaxProcesses** +**RemoteShell/SpecifyMaxProcesses** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Specify maximum number of processes per Shell* @@ -84,10 +235,40 @@ ADMX Info: -**RemoteShell/SpecifyMaxRemoteShells** +**RemoteShell/SpecifyMaxRemoteShells** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Specify maximum number of remote shells per user* @@ -97,10 +278,40 @@ ADMX Info: -**RemoteShell/SpecifyShellTimeout** +**RemoteShell/SpecifyShellTimeout** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck markcheck markcheck markcheck markcross markcross mark
+ + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Specify Shell Timeout* diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index 73badec791..b4338ee741 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Search diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md index b9da338ad1..da65b16788 100644 --- a/windows/client-management/mdm/policy-csp-security.md +++ b/windows/client-management/mdm/policy-csp-security.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Security diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index aac7fdd2e4..1f0609cf32 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Settings diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md index 968712f98d..f051f86853 100644 --- a/windows/client-management/mdm/policy-csp-smartscreen.md +++ b/windows/client-management/mdm/policy-csp-smartscreen.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - SmartScreen diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md index b67d1464b7..e19e02b135 100644 --- a/windows/client-management/mdm/policy-csp-speech.md +++ b/windows/client-management/mdm/policy-csp-speech.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Speech diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index 9c3c33dc73..294d709c46 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Start diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index 7d305a13d9..fea76f9776 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Storage @@ -34,8 +35,8 @@ author: nickbrower cross mark - cross mark - + check mark + check mark check mark check mark cross mark @@ -52,6 +53,13 @@ If you enable this policy setting, Windows will not activate unactivated Enhance If you disable or do not configure this policy setting, Windows will activate unactivated Enhanced Storage devices. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Do not allow Windows to activate Enhanced Storage devices* diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index bfc21c114d..187ace6a9d 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - System @@ -419,11 +420,11 @@ author: nickbrower cross mark check mark - - check mark check mark check mark check mark + cross mark + cross mark @@ -432,6 +433,13 @@ author: nickbrower N/A +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP name: *POL_DriverLoadPolicy_Name* @@ -505,10 +513,10 @@ ADMX Info: cross mark - check mark2 - check mark2 - check mark2 - check mark2 + check mark + check mark + check mark + check mark cross mark cross mark @@ -529,6 +537,13 @@ If you disable or do not configure this policy setting, users can perform System Also, see the "Turn off System Restore configuration" policy setting. If the "Turn off System Restore" policy setting is disabled or not configured, the "Turn off System Restore configuration" policy setting is used to determine whether the option to configure System Restore is available. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off System Restore* diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index 3baa9bb071..a301e620e4 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - TextInput diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md index c3bcd16106..5aa7ed1720 100644 --- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md +++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - TimeLanguageSettings @@ -67,8 +68,8 @@ Footnote: ## TimeLanguageSettings policies supported by Microsoft Surface Hub -- [TimeLanguageSettings/Set24HourClock](#None) -- [TimeLanguageSettings/SetCountry](#None) -- [TimeLanguageSettings/SetLanguage](#None) +- [TimeLanguageSettings/Set24HourClock](#timelanguagesettings-set24hourclock) +- [TimeLanguageSettings/SetCountry](#timelanguagesettings-setcountry) +- [TimeLanguageSettings/SetLanguage](#timelanguagesettings-setlanguage) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index eb5110a19b..3681d55d6f 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Update @@ -1110,7 +1111,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego -**Update/PauseFeatureUpdatesStartTime** +**Update/PauseFeatureUpdatesStartTime** @@ -1182,7 +1183,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego -**Update/PauseQualityUpdatesStartTime** +**Update/PauseQualityUpdatesStartTime**
diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md index 61525f5b57..14181da459 100644 --- a/windows/client-management/mdm/policy-csp-wifi.md +++ b/windows/client-management/mdm/policy-csp-wifi.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - Wifi diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md index 7f6d64ab86..1562806a3e 100644 --- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md +++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 07/06/2017 +ms.date: 07/14/2017 --- # Policy CSP - WindowsDefenderSecurityCenter @@ -31,7 +31,7 @@ ms.date: 07/06/2017 - + @@ -64,7 +64,7 @@ ms.date: 07/06/2017 - + @@ -100,7 +100,7 @@ ms.date: 07/06/2017 - + @@ -139,7 +139,7 @@ ms.date: 07/06/2017 - + @@ -175,7 +175,7 @@ ms.date: 07/06/2017 - + @@ -211,7 +211,7 @@ ms.date: 07/06/2017 - + @@ -247,7 +247,7 @@ ms.date: 07/06/2017 - + @@ -283,7 +283,7 @@ ms.date: 07/06/2017 - + @@ -319,7 +319,7 @@ ms.date: 07/06/2017 - + @@ -355,7 +355,7 @@ ms.date: 07/06/2017 - + @@ -372,7 +372,7 @@ ms.date: 07/06/2017

Added in Windows 10, version 1709. The email address that is displayed to users.  The default mail application is used to initiate email actions. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display contact options. -

Value type is string. Supported operations are Add, Get, Replace and Delete. +

Value type is string. Supported operations are Add, Get, Replace and Delete. @@ -388,7 +388,7 @@ ms.date: 07/06/2017

- + @@ -409,7 +409,6 @@ ms.date: 07/06/2017 - 0 - (Disable) Notifications contain a default notification text. - 1 - (Enable) Notifications contain the company name and contact options. - @@ -425,7 +424,7 @@ ms.date: 07/06/2017 - + @@ -461,7 +460,7 @@ ms.date: 07/06/2017 - + @@ -494,7 +493,7 @@ ms.date: 07/06/2017 - + @@ -511,7 +510,17 @@ ms.date: 07/06/2017

Added in Windows 10, version 1709. The help portal URL this is displayed to users. The default browser is used to initiate this action. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then the device will not display contact options. -

Value type is Value type is string. Supported operations are Add, Get, Replace, and Delete. +

Value type is Value type is string. Supported operations are Add, Get, Replace, and Delete. - \ No newline at end of file + +

+ +Footnote: + +- 1 - Added in Windows 10, version 1607. +- 2 - Added in Windows 10, version 1703. +- 3 - Added in Windows 10, version 1709. + + + diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md index edce18a72e..aea0a2de88 100644 --- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md +++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - WindowsInkWorkspace diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index 29b2de31e3..1cacc5d9bc 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - WindowsLogon @@ -34,10 +35,10 @@ author: nickbrower - - - - + + + + @@ -52,6 +53,13 @@ If you enable this policy setting, no app notifications are displayed on the loc If you disable or do not configure this policy setting, users can choose which apps display notifications on the lock screen. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Turn off app notifications on the lock screen* @@ -76,10 +84,10 @@ ADMX Info: - - - - + + + + @@ -94,6 +102,13 @@ If you enable this policy setting, the PC's network connectivity state cannot be If you disable or don't configure this policy setting, any user can disconnect the PC from the network or can connect the PC to other available networks without signing into Windows. +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). + +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). + +> The payload of the SyncML must be XML-encoded; for this XML encoding, you can use the [Coder's Toolbox](http://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii) online tool. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + ADMX Info: - GP english name: *Do not display network selection UI* diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index ab4b3cb9d6..535bc242b7 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -6,6 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower +ms.date: 07/14/2017 --- # Policy CSP - WirelessDisplay @@ -125,7 +126,7 @@ author: nickbrower -**WirelessDisplay/AllowProjectionToPCOverInfrastructure** +**WirelessDisplay/AllowProjectionToPCOverInfrastructure**
Enterprise Education MobileMobileEnterpriseMobile Enterprise
cross markEnterprise Education MobileMobileEnterpriseMobile Enterprise
cross markEnterprise Education MobileMobileEnterpriseMobile Enterprise
cross markEnterprise Education MobileMobileEnterpriseMobile Enterprise
cross markEnterprise Education MobileMobileEnterpriseMobile Enterprise
cross markEnterprise Education MobileMobileEnterpriseMobile Enterprise
cross markEnterprise Education MobileMobileEnterpriseMobile Enterprise
cross markEnterprise Education MobileMobileEnterpriseMobile Enterprise
cross markEnterprise Education MobileMobileEnterpriseMobile Enterprise
cross markEnterprise Education MobileMobileEnterpriseMobile Enterprise
cross mark Enterprise Education MobileMobileEnterpriseMobile Enterprise
cross mark Enterprise Education MobileMobileEnterpriseMobile Enterprise
cross markEnterprise Education MobileMobileEnterpriseMobile Enterprise
cross markEnterprise Education MobileMobileEnterpriseMobile Enterprise
cross mark
cross markcheck mark1check mark1check mark1check markcheck markcheck markcheck mark cross mark cross mark
cross markcheck mark1check mark1check mark1check markcheck markcheck markcheck mark cross mark cross mark