deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #5630 from nimishasatapathy/nimishasatapathy-5400951-part2

Browse Source 
Updated
This commit is contained in:
Diana Hanson 2021-09-13 10:38:47 -06:00 committed by GitHub
commit 5b0ec6160b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 816 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
View File

@ -209,6 +209,7 @@ ms.date: 10/08/2020
- [ADMX_EAIME/L_TurnOnLexiconUpdate](./policy-csp-admx-eaime.md#admx-eaime-l-turnonlexiconupdate)
- [ADMX_EAIME/L_TurnOnLiveStickers](./policy-csp-admx-eaime.md#admx-eaime-l-turnonlivestickers)
- [ADMX_EAIME/L_TurnOnMisconversionLoggingForMisconversionReport](./policy-csp-admx-eaime.md#admx-eaime-l-turnonmisconversionloggingformisconversionreport)
- [ADMX_EventLogging/EnableProtectedEventLogging](./policy-csp-admx-eventlogging.md#admx-eventlogging-enableprotectedeventlogging)
- [ADMX_EncryptFilesonMove/NoEncryptOnMove](./policy-csp-admx-encryptfilesonmove.md#admx-encryptfilesonmove-noencryptonmove)
- [ADMX_EnhancedStorage/ApprovedEnStorDevices](./policy-csp-admx-enhancedstorage.md#admx-enhancedstorage-approvedenstordevices)
- [ADMX_EnhancedStorage/ApprovedSilos](./policy-csp-admx-enhancedstorage.md#admx-enhancedstorage-approvedsilos)
@ -268,11 +269,17 @@ ms.date: 10/08/2020
- [ADMX_EventLog/Channel_Log_Retention_2](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-retention-2)
- [ADMX_EventLog/Channel_Log_Retention_3](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-retention-3)
- [ADMX_EventLog/Channel_Log_Retention_4](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-retention-4)
- [ADMX_EventViewer/EventViewer_RedirectionProgram](./policy-csp-admx-eventviewer.md#admx-eventviewer-eventviewer_redirectionprogram)
- [ADMX_EventViewer/EventViewer_RedirectionProgramCommandLineParameters](./policy-csp-admx-eventviewer.md#admx-eventviewer-eventviewer_redirectionprogramcommandlineparameters)
- [ADMX_EventViewer/EventViewer_RedirectionURL](./policy-csp-admx-eventviewer.md#admx-eventviewer-eventviewer_redirectionurl)
- [ADMX_Explorer/AdminInfoUrl](./policy-csp-admx-explorer.md#admx-explorer-admininfourl)
- [ADMX_Explorer/AlwaysShowClassicMenu](./policy-csp-admx-explorer.md#admx-explorer-alwaysshowclassicmenu)
- [ADMX_Explorer/DisableRoamedProfileInit](./policy-csp-admx-explorer.md#admx-explorer-disableroamedprofileinit)
- [ADMX_Explorer/PreventItemCreationInUsersFilesFolder](./policy-csp-admx-explorer.md#admx-explorer-preventitemcreationinusersfilesfolder)
- [ADMX_Explorer/TurnOffSPIAnimations](./policy-csp-admx-explorer.md#admx-explorer-turnoffspianimations)
- [ADMX_ExternalBoot/PortableOperatingSystem_Hibernate](./policy-csp-admx-externalboot.md#admx-externalboot-portableoperatingsystem_hibernate)
- [ADMX_ExternalBoot/PortableOperatingSystem_Sleep](./policy-csp-admx-externalboot.md#admx-externalboot-portableoperatingsystem_sleep)
- [ADMX_ExternalBoot/PortableOperatingSystem_Launcher](./policy-csp-admx-externalboot.md#admx-externalboot-portableoperatingsystem_launcher)
- [ADMX_FileRecovery/WdiScenarioExecutionPolicy](./policy-csp-admx-filerecovery.md#admx-filerecovery-wdiscenarioexecutionpolicy)
- [ADMX_FileServerVSSProvider/Pol_EncryptProtocol](./policy-csp-admx-fileservervssprovider.md#admx-fileservervssprovider-pol-encryptprotocol)
- [ADMX_FileSys/DisableCompression](./policy-csp-admx-filesys.md#admx-filesys-disablecompression)
@ -284,6 +291,7 @@ ms.date: 10/08/2020
- [ADMX_FileSys/SymlinkEvaluation](./policy-csp-admx-filesys.md#admx-filesys-symlinkevaluation)
- [ADMX_FileSys/TxfDeprecatedFunctionality](./policy-csp-admx-filesys.md#admx-filesys-txfdeprecatedfunctionality)
- [ADMX_FileRecovery/WdiScenarioExecutionPolicy](./policy-csp-admx-filerecovery.md#admx-filerecovery-wdiscenarioexecutionpolicy)
- [ADMX_FileRevocation/DelegatedPackageFamilyNames](./policy-csp-admx-filerevocation.md#admx-filerevocation-delegatedpackagefamilynames)
- [ADMX_FolderRedirection/DisableFRAdminPin](./policy-csp-admx-folderredirection.md#admx-folderredirection-disablefradminpin)
- [ADMX_FolderRedirection/DisableFRAdminPinByFolder](./policy-csp-admx-folderredirection.md#admx-folderredirection-disablefradminpinbyfolder)
- [ADMX_FolderRedirection/FolderRedirectionEnableCacheRename](./policy-csp-admx-folderredirection.md#admx-folderredirection-folderredirectionenablecacherename)

41
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -755,6 +755,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
</dd>
</dl>
### ADMX_DnsClient policies
<dl>
@ -896,6 +897,13 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
</dd>
</dl>
### ADMX_EventLogging policies
<dl>
<dd>
<a href="./policy-csp-admx-eventlogging.md#admx-eventlogging-enableprotectedeventlogging" id="admx-eventlogging-enableprotectedeventlogging">ADMX_EventLogging/EnableProtectedEventLogging</a>
</dd>
</dl>
### ADMX_EnhancedStorage policies
<dl>
@ -1090,6 +1098,19 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
</dd>
</dl>
### ADMX_EventViewer policies
<dl>
<dd>
<a href="./policy-csp-admx-eventviewer.md#admx-eventviewer-eventviewer_redirectionprogram" id="admx-eventviewer-eventviewer_redirectionprogram">ADMX_EventViewer/EventViewer_RedirectionProgram</a>
</dd>
<dd>
<a href="./policy-csp-admx-eventviewer.md#admx-eventviewer-eventviewer_redirectionprogramcommandlineparameters" id="admx-eventviewer-eventviewer_redirectionprogramcommandlineparameters">ADMX_EventViewer/EventViewer_RedirectionProgramCommandLineParameters</a>
</dd>
<dd>
<a href="./policy-csp-admx-eventviewer.md#admx-eventviewer-eventviewer_redirectionurl" id="admx-eventviewer-eventviewer_redirectionurl">ADMX_EventViewer/EventViewer_RedirectionURL</a>
<dd>
### ADMX_Explorer policies
<dl>
@ -1110,6 +1131,19 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
</dd>
</dl>
### ADMX_ExternalBoot policies
<dl>
<dd>
<a href="./policy-csp-admx-externalboot.md#admx-externalboot-portableoperatingsystem_hibernate" id="admx-externalboot-portableoperatingsystem_hibernate">ADMX_ExternalBoot/PortableOperatingSystem_Hibernate</a>
</dd>
<a href="./policy-csp-admx-externalboot.md#admx-externalboot-portableoperatingsystem_sleep" id="admx-externalboot-portableoperatingsystem_sleep">ADMX_ExternalBoot/PortableOperatingSystem_Sleep</a>
</dd>
</dd>
<a href="./policy-csp-admx-externalboot.md#admx-externalboot-portableoperatingsystem_launcher" id="admx-externalboot-portableoperatingsystem_launcher">ADMX_ExternalBoot/PortableOperatingSystem_Launcher</a>
</dd>
<dl>
### ADMX_FileRecovery policies
<dl>
<dd>
@ -1117,6 +1151,13 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
</dd>
</dl>
### ADMX_FileRevocation policies
<dl>
<dd>
<a href="./policy-csp-admx-filerevocation.md#admx-filerevocation-delegatedpackagefamilynames" id="admx-filerevocation-delegatedpackagefamilynames">ADMX_FileRevocation/DelegatedPackageFamilyNames</a>
</dd>
</dl>
### ADMX_FileServerVSSProvider policies
<dl>
<dd>

114
windows/client-management/mdm/policy-csp-admx-eventlogging.md Normal file
View File

@ -0,0 +1,114 @@
---
title: Policy CSP - ADMX_EventLogging
description: Policy CSP - ADMX_EventLogging
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
author: nimishasatapathy
ms.date: 09/12/2021
ms.reviewer:
manager: dansimp
---
# Policy CSP - ADMX_EventLogging
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## ADMX_EventLogging policies
<dl>
<dd>
<a href="#admx-eventlogging-enableprotectedeventlogging">ADMX_EventLogging/EnableProtectedEventLogging</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="admx-eventlogging-enableprotectedeventlogging"></a>**ADMX_EventLogging/EnableProtectedEventLogging**
<!--SupportedSKUs-->
<table>
<tr>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting lets you configure Protected Event Logging.
- If you enable this policy setting, components that support it will use the certificate you supply to encrypt potentially sensitive event log data before writing it to the event log. Data will be encrypted using the Cryptographic Message Syntax (CMS) standard and the public key you provide.
You can use the Unprotect-CmsMessage PowerShell cmdlet to decrypt these encrypted messages, provided that you have access to the private key corresponding to the public key that they were encrypted with.
- If you disable or do not configure this policy setting, components will not encrypt event log messages before writing them to the event log.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP Friendly name: *Enable Protected Event Logging*
- GP name: *EnableProtectedEventLogging*
- GP path: *Windows Components\Event Logging*
- GP ADMX file name: *EventLogging.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
> [!NOTE]
> These policies are currently only available as part of a Windows Insider release.
<!--/Policies-->

256
windows/client-management/mdm/policy-csp-admx-eventviewer.md Normal file
View File

@ -0,0 +1,256 @@
---
title: Policy CSP - ADMX_EventViewer
description: Policy CSP - ADMX_EventViewer
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
author: nimishasatapathy
ms.date: 09/13/2021
ms.reviewer:
manager: dansimp
---
# Policy CSP - ADMX_EventViewer
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## ADMX_EventViewer policies
<dl>
<dd>
<a href="#admx-eventviewer-eventviewer_redirectionprogram">ADMX_EventViewer/EventViewer_RedirectionProgram</a>
</dd>
<dd>
<a href="#admx-eventviewer-eventviewer_redirectionprogramcommandlineparameters">ADMX_EventViewer_RedirectionProgramCommandLineParameters</a>
</dd>
<dd>
<a href="#admx-eventviewer-eventviewer_redirectionurl">ADMX_EventViewer/EventViewer_RedirectionURL</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="admx-eventviewer-eventviewer_redirectionprogram"></a>**ADMX_EventViewer/EventViewer_RedirectionProgram**
<!--SupportedSKUs-->
<table>
<tr>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This is the program that will be invoked when the user clicks the `events.asp` link.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP Friendly name: *Events.asp program*
- GP name: *EventViewer_RedirectionProgram*
- GP path: *Windows Components\Event Viewer*
- GP ADMX file name: *EventViewer.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-eventviewer-eventviewer_redirectionprogramcommandlineparameters"></a>**ADMX_EventViewer/EventViewer_RedirectionProgramCommandLineParameters**
<!--SupportedSKUs-->
<table>
<tr>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This specifies the command line parameters that will be passed to the `events.asp` program.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP Friendly name: *Events.asp program command line parameters*
- GP name: *EventViewer_RedirectionProgramCommandLineParameters*
- GP path: *Windows Components\Event Viewer*
- GP ADMX file name: *EventViewer.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-eventviewer-eventviewer_redirectionurl"></a>**ADMX_EventViewer/EventViewer_RedirectionURL**
<!--SupportedSKUs-->
<table>
<tr>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This is the URL that will be passed to the Description area in the Event Properties dialog box.
Change this value if you want to use a different Web server to handle event information requests.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP Friendly name: *Events.asp URL*
- GP name: *EventViewer_RedirectionURL*
- GP path: *Windows Components\Event Viewer*
- GP ADMX file name: *EventViewer.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--/Policies-->

274
windows/client-management/mdm/policy-csp-admx-externalboot.md Normal file
View File

@ -0,0 +1,274 @@
---
title: Policy CSP - ADMX_ExternalBoot
description: Policy CSP - ADMX_ExternalBoot
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: nimishasatapathy
ms.localizationpriority: medium
ms.date: 09/13/2021
ms.reviewer:
manager: dansimp
---
# Policy CSP - ADMX_ExternalBoot
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## Policy CSP - ADMX_ExternalBoot
<dl>
<dd>
<a href="#admx-externalboot-portableoperatingsystem_hibernate">ADMX_ExternalBoot/PortableOperatingSystem_Hibernate
</a>
</dd>
<dd>
<a href="#admx-externalboot-portableoperatingsystem_sleep">ADMX_ExternalBoot/PortableOperatingSystem_Sleep
</a>
</dd>
<dd>
<a href="#admx-externalboot-portableoperatingsystem_launcher">ADMX_ExternalBoot/PortableOperatingSystem_Launcher
</a>
</dd>
<dl>
<hr/>
<!--Policy-->
<a href="" id="admx-externalboot-portableoperatingsystem_hibernate"></a>**ADMX_ExternalBoot/PortableOperatingSystem_Hibernate**
<!--SupportedSKUs-->
<table>
<tr>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy specifies whether the PC can use the hibernation sleep state (S4) when started from a Windows To Go workspace.
- If you enable this setting, Windows, when started from a Windows To Go workspace, can hibernate the PC.
- If you disable or do not configure this setting, Windows, when started from a Windows To Go workspace, and cannot hibernate the PC.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP Friendly name: *Allow hibernate (S4) when starting from a Windows To Go workspace*
- GP name: *PortableOperatingSystem_Hibernate*
- GP path: *Windows Components\Portable Operating System*
- GP ADMX file name: *ExternalBoot.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-externalboot-portableoperatingsystem_sleep"></a>**ADMX_ExternalBoot/PortableOperatingSystem_Sleep**
<!--SupportedSKUs-->
<table>
<tr>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td>No</td>
<td>No</td>
<tr>
<td>Business</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy specifies whether the PC can use standby sleep states (S1-S3) when starting from a Windows To Go workspace.
If you enable this setting, Windows, when started from a Windows To Go workspace, cannot use standby states to make the PC sleep.
If you disable or do not configure this setting, Windows, when started from a Windows To Go workspace, can use standby states to make the PC sleep.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP Friendly name: *Disallow standby sleep states (S1-S3) when starting from a Windows to Go workspace*
- GP name: *PortableOperatingSystem_Sleep*
- GP path: *Windows Components\Portable Operating System*
- GP ADMX file name: *ExternalBoot.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-externalboot-portableoperatingsystem_launcher"></a>**ADMX_ExternalBoot/PortableOperatingSystem_Launcher**
<!--SupportedSKUs-->
<table>
<tr>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting controls whether the PC will boot to Windows To Go if a USB device containing a Windows To Go workspace is connected, and controls whether users can make changes using the Windows To Go Startup Options Control Panel item.
- If you enable this setting, booting to Windows To Go when a USB device is connected will be enabled, and users will not be able to make changes using the Windows To Go Startup Options Control Panel item.
- If you disable this setting, booting to Windows To Go when a USB device is connected will not be enabled unless a user configures the option manually in the BIOS or other boot order configuration.
If you do not configure this setting, users who are members of the Administrators group can make changes using the Windows To Go Startup Options Control Panel item.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP Friendly name: *Windows To Go Default Startup Options*
- GP name: *PortableOperatingSystem_Launcher*
- GP path: *Windows Components\Portable Operating System*
- GP ADMX file name: *ExternalBoot.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<!--/Policies-->

115
windows/client-management/mdm/policy-csp-admx-filerevocation.md Normal file
View File

@ -0,0 +1,115 @@
---
title: Policy CSP - ADMX_FileRevocation
description: Policy CSP - ADMX_FileRevocation
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
author: nimishasatapathy
ms.date: 09/13/2021
ms.reviewer:
manager: dansimp
---
# Policy CSP - ADMX_FileRevocation
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
<dl>
<dd>
<a href="#admx-filerevocation-delegatedpackagefamilynames">ADMX_FileRevocation/DelegatedPackageFamilyNames</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="admx-filerevocation-delegatedpackagefamilynames"></a>**ADMX_FileRevocation/DelegatedPackageFamilyNames**
<!--SupportedSKUs-->
<table>
<tr>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * User
<!--/Scope-->
<!--Description-->
Windows Runtime applications can protect content which has been associated with an enterprise identifier (EID), but can only revoke access to content it protected. To allow an application to revoke access to all content on the device that is protected by a particular enterprise, add an entry to the list on a new line that contains the enterprise identifier, separated by a comma, and the Package Family Name of the application. The EID must be an internet domain belonging to the enterprise in standard international domain name format.
Example value: `Contoso.com,ContosoIT.HumanResourcesApp_m5g0r7arhahqy`
- If you enable this policy setting, the application identified by the Package Family Name will be permitted to revoke access to all content protected using the specified EID on the device.
- If you disable or do not configure this policy setting, the only Windows Runtime applications that can revoke access to all enterprise-protected content on the device are Windows Mail and the user-selected mailto protocol handler app.
Any other Windows Runtime application will only be able to revoke access to content it protected.
> [!NOTE]
> Information the user should notice even if skimmingFile revocation applies to all content protected under the same second level domain as the provided enterprise identifier. Therefore, revoking an enterprise ID of `mail.contoso.com` will revoke the users access to all content protected under the contoso.com hierarchy.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP Friendly name: *Allow Windows Runtime apps to revoke enterprise data.*
- GP name: *DelegatedPackageFamilyNames*
- GP path: *Windows Components\File Revocation*
- GP ADMX file name: *FileRevocation.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
> [!NOTE]
> These policies are currently only available as part of a Windows Insider release.
<!--/Policies-->

8
windows/client-management/mdm/toc.yml
View File

@ -465,6 +465,8 @@ items:
href: policy-csp-admx-eaime.md
- name: ADMX_EncryptFilesonMove
href: policy-csp-admx-encryptfilesonmove.md
- name: ADMX_EventLogging
href: policy-csp-admx-eventlogging.md
- name: ADMX_EnhancedStorage
href: policy-csp-admx-enhancedstorage.md
- name: ADMX_ErrorReporting
@ -473,10 +475,16 @@ items:
href: policy-csp-admx-eventforwarding.md
- name: ADMX_EventLog
href: policy-csp-admx-eventlog.md
- name: ADMX_EventViewer
href: policy-csp-admx-eventviewer.md
- name: ADMX_Explorer
href: policy-csp-admx-explorer.md
- name: ADMX_ExternalBoot
href: policy-csp-admx-externalboot.md
- name: ADMX_FileRecovery
href: policy-csp-admx-filerecovery.md
- name: ADMX_FileRevocation
href: policy-csp-admx-filerevocation.md
- name: ADMX_FileServerVSSProvider
href: policy-csp-admx-fileservervssprovider.md
- name: ADMX_FileSys